wrapper-manager/sandboxing: add wraparound under namespace

Each wrapper represents one... wrapper anyways so it is fine to have this. If nothing else applies, you could still make the specific sandboxing module to have its own wraparound option namespace. That practice should be discouraged though.
2025-01-31 04:58:01 +00:00 · 2024-07-29 16:39:59 +08:00 · 2024-07-29 16:39:59 +08:00 · 7ba31a2e75
commit 7ba31a2e75
parent 87f36c728d
2 changed files with 10 additions and 2 deletions
--- a/modules/wrapper-manager/sandboxing/bubblewrap/default.nix
+++ b/modules/wrapper-manager/sandboxing/bubblewrap/default.nix
@ -87,7 +87,10 @@ in
                  config.env;

              arg0 = lib.getExe' submoduleCfg.package "bwrap";
-              prependArgs = lib.mkBefore (submoduleCfg.extraArgs ++ [ "--" submoduleCfg.wraparound.executable ] ++ submoduleCfg.wraparound.extraArgs);
+              prependArgs = lib.mkBefore
+                (submoduleCfg.extraArgs
+                  ++ [ "--" config.sandboxing.wraparound.executable ]
+                  ++ config.sandboxing.wraparound.extraArgs);
            }

            (lib.mkIf submoduleCfg.enableNetwork {
--- a/modules/wrapper-manager/sandboxing/default.nix
+++ b/modules/wrapper-manager/sandboxing/default.nix
@ -7,7 +7,7 @@

  options.wrappers =
    let
-      sandboxingType = { name, lib, config, ... }: {
+      sandboxingType = { name, lib, config, options, ... }: {
        options.sandboxing = {
          variant = lib.mkOption {
            type = with lib.types; nullOr (enum []);
@ -18,6 +18,11 @@
            default = null;
            example = "bubblewrap";
          };
+
+          wraparound = {
+            executable = options.arg0;
+            extraArgs = options.extraArgs;
+          };
        };
      };
    in