packages/fragments-remote: sandbox

2022-07-07 20:42:36 +02:00 · 2022-07-07 20:42:36 +02:00 · a622a1b33c
commit a622a1b33c
parent 77d44a6329
4 changed files with 38 additions and 16 deletions
--- a/packages/nixpak/fragments/default.nix
+++ b/packages/nixpak/fragments/default.nix
@ -0,0 +1,18 @@
+{ mkNixPak, fragments }:
+
+mkNixPak {
+  config = {
+    imports = [ ../modules/gui-base.nix ];
+    flatpak.appId = "de.haeckerfelix.Fragments";
+    app.package = fragments;
+    dbus.policies = {
+      "org.freedesktop.secrets" = "talk";
+    };
+    bubblewrap = {
+      network = true;
+      bind.rw = [
+        "$HOME/.config/fragments"
+      ];
+    };
+  };
+}
--- a/packages/nixpak/modules/gui-base.nix
+++ b/packages/nixpak/modules/gui-base.nix
@ -11,9 +11,9 @@
      "org.freedesktop.portal.*" = "talk";
      "org.a11y.Bus" = "talk";
    };
-    gpu.enable = true;
+    gpu.enable = lib.mkDefault true;
    bubblewrap = {
-      network = false;
+      network = lib.mkDefault false;
      bind.rw = [
        "$HOME/.cache/fontconfig"
        "$HOME/.cache/mesa_shader_cache"
--- a/packages/packages.nix
+++ b/packages/packages.nix
@ -1,5 +1,7 @@
 { inputs, pkgs }:
 let
+  tools = import ./lib/tools.nix;
+  patch' = super: tools.patch super "patches/base/${super.pname}";
  dream2nix = inputs.dream2nix.lib2.init {
    inherit pkgs;
    config = {
@ -12,10 +14,10 @@ let
    inherit pkgs;
  };

-  sandbox = path: (pkgs.callPackage path {inherit mkNixPak;}).config.env;
+  sandbox = path: extra: (pkgs.callPackage path ({ inherit mkNixPak; } // extra)).config.env;
 in
 {
-  amberol = sandbox ./nixpak/amberol;
+  amberol = sandbox ./nixpak/amberol { };

  brig = pkgs.callPackage ./tools/brig { };

@ -25,6 +27,20 @@ in
  
  doom-one-vim = pkgs.callPackage ./vim-plugins/doom-one-vim.nix { };

+  fragments-remote = let
+    fakeTransmission = pkgs.writeShellScriptBin "transmission-daemon" ''
+      exec ${pkgs.coreutils}/bin/sleep +Infinity
+    '';
+
+    app = pkgs.fragments.overrideAttrs (_: {
+      preFixup = ''
+        gappsWrapperArgs+=(
+          --prefix PATH : "${pkgs.lib.makeBinPath [ fakeTransmission ] }"
+        )
+      '';
+    });
+  in sandbox ./nixpak/fragments { fragments = app; };
+
  git-remote-ipld = pkgs.callPackage ./tools/git-remote-ipld { };

  hyprspace = pkgs.callPackage ./networking/hyprspace { iproute2mac = null; };
--- a/packages/patched-derivations.nix
+++ b/packages/patched-derivations.nix
@ -7,18 +7,6 @@ super: rec {

  doas-interactive = patch-rename super.doas "doas-interactive" "patches/base/doas";

-  fragments-remote = let
-    fakeTransmission = super.writeShellScriptBin "transmission-daemon" ''
-      exec ${super.coreutils}/bin/sleep +Infinity
-    '';
-  in super.fragments.overrideAttrs (_: {
-    preFixup = ''
-      gappsWrapperArgs+=(
-        --prefix PATH : "${super.lib.makeBinPath [ fakeTransmission ] }"
-      )
-    '';
-  });
-
  lain-ipfs = patch-rename super.ipfs "lain-ipfs" "patches/base/ipfs";

  gnome-control-center = patch' super.gnome.gnome-control-center;