2018-04-01 16:17:45 +02:00
|
|
|
|
{ config, pkgs, lib, ... }:
|
2018-03-28 21:12:53 +02:00
|
|
|
|
|
|
|
|
|
with import <stockholm/lib>;
|
|
|
|
|
{
|
|
|
|
|
options.lass.xjail = mkOption {
|
|
|
|
|
type = types.attrsOf (types.submodule ({ config, ...}: {
|
|
|
|
|
options = {
|
2018-04-01 16:17:45 +02:00
|
|
|
|
name = mkOption {
|
2020-04-22 16:42:14 +02:00
|
|
|
|
type = types.str;
|
2018-04-01 16:17:45 +02:00
|
|
|
|
default = config._module.args.name;
|
|
|
|
|
};
|
2018-03-28 21:12:53 +02:00
|
|
|
|
user = mkOption {
|
2020-04-22 16:42:14 +02:00
|
|
|
|
type = types.str;
|
2018-04-01 16:17:45 +02:00
|
|
|
|
default = config.name;
|
2018-03-28 21:12:53 +02:00
|
|
|
|
};
|
|
|
|
|
groups = mkOption {
|
|
|
|
|
type = types.listOf types.str;
|
|
|
|
|
default = [];
|
|
|
|
|
};
|
2018-04-01 16:17:45 +02:00
|
|
|
|
from = mkOption {
|
2020-04-22 16:42:14 +02:00
|
|
|
|
type = types.str;
|
2018-04-01 16:17:45 +02:00
|
|
|
|
default = "lass";
|
2018-03-28 21:12:53 +02:00
|
|
|
|
};
|
|
|
|
|
display = mkOption {
|
2020-04-22 16:42:14 +02:00
|
|
|
|
type = types.str;
|
2018-08-09 14:38:06 +02:00
|
|
|
|
default = toString (genid_uint31 config._module.args.name);
|
2018-03-28 21:12:53 +02:00
|
|
|
|
};
|
2018-04-01 16:17:45 +02:00
|
|
|
|
dpi = mkOption {
|
|
|
|
|
type = types.int;
|
|
|
|
|
default = 90;
|
|
|
|
|
};
|
|
|
|
|
extraXephyrArgs = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
default = "";
|
|
|
|
|
};
|
|
|
|
|
extraVglrunArgs = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
default = "";
|
|
|
|
|
};
|
2018-03-28 21:12:53 +02:00
|
|
|
|
script = mkOption {
|
|
|
|
|
type = types.path;
|
|
|
|
|
default = pkgs.writeScript "echo_lol" "echo lol";
|
|
|
|
|
};
|
2018-04-01 16:17:45 +02:00
|
|
|
|
wm = mkOption {
|
|
|
|
|
#TODO find type
|
2020-04-22 16:42:14 +02:00
|
|
|
|
type = types.str;
|
2021-11-14 09:48:08 +01:00
|
|
|
|
defaultText = "‹script›";
|
2018-06-19 21:23:35 +02:00
|
|
|
|
default = "${pkgs.writeHaskellPackage "xephyrify-xmonad" {
|
2018-04-01 16:17:45 +02:00
|
|
|
|
executables.xmonad = {
|
|
|
|
|
extra-depends = [
|
|
|
|
|
"containers"
|
|
|
|
|
"unix"
|
|
|
|
|
"xmonad"
|
|
|
|
|
];
|
|
|
|
|
text = /* haskell */ ''
|
|
|
|
|
module Main where
|
|
|
|
|
import XMonad
|
|
|
|
|
import Data.Monoid
|
|
|
|
|
import System.Posix.Process (executeFile)
|
|
|
|
|
import qualified Data.Map as Map
|
|
|
|
|
|
|
|
|
|
main :: IO ()
|
|
|
|
|
main = do
|
|
|
|
|
xmonad def
|
|
|
|
|
{ workspaces = [ "1" ]
|
|
|
|
|
, layoutHook = myLayoutHook
|
|
|
|
|
, keys = myKeys
|
|
|
|
|
, normalBorderColor = "#000000"
|
|
|
|
|
, focusedBorderColor = "#000000"
|
|
|
|
|
, handleEventHook = myEventHook
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
myEventHook :: Event -> X All
|
|
|
|
|
|
|
|
|
|
myEventHook (ConfigureEvent { ev_event_type = 22 }) = do
|
|
|
|
|
spawn "${pkgs.xorg.xrandr}/bin/xrandr >/dev/null 2>&1"
|
|
|
|
|
return (All True)
|
|
|
|
|
|
|
|
|
|
myEventHook _ = do
|
|
|
|
|
return (All True)
|
|
|
|
|
|
|
|
|
|
myLayoutHook = Full
|
|
|
|
|
myKeys _ = Map.fromList []
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
}}/bin/xmonad";
|
2018-03-28 21:12:53 +02:00
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}));
|
|
|
|
|
default = {};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
options.lass.xjail-bins = mkOption {
|
|
|
|
|
type = types.attrsOf types.path;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# implementation
|
2018-04-01 16:17:45 +02:00
|
|
|
|
config = let
|
|
|
|
|
scripts = mapAttrs' (name: cfg:
|
|
|
|
|
let
|
|
|
|
|
newOrExisting = pkgs.writeDash "${cfg.name}-existing" ''
|
|
|
|
|
DISPLAY=:${cfg.display} ${pkgs.xorg.xrandr}/bin/xrandr
|
|
|
|
|
if test $? -eq 0; then
|
|
|
|
|
echo using existing xephyr
|
|
|
|
|
${sudo_} "$@"
|
|
|
|
|
else
|
|
|
|
|
echo starting new xephyr
|
|
|
|
|
${xephyr_} "$@"
|
|
|
|
|
fi
|
|
|
|
|
'';
|
|
|
|
|
xephyr_ = pkgs.writeDash "${cfg.name}-xephyr" ''
|
|
|
|
|
${pkgs.xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable -nolisten local -dpi ${toString cfg.dpi} ${cfg.extraXephyrArgs} :${cfg.display} &
|
|
|
|
|
XEPHYR_PID=$!
|
|
|
|
|
DISPLAY=:${cfg.display} ${cfg.wm} &
|
|
|
|
|
WM_PID=$!
|
|
|
|
|
${sudo_} "$@"
|
|
|
|
|
${pkgs.coreutils}/bin/kill $WM_PID
|
|
|
|
|
${pkgs.coreutils}/bin/kill $XEPHYR_PID
|
|
|
|
|
'';
|
2018-10-23 15:47:06 +02:00
|
|
|
|
# TODO fix xephyr which doesn't honor resizes anymore
|
2022-01-24 14:34:18 +01:00
|
|
|
|
sudo_ = pkgs.writeDash "${cfg.name}-sudo" ''
|
2018-10-23 15:47:06 +02:00
|
|
|
|
#/var/run/wrappers/bin/sudo -u ${cfg.name} -i env DISPLAY=:${cfg.display} ${cfg.script} "$@"
|
2022-01-24 14:34:18 +01:00
|
|
|
|
${pkgs.systemd}/bin/machinectl shell -E DISPLAY=:0 --uid=${cfg.name} .host ${cfg.script} "$@"
|
2018-04-01 16:17:45 +02:00
|
|
|
|
'';
|
|
|
|
|
in nameValuePair name {
|
|
|
|
|
existing = newOrExisting;
|
|
|
|
|
xephyr = xephyr_;
|
|
|
|
|
sudo = sudo_;
|
|
|
|
|
}
|
|
|
|
|
) config.lass.xjail;
|
|
|
|
|
in {
|
2018-03-28 21:12:53 +02:00
|
|
|
|
|
|
|
|
|
users.users = mapAttrs' (_: cfg:
|
|
|
|
|
nameValuePair cfg.name {
|
2018-12-03 09:47:35 +01:00
|
|
|
|
uid = genid_uint31 cfg.name;
|
2018-03-28 21:12:53 +02:00
|
|
|
|
home = "/home/${cfg.name}";
|
|
|
|
|
useDefaultShell = true;
|
|
|
|
|
createHome = true;
|
|
|
|
|
extraGroups = cfg.groups;
|
2021-06-03 20:15:00 +02:00
|
|
|
|
isNormalUser = true;
|
2018-03-28 21:12:53 +02:00
|
|
|
|
}
|
|
|
|
|
) config.lass.xjail;
|
|
|
|
|
|
|
|
|
|
users.groups = mapAttrs' (_: cfg:
|
|
|
|
|
nameValuePair cfg.name {
|
|
|
|
|
members = [
|
|
|
|
|
cfg.name
|
|
|
|
|
cfg.from
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
) config.lass.xjail;
|
|
|
|
|
|
2022-01-24 14:34:18 +01:00
|
|
|
|
security.polkit.extraConfig = (concatStringsSep "\n" (mapAttrsToList (_: cfg: ''
|
|
|
|
|
polkit.addRule(function(action, subject) {
|
|
|
|
|
if (
|
|
|
|
|
subject.user == "${cfg.from}" &&
|
|
|
|
|
action.id == "org.freedesktop.machine1.host-shell" &&
|
|
|
|
|
action.lookup("user") == "${cfg.user}" &&
|
|
|
|
|
action.lookup("program") == "${cfg.script}" &&
|
|
|
|
|
true
|
|
|
|
|
) {
|
|
|
|
|
return polkit.Result.YES;
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
'') config.lass.xjail));
|
2018-03-28 21:12:53 +02:00
|
|
|
|
|
|
|
|
|
lass.xjail-bins = mapAttrs' (name: cfg:
|
2018-04-01 16:17:45 +02:00
|
|
|
|
nameValuePair name (pkgs.writeScriptBin cfg.name ''
|
2018-10-23 15:47:06 +02:00
|
|
|
|
${scripts.${name}.sudo} "$@"
|
2018-03-28 21:12:53 +02:00
|
|
|
|
'')
|
|
|
|
|
) config.lass.xjail;
|
|
|
|
|
};
|
|
|
|
|
}
|