Addressing PR feedback

3 files changed, 6 insertions, 27 deletions

diff --git a/nixos/modules/services/scheduling/atd.nix b/nixos/modules/services/scheduling/atd.nix
index 9c4f8d59faa49..316ab847b3437 100644
--- a/nixos/modules/services/scheduling/atd.nix
+++ b/nixos/modules/services/scheduling/atd.nix
@@ -42,7 +42,7 @@ in
 
   config = mkIf cfg.enable {
 
-    security.permissionsWrappers.setuid = map (program: {
+    security.wrappers.setuid = map (program: {
       inherit program;
 
       source = "${pkgs.atd}/bin/${program}";
diff --git a/nixos/modules/services/scheduling/cron.nix b/nixos/modules/services/scheduling/cron.nix
index e33961658f02f..26ce3c98d67c4 100644
--- a/nixos/modules/services/scheduling/cron.nix
+++ b/nixos/modules/services/scheduling/cron.nix
@@ -20,7 +20,7 @@ let
   cronNixosPkg = pkgs.cron.override {
     # The mail.nix nixos module, if there is any local mail system enabled,
     # should have sendmail in this path.
-    sendmailPath = "/var/permissions-wrappers/sendmail";
+    sendmailPath = "/run/wrappers/sendmail";
   };
 
   allFiles =
@@ -61,7 +61,7 @@ in
           A list of Cron jobs to be appended to the system-wide
           crontab.  See the manual page for crontab for the expected
           format. If you want to get the results mailed you must setuid
-          sendmail. See <option>security.permissionsWrappers.setuid</option>
+          sendmail. See <option>security.wrappers.setuid</option>
 
           If neither /var/cron/cron.deny nor /var/cron/cron.allow exist only root
           will is allowed to have its own crontab file. The /var/cron/cron.deny file
@@ -92,21 +92,9 @@ in
   config = mkMerge [
 
     { services.cron.enable = mkDefault (allFiles != []); }
-
     (mkIf (config.services.cron.enable) {
-
-      security.permissionsWrappers.setuid =
-      [
-        { program = "crontab";
-          source  = "${pkgs.cronNixosPkg.out}/bin/crontab";
-          owner   = "root";
-          group   = "root";
-          setuid  = true;        
-        }
-      ];
-
+      security.setuidPrograms = [ "crontab" ];
       environment.systemPackages = [ cronNixosPkg ];
-
       environment.etc.crontab =
         { source = pkgs.runCommand "crontabs" { inherit allFiles; preferLocalBuild = true; }
             ''
diff --git a/nixos/modules/services/scheduling/fcron.nix b/nixos/modules/services/scheduling/fcron.nix
index 5804f0ee72f7c..f0de996224ffc 100644
--- a/nixos/modules/services/scheduling/fcron.nix
+++ b/nixos/modules/services/scheduling/fcron.nix
@@ -96,7 +96,7 @@ in
             fcronallow  =       /etc/fcron.allow
             fcrondeny   =       /etc/fcron.deny
             shell       =       /bin/sh
-            sendmail    =       /var/permissions-wrappers/sendmail
+            sendmail    =       /run/wrappers/sendmail
             editor      =       /run/current-system/sw/bin/vi
           '';
           target = "fcron.conf";
@@ -106,16 +106,7 @@ in
 
     environment.systemPackages = [ pkgs.fcron ];
 
-    security.permissionsWrappers.setuid =
-    [
-      { program = "fcrontab";
-        source  = "${pkgs.fcron.out}/bin/fcrontab";
-        owner   = "root";
-        group   = "root";
-        setuid  = true;        
-      }
-    ];
-
+    security.setuidPrograms = [ "fcrontab" ];
     systemd.services.fcron = {
       description = "fcron daemon";
       after = [ "local-fs.target" ];