nix: module descriptions
test / test (push) Successful in 24s
Details
test / test (push) Successful in 24s
Details
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
parent
f8256137ae
commit
653d69da0a
|
@ -43,7 +43,7 @@ in
|
||||||
) "" cfg.users;
|
) "" cfg.users;
|
||||||
};
|
};
|
||||||
|
|
||||||
userdb.source = pkgs.runCommand "generate-userdb" { } ''
|
userdb.source = pkgs.runCommand "fortify-userdb" { } ''
|
||||||
${cfg.package}/libexec/fuserdb -o $out ${
|
${cfg.package}/libexec/fuserdb -o $out ${
|
||||||
foldlAttrs (
|
foldlAttrs (
|
||||||
acc: username: fid:
|
acc: username: fid:
|
||||||
|
|
47
options.nix
47
options.nix
|
@ -12,7 +12,7 @@ in
|
||||||
package = mkOption {
|
package = mkOption {
|
||||||
type = types.package;
|
type = types.package;
|
||||||
default = pkgs.callPackage ./package.nix { };
|
default = pkgs.callPackage ./package.nix { };
|
||||||
description = "Package providing fortify.";
|
description = "The fortify package to use.";
|
||||||
};
|
};
|
||||||
|
|
||||||
users = mkOption {
|
users = mkOption {
|
||||||
|
@ -22,7 +22,7 @@ in
|
||||||
in
|
in
|
||||||
attrsOf (ints.between 0 99);
|
attrsOf (ints.between 0 99);
|
||||||
description = ''
|
description = ''
|
||||||
Users allowed to spawn fortify apps, as well as their fortify ID value.
|
Users allowed to spawn fortify apps and their corresponding fortify fid.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -47,7 +47,7 @@ in
|
||||||
name = mkOption {
|
name = mkOption {
|
||||||
type = str;
|
type = str;
|
||||||
description = ''
|
description = ''
|
||||||
App name, typically command.
|
Name of the app's launcher script.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -70,7 +70,9 @@ in
|
||||||
extraConfig = mkOption {
|
extraConfig = mkOption {
|
||||||
type = anything;
|
type = anything;
|
||||||
default = { };
|
default = { };
|
||||||
description = "Extra home-manager configuration.";
|
description = ''
|
||||||
|
Extra home-manager configuration.
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
script = mkOption {
|
script = mkOption {
|
||||||
|
@ -86,7 +88,7 @@ in
|
||||||
default = null;
|
default = null;
|
||||||
description = ''
|
description = ''
|
||||||
Command to run as the target user.
|
Command to run as the target user.
|
||||||
Setting this to null will default command to wrapper name.
|
Setting this to null will default command to launcher name.
|
||||||
Has no effect when script is set.
|
Has no effect when script is set.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -127,25 +129,14 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
nix = mkEnableOption ''
|
nix = mkEnableOption "nix daemon access within the sandbox";
|
||||||
Whether to allow nix daemon connections from within sandbox.
|
userns = mkEnableOption "userns within the sandbox";
|
||||||
'';
|
mapRealUid = mkEnableOption "mapping to fortify's real UID within the sandbox";
|
||||||
|
dev = mkEnableOption "access to all devices within the sandbox";
|
||||||
|
|
||||||
userns = mkEnableOption ''
|
net = mkEnableOption "network access within the sandbox" // {
|
||||||
Whether to allow userns within sandbox.
|
default = true;
|
||||||
'';
|
};
|
||||||
|
|
||||||
mapRealUid = mkEnableOption ''
|
|
||||||
Whether to map to fortify's real UID within the sandbox.
|
|
||||||
'';
|
|
||||||
|
|
||||||
net =
|
|
||||||
mkEnableOption ''
|
|
||||||
Whether to allow network access within sandbox.
|
|
||||||
''
|
|
||||||
// {
|
|
||||||
default = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
gpu = mkOption {
|
gpu = mkOption {
|
||||||
type = nullOr bool;
|
type = nullOr bool;
|
||||||
|
@ -156,15 +147,11 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
dev = mkEnableOption ''
|
|
||||||
Whether to allow access to all devices within sandbox.
|
|
||||||
'';
|
|
||||||
|
|
||||||
extraPaths = mkOption {
|
extraPaths = mkOption {
|
||||||
type = listOf anything;
|
type = listOf anything;
|
||||||
default = [ ];
|
default = [ ];
|
||||||
description = ''
|
description = ''
|
||||||
Extra paths to make available inside the sandbox.
|
Extra paths to make available to the sandbox.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -213,13 +200,13 @@ in
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
default = [ ];
|
default = [ ];
|
||||||
description = "Applications managed by fortify.";
|
description = "Declarative fortify apps.";
|
||||||
};
|
};
|
||||||
|
|
||||||
stateDir = mkOption {
|
stateDir = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = ''
|
description = ''
|
||||||
The path to persistent storage where per-user state should be stored.
|
The state directory where app home directories are stored.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue