Merge branch 'master' of ssh://git.ingolf-wagner.de:443/palo/nixos-config

configs/workhorse/graylog.nix

@@ -119,6 +119,7 @@ in {
       "2","cirtical","Critical conditions"
       "3","error","Error Condition"
       "4","warning","May indicate that an error will occur if action is not taken."
+      "4","warn","May indicate that an error will occur if action is not taken."
       "5","notice","Events that are unusual, but not error conditions."
       "6","info","Normal operational messages that require no action."
       "7","debug","Information useful to developers for debugging the application."

modules/programs/browser.nix

@@ -37,6 +37,9 @@ let
       '';
     };
 
+  killBrowser = name:
+    pkgs.writeShellScriptBin "${name}-kill" "sudo killall -9 -u ${name}";
+
   cleanBrowser = name: browser: home: homeBackup:
     let
       backupFile = "${homeBackup}.tar.lzma";
@@ -45,7 +48,7 @@ let
     in pkgs.writeShellScriptBin "${name}-clean" # sh
     ''
       sudo killall -9 -u ${name}
-      sudo rm ${lockFile}
+      sudo rm -f ${lockFile}
       sudo rm -rf ${home}
     '';
 
@@ -129,6 +132,8 @@ let
     cleanBrowser name name browserConfig.home browserConfig.homeBackup)
   filteredConfigs;
 
+  allKillScripts = mapAttrsToList (name: _: killBrowser name) cfg.configList;
+
   # browser chooser
   # ---------------
   browserSelect = pkgs.writeScriptBin "browser-select" ''
@@ -203,9 +208,15 @@ in {
     # add sudo rights
     security.sudo.extraConfig = let
       extraRules = flip mapAttrsToList cfg.configList (name: values:
-        concatStringsSep "\n"
+        concatStringsSep "" (map (sudoUser: ''
-        (map (sudoUser: "${sudoUser} ALL=(${values.user}) NOPASSWD: ALL")
+          # sudo configuration to control browser
-          values.sudoUsers));
+          ${sudoUser} ALL=(${values.user}) NOPASSWD: ALL
+          ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/mkdir -p ${values.home}
+          ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/chown -R ${values.user}\:users ${values.home}
+          ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/killall -9 -u ${name}
+          ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/rm -rf ${values.home}
+          ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/rm -f ${values.home}-lock
+        '') values.sudoUsers));
     in lib.concatStringsSep "\n" extraRules;
 
     # create users
@@ -226,7 +237,7 @@ in {
     environment.systemPackages = [ browserSelect (desktopFile browserSelect) ]
       ++ browserExecutableList
       ++ (map (bin: desktopFile bin) browserExecutableList) ++ allBackupScripts
-      ++ allCleanScripts;
+      ++ allCleanScripts ++ allKillScripts;
 
   };
 }