nix: provide options for capability flags
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
parent
1906853382
commit
60e4846542
10
README.md
10
README.md
|
@ -75,7 +75,7 @@ This adds the `environment.fortify` option:
|
||||||
chronos = {
|
chronos = {
|
||||||
launchers = {
|
launchers = {
|
||||||
weechat.method = "sudo";
|
weechat.method = "sudo";
|
||||||
claws-mail.pulse = false;
|
claws-mail.capability.pulse = false;
|
||||||
discord = {
|
discord = {
|
||||||
command = "vesktop --ozone-platform-hint=wayland";
|
command = "vesktop --ozone-platform-hint=wayland";
|
||||||
share = pkgs.vesktop;
|
share = pkgs.vesktop;
|
||||||
|
@ -125,7 +125,13 @@ This adds the `environment.fortify` option:
|
||||||
|
|
||||||
* `command`, the command to run as the target user. Defaults to launcher name.
|
* `command`, the command to run as the target user. Defaults to launcher name.
|
||||||
|
|
||||||
* `pulse`, whether to share the PulseAudio socket and cookie.
|
* `capability.wayland`, whether to share the Wayland socket.
|
||||||
|
|
||||||
|
* `capability.x11`, whether to share the X11 socket and allow connection.
|
||||||
|
|
||||||
|
* `capability.dbus`, whether to proxy D-Bus. NOTE: this option is subject to change and should not be used
|
||||||
|
|
||||||
|
* `capability.pulse`, whether to share the PulseAudio socket and cookie.
|
||||||
|
|
||||||
* `share`, package containing desktop/icon files. Defaults to launcher name.
|
* `share`, package containing desktop/icon files. Defaults to launcher name.
|
||||||
|
|
||||||
|
|
37
nixos.nix
37
nixos.nix
|
@ -63,6 +63,31 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
capability = {
|
||||||
|
wayland = mkOption {
|
||||||
|
type = bool;
|
||||||
|
default = true;
|
||||||
|
description = ''
|
||||||
|
Whether to share the Wayland socket.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
x11 = mkOption {
|
||||||
|
type = bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Whether to share the X11 socket and allow connection.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
dbus = mkOption {
|
||||||
|
type = bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Whether to proxy D-Bus.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
pulse = mkOption {
|
pulse = mkOption {
|
||||||
type = bool;
|
type = bool;
|
||||||
default = true;
|
default = true;
|
||||||
|
@ -70,6 +95,7 @@ in
|
||||||
Whether to share the PulseAudio socket and cookie.
|
Whether to share the PulseAudio socket and cookie.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
share = mkOption {
|
share = mkOption {
|
||||||
type = nullOr package;
|
type = nullOr package;
|
||||||
|
@ -164,8 +190,15 @@ in
|
||||||
user: launchers:
|
user: launchers:
|
||||||
mapAttrsToList (
|
mapAttrsToList (
|
||||||
name: launcher:
|
name: launcher:
|
||||||
|
with launcher.capability;
|
||||||
let
|
let
|
||||||
command = if launcher.command == null then name else launcher.command;
|
command = if launcher.command == null then name else launcher.command;
|
||||||
|
capArgs =
|
||||||
|
(if wayland then " -wayland" else "")
|
||||||
|
+ (if x11 then " -X" else "")
|
||||||
|
+ (if dbus then " -dbus" else "")
|
||||||
|
+ (if pulse then " -pulse" else "")
|
||||||
|
+ (if launcher.method == "fortify-sudo" then " -sudo" else "");
|
||||||
in
|
in
|
||||||
pkgs.writeShellScriptBin name (
|
pkgs.writeShellScriptBin name (
|
||||||
if launcher.method == "sudo" then
|
if launcher.method == "sudo" then
|
||||||
|
@ -174,9 +207,7 @@ in
|
||||||
''
|
''
|
||||||
else
|
else
|
||||||
''
|
''
|
||||||
exec fortify${if launcher.pulse then " -pulse" else ""} -u ${user}${
|
exec fortify${capArgs} -u ${user} ${cfg.shell} -c "exec ${command} $@"
|
||||||
if launcher.method == "fortify-sudo" then " -sudo" else ""
|
|
||||||
} ${cfg.shell} -c "exec ${command} $@"
|
|
||||||
''
|
''
|
||||||
)
|
)
|
||||||
) launchers;
|
) launchers;
|
||||||
|
|
Loading…
Reference in New Issue