3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/nixos/modules/programs/noisetorch.nix
rnhmjoj fedd7cd690
nixos: explicitely set security.wrappers ownership
This is slightly more verbose and inconvenient, but it forces you
to think about what the wrapper ownership and permissions will be.
2021-09-13 13:48:13 +02:00

28 lines
565 B
Nix

{ config, pkgs, lib, ... }:
with lib;
let cfg = config.programs.noisetorch;
in {
options.programs.noisetorch = {
enable = mkEnableOption "noisetorch + setcap wrapper";
package = mkOption {
type = types.package;
default = pkgs.noisetorch;
description = ''
The noisetorch package to use.
'';
};
};
config = mkIf cfg.enable {
security.wrappers.noisetorch = {
owner = "root";
group = "root";
capabilities = "cap_sys_resource=+ep";
source = "${cfg.package}/bin/noisetorch";
};
};
}