nix: module descriptions
test / test (push) Successful in 24s
Details
test / test (push) Successful in 24s
Details
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
parent
f8256137ae
commit
653d69da0a
SSH Key Fingerprint:
SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
|
|
@ -43,7 +43,7 @@ in
|
|||
) "" cfg.users;
|
||||
};
|
||||
|
||||
userdb.source = pkgs.runCommand "generate-userdb" { } ''
|
||||
userdb.source = pkgs.runCommand "fortify-userdb" { } ''
|
||||
${cfg.package}/libexec/fuserdb -o $out ${
|
||||
foldlAttrs (
|
||||
acc: username: fid:
|
||||
|
|
|
|||
43
options.nix
43
options.nix
|
|
@ -12,7 +12,7 @@ in
|
|||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.callPackage ./package.nix { };
|
||||
description = "Package providing fortify.";
|
||||
description = "The fortify package to use.";
|
||||
};
|
||||
|
||||
users = mkOption {
|
||||
|
|
@ -22,7 +22,7 @@ in
|
|||
in
|
||||
attrsOf (ints.between 0 99);
|
||||
description = ''
|
||||
Users allowed to spawn fortify apps, as well as their fortify ID value.
|
||||
Users allowed to spawn fortify apps and their corresponding fortify fid.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
@ -47,7 +47,7 @@ in
|
|||
name = mkOption {
|
||||
type = str;
|
||||
description = ''
|
||||
App name, typically command.
|
||||
Name of the app's launcher script.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
@ -70,7 +70,9 @@ in
|
|||
extraConfig = mkOption {
|
||||
type = anything;
|
||||
default = { };
|
||||
description = "Extra home-manager configuration.";
|
||||
description = ''
|
||||
Extra home-manager configuration.
|
||||
'';
|
||||
};
|
||||
|
||||
script = mkOption {
|
||||
|
|
@ -86,7 +88,7 @@ in
|
|||
default = null;
|
||||
description = ''
|
||||
Command to run as the target user.
|
||||
Setting this to null will default command to wrapper name.
|
||||
Setting this to null will default command to launcher name.
|
||||
Has no effect when script is set.
|
||||
'';
|
||||
};
|
||||
|
|
@ -127,23 +129,12 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
nix = mkEnableOption ''
|
||||
Whether to allow nix daemon connections from within sandbox.
|
||||
'';
|
||||
nix = mkEnableOption "nix daemon access within the sandbox";
|
||||
userns = mkEnableOption "userns within the sandbox";
|
||||
mapRealUid = mkEnableOption "mapping to fortify's real UID within the sandbox";
|
||||
dev = mkEnableOption "access to all devices within the sandbox";
|
||||
|
||||
userns = mkEnableOption ''
|
||||
Whether to allow userns within sandbox.
|
||||
'';
|
||||
|
||||
mapRealUid = mkEnableOption ''
|
||||
Whether to map to fortify's real UID within the sandbox.
|
||||
'';
|
||||
|
||||
net =
|
||||
mkEnableOption ''
|
||||
Whether to allow network access within sandbox.
|
||||
''
|
||||
// {
|
||||
net = mkEnableOption "network access within the sandbox" // {
|
||||
default = true;
|
||||
};
|
||||
|
||||
|
|
@ -156,15 +147,11 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
dev = mkEnableOption ''
|
||||
Whether to allow access to all devices within sandbox.
|
||||
'';
|
||||
|
||||
extraPaths = mkOption {
|
||||
type = listOf anything;
|
||||
default = [ ];
|
||||
description = ''
|
||||
Extra paths to make available inside the sandbox.
|
||||
Extra paths to make available to the sandbox.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
@ -213,13 +200,13 @@ in
|
|||
};
|
||||
});
|
||||
default = [ ];
|
||||
description = "Applications managed by fortify.";
|
||||
description = "Declarative fortify apps.";
|
||||
};
|
||||
|
||||
stateDir = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
The path to persistent storage where per-user state should be stored.
|
||||
The state directory where app home directories are stored.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
|||
Loading…
Reference in New Issue