nix: provide options for capability flags
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
parent
1906853382
commit
60e4846542
SSH Key Fingerprint:
SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
10
README.md
10
README.md
|
|
@ -75,7 +75,7 @@ This adds the `environment.fortify` option:
|
|||
chronos = {
|
||||
launchers = {
|
||||
weechat.method = "sudo";
|
||||
claws-mail.pulse = false;
|
||||
claws-mail.capability.pulse = false;
|
||||
discord = {
|
||||
command = "vesktop --ozone-platform-hint=wayland";
|
||||
share = pkgs.vesktop;
|
||||
|
|
@ -125,7 +125,13 @@ This adds the `environment.fortify` option:
|
|||
|
||||
* `command`, the command to run as the target user. Defaults to launcher name.
|
||||
|
||||
* `pulse`, whether to share the PulseAudio socket and cookie.
|
||||
* `capability.wayland`, whether to share the Wayland socket.
|
||||
|
||||
* `capability.x11`, whether to share the X11 socket and allow connection.
|
||||
|
||||
* `capability.dbus`, whether to proxy D-Bus. NOTE: this option is subject to change and should not be used
|
||||
|
||||
* `capability.pulse`, whether to share the PulseAudio socket and cookie.
|
||||
|
||||
* `share`, package containing desktop/icon files. Defaults to launcher name.
|
||||
|
||||
|
|
|
|||
49
nixos.nix
49
nixos.nix
|
|
@ -63,12 +63,38 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
pulse = mkOption {
|
||||
type = bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether to share the PulseAudio socket and cookie.
|
||||
'';
|
||||
capability = {
|
||||
wayland = mkOption {
|
||||
type = bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether to share the Wayland socket.
|
||||
'';
|
||||
};
|
||||
|
||||
x11 = mkOption {
|
||||
type = bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to share the X11 socket and allow connection.
|
||||
'';
|
||||
};
|
||||
|
||||
dbus = mkOption {
|
||||
type = bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to proxy D-Bus.
|
||||
'';
|
||||
};
|
||||
|
||||
pulse = mkOption {
|
||||
type = bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether to share the PulseAudio socket and cookie.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
share = mkOption {
|
||||
|
|
@ -164,8 +190,15 @@ in
|
|||
user: launchers:
|
||||
mapAttrsToList (
|
||||
name: launcher:
|
||||
with launcher.capability;
|
||||
let
|
||||
command = if launcher.command == null then name else launcher.command;
|
||||
capArgs =
|
||||
(if wayland then " -wayland" else "")
|
||||
+ (if x11 then " -X" else "")
|
||||
+ (if dbus then " -dbus" else "")
|
||||
+ (if pulse then " -pulse" else "")
|
||||
+ (if launcher.method == "fortify-sudo" then " -sudo" else "");
|
||||
in
|
||||
pkgs.writeShellScriptBin name (
|
||||
if launcher.method == "sudo" then
|
||||
|
|
@ -174,9 +207,7 @@ in
|
|||
''
|
||||
else
|
||||
''
|
||||
exec fortify${if launcher.pulse then " -pulse" else ""} -u ${user}${
|
||||
if launcher.method == "fortify-sudo" then " -sudo" else ""
|
||||
} ${cfg.shell} -c "exec ${command} $@"
|
||||
exec fortify${capArgs} -u ${user} ${cfg.shell} -c "exec ${command} $@"
|
||||
''
|
||||
)
|
||||
) launchers;
|
||||
|
|
|
|||
Loading…
Reference in New Issue