stockholm/lass/3modules/xjail.nix

174 lines
5 KiB
Nix
Raw Normal View History

2018-04-01 16:17:45 +02:00
{ config, pkgs, lib, ... }:
2018-03-28 21:12:53 +02:00
with import <stockholm/lib>;
{
options.lass.xjail = mkOption {
type = types.attrsOf (types.submodule ({ config, ...}: {
options = {
2018-04-01 16:17:45 +02:00
name = mkOption {
type = types.str;
2018-04-01 16:17:45 +02:00
default = config._module.args.name;
};
2018-03-28 21:12:53 +02:00
user = mkOption {
type = types.str;
2018-04-01 16:17:45 +02:00
default = config.name;
2018-03-28 21:12:53 +02:00
};
groups = mkOption {
type = types.listOf types.str;
default = [];
};
2018-04-01 16:17:45 +02:00
from = mkOption {
type = types.str;
2018-04-01 16:17:45 +02:00
default = "lass";
2018-03-28 21:12:53 +02:00
};
display = mkOption {
type = types.str;
2018-08-09 14:38:06 +02:00
default = toString (genid_uint31 config._module.args.name);
2018-03-28 21:12:53 +02:00
};
2018-04-01 16:17:45 +02:00
dpi = mkOption {
type = types.int;
default = 90;
};
extraXephyrArgs = mkOption {
type = types.str;
default = "";
};
extraVglrunArgs = mkOption {
type = types.str;
default = "";
};
2018-03-28 21:12:53 +02:00
script = mkOption {
type = types.path;
default = pkgs.writeScript "echo_lol" "echo lol";
};
2018-04-01 16:17:45 +02:00
wm = mkOption {
#TODO find type
type = types.str;
2021-11-14 09:48:08 +01:00
defaultText = "script";
2018-06-19 21:23:35 +02:00
default = "${pkgs.writeHaskellPackage "xephyrify-xmonad" {
2018-04-01 16:17:45 +02:00
executables.xmonad = {
extra-depends = [
"containers"
"unix"
"xmonad"
];
text = /* haskell */ ''
module Main where
import XMonad
import Data.Monoid
import System.Posix.Process (executeFile)
import qualified Data.Map as Map
main :: IO ()
main = do
xmonad def
{ workspaces = [ "1" ]
, layoutHook = myLayoutHook
, keys = myKeys
, normalBorderColor = "#000000"
, focusedBorderColor = "#000000"
, handleEventHook = myEventHook
}
myEventHook :: Event -> X All
myEventHook (ConfigureEvent { ev_event_type = 22 }) = do
spawn "${pkgs.xorg.xrandr}/bin/xrandr >/dev/null 2>&1"
return (All True)
myEventHook _ = do
return (All True)
myLayoutHook = Full
myKeys _ = Map.fromList []
'';
};
}}/bin/xmonad";
2018-03-28 21:12:53 +02:00
};
};
}));
default = {};
};
options.lass.xjail-bins = mkOption {
type = types.attrsOf types.path;
};
# implementation
2018-04-01 16:17:45 +02:00
config = let
scripts = mapAttrs' (name: cfg:
let
newOrExisting = pkgs.writeDash "${cfg.name}-existing" ''
DISPLAY=:${cfg.display} ${pkgs.xorg.xrandr}/bin/xrandr
if test $? -eq 0; then
echo using existing xephyr
${sudo_} "$@"
else
echo starting new xephyr
${xephyr_} "$@"
fi
'';
xephyr_ = pkgs.writeDash "${cfg.name}-xephyr" ''
${pkgs.xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable -nolisten local -dpi ${toString cfg.dpi} ${cfg.extraXephyrArgs} :${cfg.display} &
XEPHYR_PID=$!
DISPLAY=:${cfg.display} ${cfg.wm} &
WM_PID=$!
${sudo_} "$@"
${pkgs.coreutils}/bin/kill $WM_PID
${pkgs.coreutils}/bin/kill $XEPHYR_PID
'';
2018-10-23 15:47:06 +02:00
# TODO fix xephyr which doesn't honor resizes anymore
sudo_ = pkgs.writeDash "${cfg.name}-sudo" ''
2018-10-23 15:47:06 +02:00
#/var/run/wrappers/bin/sudo -u ${cfg.name} -i env DISPLAY=:${cfg.display} ${cfg.script} "$@"
${pkgs.systemd}/bin/machinectl shell -E DISPLAY=:0 --uid=${cfg.name} .host ${cfg.script} "$@"
2018-04-01 16:17:45 +02:00
'';
in nameValuePair name {
existing = newOrExisting;
xephyr = xephyr_;
sudo = sudo_;
}
) config.lass.xjail;
in {
2018-03-28 21:12:53 +02:00
users.users = mapAttrs' (_: cfg:
nameValuePair cfg.name {
2018-12-03 09:47:35 +01:00
uid = genid_uint31 cfg.name;
2018-03-28 21:12:53 +02:00
home = "/home/${cfg.name}";
useDefaultShell = true;
createHome = true;
extraGroups = cfg.groups;
2021-06-03 20:15:00 +02:00
isNormalUser = true;
2018-03-28 21:12:53 +02:00
}
) config.lass.xjail;
users.groups = mapAttrs' (_: cfg:
nameValuePair cfg.name {
members = [
cfg.name
cfg.from
];
}
) config.lass.xjail;
security.polkit.extraConfig = (concatStringsSep "\n" (mapAttrsToList (_: cfg: ''
polkit.addRule(function(action, subject) {
if (
subject.user == "${cfg.from}" &&
action.id == "org.freedesktop.machine1.host-shell" &&
action.lookup("user") == "${cfg.user}" &&
action.lookup("program") == "${cfg.script}" &&
true
) {
return polkit.Result.YES;
}
});
'') config.lass.xjail));
2018-03-28 21:12:53 +02:00
lass.xjail-bins = mapAttrs' (name: cfg:
2018-04-01 16:17:45 +02:00
nameValuePair name (pkgs.writeScriptBin cfg.name ''
2018-10-23 15:47:06 +02:00
${scripts.${name}.sudo} "$@"
2018-03-28 21:12:53 +02:00
'')
) config.lass.xjail;
};
}