foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-01-30 22:57:55 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

wrapper-manager/sandboxing: update comments and description

Browse Source
This commit is contained in:
Gabriel Arazas 2024-08-01 09:01:05 +08:00
parent fb7a15bdfb
commit 9428bc0472
No known key found for this signature in database
GPG Key ID: 62104B43D00AA360
3 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/wrapper-manager/sandboxing/boxxy.nix
View File

@ -38,6 +38,10 @@ let
default = cfg.package;
};
# TODO: Perhaps, consider creating a PR to upstream repo to pass a config file?
# Boxxy doesn't have a way to pass a custom configuration file so we're
# settling with this. Besides, Boxxy-launched programs can inherit the
# environment anyways so a custom config file is not needed for now.
rules = lib.mkOption {
type = with lib.types; attrsOf (submodule boxxyRuleModule);
default = { };

7
modules/wrapper-manager/sandboxing/bubblewrap/default.nix
View File

@ -7,6 +7,12 @@
# Similar to most of them, this is basically a builder for the right arguments
# to be passed to `bwrap`.
#
# Also similar to those projects, we also have a launcher (at `launcher`
# subdirectory) specializing in Bubblewrap-wrapped programs. The reasoning is
# it allows us to easily take care of things that are hard to do inside of Nix
# such as handling hardware configuration and the experience to have to do all
# of that in nixpkgs runtime shell (Bash) is a pain to develop.
#
# As already mentioned from the Bubblewrap README, we'll have to be careful for
# handling D-Bus so we'll use xdg-dbus-proxy for that.
{ config, lib, pkgs, ... }:
@ -49,6 +55,7 @@ let
in
{
imports = [
#./launcher.nix
./dbus-filter.nix
./filesystem.nix
];

4
modules/wrapper-manager/sandboxing/bubblewrap/filesystem.nix
View File

@ -62,7 +62,7 @@ let
::: {.caution}
Typically, this is not recommended especially for Bubblewrap
environments. If you want to bind some of the items from the Nix store,
it is recommended to use {option}`sharedNixPaths` instead.
it is recommended to use {option}`sandboxing.bubblewrap.sharedNixPaths` instead.
:::
'';
};
@ -71,7 +71,7 @@ let
type = with lib.types; listOf package;
default = [ ];
description = if isGlobal then ''
A global list of store paths to be shared
A global list of store paths (including its dependencies) to be shared
per-Bubblewrap-enabled-wrappers.
'' else ''
A list of store paths to be mounted (as read-only bind-mounts). Note