Remove unused require.

svn path=/nixos/branches/modular-nixos/; revision=15677
2009-05-20 15:43:31 +00:00 · 2009-05-20 15:43:31 +00:00 · 91387275ee
commit 91387275ee
parent 72e4b7e18d
1 changed files with 39 additions and 41 deletions
--- a/system/nixos-security.nix
+++ b/system/nixos-security.nix
@ -1,49 +1,47 @@
 {pkgs, config, ...}:
 let
  inherit (pkgs.lib) mergeOneOption mkOption mkIf;
 in
 {
-  require = [
+  security = {
-    {
+    setuidPrograms = mkOption {
-      security = {
+      default = [
-        setuidPrograms = mkOption {
+        "passwd" "su" "crontab" "ping" "ping6"
-          default = [
+        "fusermount" "wodim" "cdrdao" "growisofs"
-            "passwd" "su" "crontab" "ping" "ping6"
+      ];
-            "fusermount" "wodim" "cdrdao" "growisofs"
+      description = "
-          ];
+        Only the programs from system path listed her will be made setuid root
-          description = "
+        (through a wrapper program).  It's better to set
-            Only the programs from system path listed her will be made setuid root
+        <option>security.extraSetuidPrograms</option>.
-            (through a wrapper program).  It's better to set
+      ";
-            <option>security.extraSetuidPrograms</option>.
+    };
          ";
        };
-        extraSetuidPrograms = mkOption {
+    extraSetuidPrograms = mkOption {
-          default = [];
+      default = [];
-          example = ["fusermount"];
+      example = ["fusermount"];
-          description = "
+      description = "
-            This option lists additional programs that must be made setuid
+        This option lists additional programs that must be made setuid
-            root.
+        root.
-          ";
+      ";
-        };
+    };
-        setuidOwners = mkOption {
+    setuidOwners = mkOption {
-          default = [];
+      default = [];
-          example = [{
+      example = [{
-            program = "sendmail";
+        program = "sendmail";
-            owner = "nodody";
+        owner = "nodody";
-            group = "postdrop";
+        group = "postdrop";
-            setuid = false;
+        setuid = false;
-            setgid = true;
+        setgid = true;
-          }];
+      }];
-          description = ''
+      description = ''
-            List of non-trivial setuid programs from system path, like Postfix sendmail. Default 
+        List of non-trivial setuid programs from system path, like Postfix sendmail. Default 
-            should probably be nobody:nogroup:false:false - if you are bothering
+        should probably be nobody:nogroup:false:false - if you are bothering
-            doing anything with a setuid program, "root.root u+s g-s" is not what
+        doing anything with a setuid program, "root.root u+s g-s" is not what
-            you are aiming at..
+        you are aiming at..
-          '';
+      '';
-        };
+    };
-      };
+  };
    }
  ];
 }