From 60e48465423ded979dfe8cbb09b5635d6ee2802b Mon Sep 17 00:00:00 2001 From: Ophestra Umiker Date: Sun, 8 Sep 2024 02:45:00 +0900 Subject: [PATCH] nix: provide options for capability flags Signed-off-by: Ophestra Umiker --- README.md | 10 ++++++++-- nixos.nix | 49 ++++++++++++++++++++++++++++++++++++++++--------- 2 files changed, 48 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 7591786..8bce0f7 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,7 @@ This adds the `environment.fortify` option: chronos = { launchers = { weechat.method = "sudo"; - claws-mail.pulse = false; + claws-mail.capability.pulse = false; discord = { command = "vesktop --ozone-platform-hint=wayland"; share = pkgs.vesktop; @@ -125,7 +125,13 @@ This adds the `environment.fortify` option: * `command`, the command to run as the target user. Defaults to launcher name. - * `pulse`, whether to share the PulseAudio socket and cookie. + * `capability.wayland`, whether to share the Wayland socket. + + * `capability.x11`, whether to share the X11 socket and allow connection. + + * `capability.dbus`, whether to proxy D-Bus. NOTE: this option is subject to change and should not be used + + * `capability.pulse`, whether to share the PulseAudio socket and cookie. * `share`, package containing desktop/icon files. Defaults to launcher name. diff --git a/nixos.nix b/nixos.nix index 0fe5b71..fb48011 100644 --- a/nixos.nix +++ b/nixos.nix @@ -63,12 +63,38 @@ in ''; }; - pulse = mkOption { - type = bool; - default = true; - description = '' - Whether to share the PulseAudio socket and cookie. - ''; + capability = { + wayland = mkOption { + type = bool; + default = true; + description = '' + Whether to share the Wayland socket. + ''; + }; + + x11 = mkOption { + type = bool; + default = false; + description = '' + Whether to share the X11 socket and allow connection. + ''; + }; + + dbus = mkOption { + type = bool; + default = false; + description = '' + Whether to proxy D-Bus. + ''; + }; + + pulse = mkOption { + type = bool; + default = true; + description = '' + Whether to share the PulseAudio socket and cookie. + ''; + }; }; share = mkOption { @@ -164,8 +190,15 @@ in user: launchers: mapAttrsToList ( name: launcher: + with launcher.capability; let command = if launcher.command == null then name else launcher.command; + capArgs = + (if wayland then " -wayland" else "") + + (if x11 then " -X" else "") + + (if dbus then " -dbus" else "") + + (if pulse then " -pulse" else "") + + (if launcher.method == "fortify-sudo" then " -sudo" else ""); in pkgs.writeShellScriptBin name ( if launcher.method == "sudo" then @@ -174,9 +207,7 @@ in '' else '' - exec fortify${if launcher.pulse then " -pulse" else ""} -u ${user}${ - if launcher.method == "fortify-sudo" then " -sudo" else "" - } ${cfg.shell} -c "exec ${command} $@" + exec fortify${capArgs} -u ${user} ${cfg.shell} -c "exec ${command} $@" '' ) ) launchers;