summaryrefslogtreecommitdiffstats
path: root/lass/3modules
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2023-03-08 19:27:59 +0100
committermakefu <github@syntax-fehler.de>2023-03-08 19:27:59 +0100
commitcaa8f83e79f7373bf234874b8614117c3f7a0710 (patch)
tree9167f06d093d44a662536aa4b5e3d32c271ccca0 /lass/3modules
parent8b4c488bff6b61e2e3ed7c75d96b161a66f5a8c4 (diff)
parent2168f3961298b661fd010add7972a86af77f81de (diff)
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass/3modules')
-rw-r--r--lass/3modules/browsers.nix94
-rw-r--r--lass/3modules/default.nix2
-rw-r--r--lass/3modules/xjail.nix173
3 files changed, 0 insertions, 269 deletions
diff --git a/lass/3modules/browsers.nix b/lass/3modules/browsers.nix
deleted file mode 100644
index 4171abdb6..000000000
--- a/lass/3modules/browsers.nix
+++ /dev/null
@@ -1,94 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-let
-
- cfg = config.lass.browser;
-
- browserScripts = {
- brave = "${pkgs.brave}/bin/brave";
- chrome = "${pkgs.google-chrome}/bin/chrome";
- chromium = "${pkgs.ungoogled-chromium}/bin/chromium";
- firefox = "${pkgs.firefox.override {
- extraNativeMessagingHosts = [ pkgs.tridactyl-native ];
- }}/bin/firefox";
- qutebrowser = "${pkgs.qutebrowser}/bin/qutebrowser";
- };
-
- browser-select = let
- sortedPaths = sort (a: b: a.value.precedence > b.value.precedence)
- (filter (x: ! x.value.hidden)
- (mapAttrsToList (name: value: { inherit name value; })
- cfg.config));
- in if (lib.length sortedPaths) > 1 then
- pkgs.writeScriptBin "browser-select" ''
- BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu)
- case $BROWSER in
- ${concatMapStringsSep "\n" (n: ''
- ${n.name})
- export BIN=${config.lass.xjail-bins.${n.name}}/bin/${n.name}
- ;;
- '') (sortedPaths)}
- esac
- $BIN "$@"
- ''
- else
- let
- name = (lib.head sortedPaths).name;
- in pkgs.writeScriptBin "browser-select" ''
- ${config.lass.xjail-bins.${name}}/bin/${name} "$@"
- ''
- ;
-
-in {
- options.lass.browser = {
- select = mkOption {
- type = types.path;
- };
- config = mkOption {
- type = types.attrsOf (types.submodule ({ config, ... }: {
- options = {
- name = mkOption {
- type = types.str;
- default = config._module.args.name;
- };
- hidden = mkOption {
- type = types.bool;
- default = false;
- };
- precedence = mkOption {
- type = types.int;
- default = 0;
- };
- user = mkOption {
- type = types.str;
- default = config._module.args.name;
- };
- browser = mkOption {
- type = types.enum (attrNames browserScripts);
- default = "brave";
- };
- groups = mkOption {
- type = types.listOf types.str;
- default = [];
- };
- };
- }));
- default = {};
- };
- };
-
- config = (mkIf (cfg.config != {}) {
- lass.xjail = mapAttrs' (name: browser:
- nameValuePair name {
- script = browserScripts.${browser.browser};
- groups = browser.groups;
- }
- ) cfg.config;
- environment.systemPackages = (map (browser:
- config.lass.xjail-bins.${browser.name}
- ) (attrValues cfg.config)) ++ [
- browser-select
- ];
- lass.browser.select = browser-select;
- });
-}
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 3a0b1306c..0e1a794ca 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -12,8 +12,6 @@ _:
./pyload.nix
./screenlock.nix
./usershadow.nix
- ./xjail.nix
./autowifi.nix
- ./browsers.nix
];
}
diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix
deleted file mode 100644
index 08a28b8e3..000000000
--- a/lass/3modules/xjail.nix
+++ /dev/null
@@ -1,173 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-with import <stockholm/lib>;
-{
- options.lass.xjail = mkOption {
- type = types.attrsOf (types.submodule ({ config, ...}: {
- options = {
- name = mkOption {
- type = types.str;
- default = config._module.args.name;
- };
- user = mkOption {
- type = types.str;
- default = config.name;
- };
- groups = mkOption {
- type = types.listOf types.str;
- default = [];
- };
- from = mkOption {
- type = types.str;
- default = "lass";
- };
- display = mkOption {
- type = types.str;
- default = toString (genid_uint31 config._module.args.name);
- };
- dpi = mkOption {
- type = types.int;
- default = 90;
- };
- extraXephyrArgs = mkOption {
- type = types.str;
- default = "";
- };
- extraVglrunArgs = mkOption {
- type = types.str;
- default = "";
- };
- script = mkOption {
- type = types.path;
- default = pkgs.writeScript "echo_lol" "echo lol";
- };
- wm = mkOption {
- #TODO find type
- type = types.str;
- defaultText = "‹script›";
- default = "${pkgs.writeHaskellPackage "xephyrify-xmonad" {
- executables.xmonad = {
- extra-depends = [
- "containers"
- "unix"
- "xmonad"
- ];
- text = /* haskell */ ''
- module Main where
- import XMonad
- import Data.Monoid
- import System.Posix.Process (executeFile)
- import qualified Data.Map as Map
-
- main :: IO ()
- main = do
- xmonad def
- { workspaces = [ "1" ]
- , layoutHook = myLayoutHook
- , keys = myKeys
- , normalBorderColor = "#000000"
- , focusedBorderColor = "#000000"
- , handleEventHook = myEventHook
- }
-
- myEventHook :: Event -> X All
-
- myEventHook (ConfigureEvent { ev_event_type = 22 }) = do
- spawn "${pkgs.xorg.xrandr}/bin/xrandr >/dev/null 2>&1"
- return (All True)
-
- myEventHook _ = do
- return (All True)
-
- myLayoutHook = Full
- myKeys _ = Map.fromList []
- '';
- };
- }}/bin/xmonad";
- };
- };
- }));
- default = {};
- };
-
- options.lass.xjail-bins = mkOption {
- type = types.attrsOf types.path;
- };
-
- # implementation
- config = let
- scripts = mapAttrs' (name: cfg:
- let
- newOrExisting = pkgs.writeDash "${cfg.name}-existing" ''
- DISPLAY=:${cfg.display} ${pkgs.xorg.xrandr}/bin/xrandr
- if test $? -eq 0; then
- echo using existing xephyr
- ${sudo_} "$@"
- else
- echo starting new xephyr
- ${xephyr_} "$@"
- fi
- '';
- xephyr_ = pkgs.writeDash "${cfg.name}-xephyr" ''
- ${pkgs.xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable -nolisten local -dpi ${toString cfg.dpi} ${cfg.extraXephyrArgs} :${cfg.display} &
- XEPHYR_PID=$!
- DISPLAY=:${cfg.display} ${cfg.wm} &
- WM_PID=$!
- ${sudo_} "$@"
- ${pkgs.coreutils}/bin/kill $WM_PID
- ${pkgs.coreutils}/bin/kill $XEPHYR_PID
- '';
- # TODO fix xephyr which doesn't honor resizes anymore
- sudo_ = pkgs.writeDash "${cfg.name}-sudo" ''
- #/var/run/wrappers/bin/sudo -u ${cfg.name} -i env DISPLAY=:${cfg.display} ${cfg.script} "$@"
- ${pkgs.systemd}/bin/machinectl shell -E DISPLAY=:0 --uid=${cfg.name} .host ${cfg.script} "$@"
- '';
- in nameValuePair name {
- existing = newOrExisting;
- xephyr = xephyr_;
- sudo = sudo_;
- }
- ) config.lass.xjail;
- in {
-
- users.users = mapAttrs' (_: cfg:
- nameValuePair cfg.name {
- uid = genid_uint31 cfg.name;
- home = "/home/${cfg.name}";
- useDefaultShell = true;
- createHome = true;
- extraGroups = cfg.groups;
- isNormalUser = true;
- }
- ) config.lass.xjail;
-
- users.groups = mapAttrs' (_: cfg:
- nameValuePair cfg.name {
- members = [
- cfg.name
- cfg.from
- ];
- }
- ) config.lass.xjail;
-
- security.polkit.extraConfig = (concatStringsSep "\n" (mapAttrsToList (_: cfg: ''
- polkit.addRule(function(action, subject) {
- if (
- subject.user == "${cfg.from}" &&
- action.id == "org.freedesktop.machine1.host-shell" &&
- action.lookup("user") == "${cfg.user}" &&
- action.lookup("program") == "${cfg.script}" &&
- true
- ) {
- return polkit.Result.YES;
- }
- });
- '') config.lass.xjail));
-
- lass.xjail-bins = mapAttrs' (name: cfg:
- nameValuePair name (pkgs.writeScriptBin cfg.name ''
- ${scripts.${name}.sudo} "$@"
- '')
- ) config.lass.xjail;
- };
-}