nixos/security/wrappers: use fixed defaults · pyrox.dev/nixpkgs@22004f7

lol

nixos/security/wrappers: use fixed defaults

To keep backward compatibility and have a typing would require making
all options null by default, adding a defaultText containing the actual
value, write the default value logic based on `!= null` and replacing
the nulls laters. This pretty much defeats the point of having used
a submodule type.

rnhmjoj 4 years ago 22004f7e 904f68fb

+10 -25

1 changed file

expand all

nixos

modules

security

wrappers

default.nix

+10 -25

nixos/modules/security/wrappers/default.nix

··· 33 33 }; 34 34 options.owner = lib.mkOption 35 35 { type = lib.types.str; 36 - default = with config; 37 - if (capabilities != "") || !(setuid || setgid || permissions != null) 38 - then "root" 39 - else "nobody"; 40 - description = '' 41 - The owner of the wrapper program. Defaults to <literal>root</literal> 42 - if any capability is set and setuid/setgid/permissions are not, otherwise to 43 - <literal>nobody</litera>. 44 - ''; 36 + default = "root"; 37 + description = "The owner of the wrapper program."; 45 38 }; 46 39 options.group = lib.mkOption 47 40 { type = lib.types.str; 48 - default = with config; 49 - if (capabilities != "") || !(setuid || setgid || permissions != null) 50 - then "root" 51 - else "nogroup"; 52 - description = '' 53 - The group of the wrapper program. Defaults to <literal>root</literal> 54 - if any capability is set and setuid/setgid/permissions are not, 55 - otherwise to <literal>nogroup</litera>. 56 - ''; 41 + default = "root"; 42 + description = "The group of the wrapper program."; 57 43 }; 58 44 options.permissions = lib.mkOption 59 - { type = lib.types.nullOr fileModeType; 60 - default = null; 61 - example = "u+rx,g+x,o+x"; 62 - apply = x: if x == null then "u+rx,g+x,o+x" else x; 45 + { type = fileModeType; 46 + default = "u+rx,g+x,o+x"; 47 + example = "a+rx"; 63 48 description = '' 64 49 The permissions of the wrapper program. The format is that of a 65 50 symbolic or numeric file mode understood by <command>chmod</command>. ··· 89 74 }; 90 75 options.setuid = lib.mkOption 91 76 { type = lib.types.bool; 92 - default = false; 77 + default = true; 93 78 description = "Whether to add the setuid bit the wrapper program."; 94 79 }; 95 80 options.setgid = lib.mkOption ··· 153 138 builtins.map 154 139 (opts: 155 140 if opts.capabilities != "" 156 - then mkSetcapProgram opts 157 - else mkSetuidProgram opts 141 + then mkSetcapProgram opts 142 + else mkSetuidProgram opts 158 143 ) (lib.attrValues wrappers); 159 144 in 160 145 {