nix: module descriptions
test / test (push) Successful in 24s Details

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
Ophestra Umiker 2024-11-19 18:10:57 +09:00
parent f8256137ae
commit 653d69da0a
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
2 changed files with 18 additions and 31 deletions

View File

@ -43,7 +43,7 @@ in
) "" cfg.users; ) "" cfg.users;
}; };
userdb.source = pkgs.runCommand "generate-userdb" { } '' userdb.source = pkgs.runCommand "fortify-userdb" { } ''
${cfg.package}/libexec/fuserdb -o $out ${ ${cfg.package}/libexec/fuserdb -o $out ${
foldlAttrs ( foldlAttrs (
acc: username: fid: acc: username: fid:

View File

@ -12,7 +12,7 @@ in
package = mkOption { package = mkOption {
type = types.package; type = types.package;
default = pkgs.callPackage ./package.nix { }; default = pkgs.callPackage ./package.nix { };
description = "Package providing fortify."; description = "The fortify package to use.";
}; };
users = mkOption { users = mkOption {
@ -22,7 +22,7 @@ in
in in
attrsOf (ints.between 0 99); attrsOf (ints.between 0 99);
description = '' description = ''
Users allowed to spawn fortify apps, as well as their fortify ID value. Users allowed to spawn fortify apps and their corresponding fortify fid.
''; '';
}; };
@ -47,7 +47,7 @@ in
name = mkOption { name = mkOption {
type = str; type = str;
description = '' description = ''
App name, typically command. Name of the app's launcher script.
''; '';
}; };
@ -70,7 +70,9 @@ in
extraConfig = mkOption { extraConfig = mkOption {
type = anything; type = anything;
default = { }; default = { };
description = "Extra home-manager configuration."; description = ''
Extra home-manager configuration.
'';
}; };
script = mkOption { script = mkOption {
@ -86,7 +88,7 @@ in
default = null; default = null;
description = '' description = ''
Command to run as the target user. Command to run as the target user.
Setting this to null will default command to wrapper name. Setting this to null will default command to launcher name.
Has no effect when script is set. Has no effect when script is set.
''; '';
}; };
@ -127,25 +129,14 @@ in
''; '';
}; };
nix = mkEnableOption '' nix = mkEnableOption "nix daemon access within the sandbox";
Whether to allow nix daemon connections from within sandbox. userns = mkEnableOption "userns within the sandbox";
''; mapRealUid = mkEnableOption "mapping to fortify's real UID within the sandbox";
dev = mkEnableOption "access to all devices within the sandbox";
userns = mkEnableOption '' net = mkEnableOption "network access within the sandbox" // {
Whether to allow userns within sandbox. default = true;
''; };
mapRealUid = mkEnableOption ''
Whether to map to fortify's real UID within the sandbox.
'';
net =
mkEnableOption ''
Whether to allow network access within sandbox.
''
// {
default = true;
};
gpu = mkOption { gpu = mkOption {
type = nullOr bool; type = nullOr bool;
@ -156,15 +147,11 @@ in
''; '';
}; };
dev = mkEnableOption ''
Whether to allow access to all devices within sandbox.
'';
extraPaths = mkOption { extraPaths = mkOption {
type = listOf anything; type = listOf anything;
default = [ ]; default = [ ];
description = '' description = ''
Extra paths to make available inside the sandbox. Extra paths to make available to the sandbox.
''; '';
}; };
@ -213,13 +200,13 @@ in
}; };
}); });
default = [ ]; default = [ ];
description = "Applications managed by fortify."; description = "Declarative fortify apps.";
}; };
stateDir = mkOption { stateDir = mkOption {
type = types.str; type = types.str;
description = '' description = ''
The path to persistent storage where per-user state should be stored. The state directory where app home directories are stored.
''; '';
}; };
}; };