Merge branch 'master' of ssh://git.ingolf-wagner.de:443/palo/nixos-config

2020-10-18 22:31:59 +02:00 · 2020-10-18 22:31:59 +02:00 · 60d9482999
parent f9204c1f0a 269b48b6d6
commit 60d9482999
2 changed files with 17 additions and 5 deletions
--- a/configs/workhorse/graylog.nix
+++ b/configs/workhorse/graylog.nix
@ -119,6 +119,7 @@ in {
      "2","cirtical","Critical conditions"
      "3","error","Error Condition"
      "4","warning","May indicate that an error will occur if action is not taken."
+      "4","warn","May indicate that an error will occur if action is not taken."
      "5","notice","Events that are unusual, but not error conditions."
      "6","info","Normal operational messages that require no action."
      "7","debug","Information useful to developers for debugging the application."
--- a/modules/programs/browser.nix
+++ b/modules/programs/browser.nix
@ -37,6 +37,9 @@ let
      '';
    };

+  killBrowser = name:
+    pkgs.writeShellScriptBin "${name}-kill" "sudo killall -9 -u ${name}";
+
  cleanBrowser = name: browser: home: homeBackup:
    let
      backupFile = "${homeBackup}.tar.lzma";
@ -45,7 +48,7 @@ let
    in pkgs.writeShellScriptBin "${name}-clean" # sh
    ''
      sudo killall -9 -u ${name}
-      sudo rm ${lockFile}
+      sudo rm -f ${lockFile}
      sudo rm -rf ${home}
    '';

@ -129,6 +132,8 @@ let
    cleanBrowser name name browserConfig.home browserConfig.homeBackup)
  filteredConfigs;

+  allKillScripts = mapAttrsToList (name: _: killBrowser name) cfg.configList;
+
  # browser chooser
  # ---------------
  browserSelect = pkgs.writeScriptBin "browser-select" ''
@ -203,9 +208,15 @@ in {
    # add sudo rights
    security.sudo.extraConfig = let
      extraRules = flip mapAttrsToList cfg.configList (name: values:
-        concatStringsSep "\n"
-        (map (sudoUser: "${sudoUser} ALL=(${values.user}) NOPASSWD: ALL")
-          values.sudoUsers));
+        concatStringsSep "" (map (sudoUser: ''
+          # sudo configuration to control browser
+          ${sudoUser} ALL=(${values.user}) NOPASSWD: ALL
+          ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/mkdir -p ${values.home}
+          ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/chown -R ${values.user}\:users ${values.home}
+          ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/killall -9 -u ${name}
+          ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/rm -rf ${values.home}
+          ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/rm -f ${values.home}-lock
+        '') values.sudoUsers));
    in lib.concatStringsSep "\n" extraRules;

    # create users
@ -226,7 +237,7 @@ in {
    environment.systemPackages = [ browserSelect (desktopFile browserSelect) ]
      ++ browserExecutableList
      ++ (map (bin: desktopFile bin) browserExecutableList) ++ allBackupScripts
-      ++ allCleanScripts;
+      ++ allCleanScripts ++ allKillScripts;

  };
 }