foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-01-31 04:58:01 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

wrapper-manager/sandboxing: update comments and description

Browse Source
This commit is contained in:
Gabriel Arazas 2024-08-01 09:01:05 +08:00
parent fb7a15bdfb
commit 9428bc0472
No known key found for this signature in database
GPG Key ID: 62104B43D00AA360
3 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/wrapper-manager/sandboxing/boxxy.nix
View File

@ -38,6 +38,10 @@ let
default = cfg.package; default = cfg.package;
}; };
# TODO: Perhaps, consider creating a PR to upstream repo to pass a config file?
# Boxxy doesn't have a way to pass a custom configuration file so we're
# settling with this. Besides, Boxxy-launched programs can inherit the
# environment anyways so a custom config file is not needed for now.
rules = lib.mkOption { rules = lib.mkOption {
type = with lib.types; attrsOf (submodule boxxyRuleModule); type = with lib.types; attrsOf (submodule boxxyRuleModule);
default = { }; default = { };

7
modules/wrapper-manager/sandboxing/bubblewrap/default.nix
View File

@ -7,6 +7,12 @@
# Similar to most of them, this is basically a builder for the right arguments # Similar to most of them, this is basically a builder for the right arguments
# to be passed to `bwrap`. # to be passed to `bwrap`.
# #
# Also similar to those projects, we also have a launcher (at `launcher`
# subdirectory) specializing in Bubblewrap-wrapped programs. The reasoning is
# it allows us to easily take care of things that are hard to do inside of Nix
# such as handling hardware configuration and the experience to have to do all
# of that in nixpkgs runtime shell (Bash) is a pain to develop.
#
# As already mentioned from the Bubblewrap README, we'll have to be careful for # As already mentioned from the Bubblewrap README, we'll have to be careful for
# handling D-Bus so we'll use xdg-dbus-proxy for that. # handling D-Bus so we'll use xdg-dbus-proxy for that.
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
@ -49,6 +55,7 @@ let
in in
{ {
imports = [ imports = [
#./launcher.nix
./dbus-filter.nix ./dbus-filter.nix
./filesystem.nix ./filesystem.nix
]; ];

4
modules/wrapper-manager/sandboxing/bubblewrap/filesystem.nix
View File

@ -62,7 +62,7 @@ let
::: {.caution} ::: {.caution}
Typically, this is not recommended especially for Bubblewrap Typically, this is not recommended especially for Bubblewrap
environments. If you want to bind some of the items from the Nix store, environments. If you want to bind some of the items from the Nix store,
it is recommended to use {option}`sharedNixPaths` instead. it is recommended to use {option}`sandboxing.bubblewrap.sharedNixPaths` instead.
::: :::
''; '';
}; };
@ -71,7 +71,7 @@ let
type = with lib.types; listOf package; type = with lib.types; listOf package;
default = [ ]; default = [ ];
description = if isGlobal then '' description = if isGlobal then ''
A global list of store paths to be shared A global list of store paths (including its dependencies) to be shared
per-Bubblewrap-enabled-wrappers. per-Bubblewrap-enabled-wrappers.
'' else '' '' else ''
A list of store paths to be mounted (as read-only bind-mounts). Note A list of store paths to be mounted (as read-only bind-mounts). Note