26 lines
534 B
Nix
26 lines
534 B
Nix
{ lib, config, ... }:
|
|
let
|
|
inherit (lib) types mkIf mkDefault;
|
|
in
|
|
{
|
|
options.systemd.services = lib.mkOption {
|
|
type =
|
|
let
|
|
osConfig = config;
|
|
in
|
|
types.attrsOf (
|
|
lib.types.submodule {
|
|
config.serviceConfig = mkIf (osConfig.specialisation != { }) {
|
|
RestrictSUIDSGID = mkDefault true;
|
|
};
|
|
}
|
|
|
|
);
|
|
};
|
|
|
|
config = mkIf (config.specialisation != { }) {
|
|
systemd.services = {
|
|
suid-sgid-wrappers.serviceConfig.RestrictSUIDSGID = false;
|
|
};
|
|
};
|
|
}
|