From 2e019e48c1c9c5d01c7740797d0c1420888d6872 Mon Sep 17 00:00:00 2001 From: Ophestra Umiker Date: Sat, 12 Oct 2024 19:46:07 +0900 Subject: [PATCH] app: supply template config Signed-off-by: Ophestra Umiker --- internal/app/config.go | 57 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/internal/app/config.go b/internal/app/config.go index 550bc7c..ca3133c 100644 --- a/internal/app/config.go +++ b/internal/app/config.go @@ -89,3 +89,60 @@ func (s *SandboxConfig) Bwrap() *bwrap.Config { return conf } + +// Template returns a fully populated instance of Config. +func Template() *Config { + return &Config{ + ID: "org.chromium.Chromium", + User: "chronos", + Command: []string{ + "chromium", + "--ignore-gpu-blocklist", + "--disable-smooth-scrolling", + "--enable-features=UseOzonePlatform", + "--ozone-platform=wayland", + }, + Method: "sudo", + Confinement: ConfinementConfig{ + Sandbox: &SandboxConfig{ + Hostname: "localhost", + UserNS: true, + Net: true, + NoNewSession: true, + Wayland: false, + UID: 150, + GID: 101, + // example API credentials pulled from Google Chrome + // DO NOT USE THESE IN A REAL BROWSER + Env: map[string]string{ + "GOOGLE_API_KEY": "AIzaSyBHDrl33hwRp4rMQY0ziRbj8K9LPA6vUCY", + "GOOGLE_DEFAULT_CLIENT_ID": "77185425430.apps.googleusercontent.com", + "GOOGLE_DEFAULT_CLIENT_SECRET": "OTJgUOQcT7lO7GsGZq2G4IlT", + }, + Bind: [][2]string{{"/sdcard", "/sdcard"}, {"/var/tmp", "/var/tmp"}}, + ROBind: [][2]string{{"/nix", "/nix"}}, + }, + SystemBus: &dbus.Config{ + See: nil, + Talk: []string{"org.bluez", "org.freedesktop.Avahi", "org.freedesktop.UPower"}, + Own: nil, + Call: nil, + Broadcast: nil, + Log: false, + Filter: true, + }, + SessionBus: &dbus.Config{ + See: nil, + Talk: []string{"org.freedesktop.Notifications", "org.freedesktop.FileManager1", "org.freedesktop.ScreenSaver", + "org.freedesktop.secrets", "org.kde.kwalletd5", "org.kde.kwalletd6", "org.gnome.SessionManager"}, + Own: []string{"org.chromium.Chromium.*", "org.mpris.MediaPlayer2.org.chromium.Chromium.*", + "org.mpris.MediaPlayer2.chromium.*"}, + Call: map[string]string{"org.freedesktop.portal.*": "*"}, + Broadcast: map[string]string{"org.freedesktop.portal.*": "@/org/freedesktop/portal/*"}, + Log: false, + Filter: true, + }, + Enablements: state.EnableWayland.Mask() | state.EnableDBus.Mask() | state.EnablePulse.Mask(), + }, + } +}