foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-02-07 18:19:09 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

wrapper-manager/sandboxing/bubblewrap: add option to bundle certificates from nixpkgs

Browse Source
This commit is contained in:
Gabriel Arazas 2024-08-06 11:00:00 +08:00
parent a6c8213d57
commit 5773481ce0
No known key found for this signature in database
GPG Key ID: 62104B43D00AA360
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/wrapper-manager/sandboxing/bubblewrap/default.nix
View File

@ -44,6 +44,10 @@ let
default = if isGlobal then true else cfg.enableNetwork; default = if isGlobal then true else cfg.enableNetwork;
}; };
enableBundledCertificates = lib.mkEnableOption "bundling additional certificates from nixpkgs" // {
default = if isGlobal then true else cfg.enableBundledCertificates;
};
enableIsolation = lib.mkEnableOption "unsharing most of the system" // { enableIsolation = lib.mkEnableOption "unsharing most of the system" // {
default = if isGlobal then true else cfg.enableIsolation; default = if isGlobal then true else cfg.enableIsolation;
}; };
@ -106,6 +110,10 @@ in
]; ];
}) })
(lib.mkIf submoduleCfg.enableBundledCertificates {
sandboxing.bubblewrap.sharedNixPaths = [ pkgs.cacert ];
})
(lib.mkIf submoduleCfg.enableIsolation { (lib.mkIf submoduleCfg.enableIsolation {
sandboxing.bubblewrap.extraArgs = lib.mkBefore [ "--unshare-all" ]; sandboxing.bubblewrap.extraArgs = lib.mkBefore [ "--unshare-all" ];
}) })