From a622a1b33cb0eed2653e1fbdaef23a208e2a61b2 Mon Sep 17 00:00:00 2001 From: Max Date: Thu, 7 Jul 2022 20:42:36 +0200 Subject: [PATCH] packages/fragments-remote: sandbox --- packages/nixpak/fragments/default.nix | 18 ++++++++++++++++++ packages/nixpak/modules/gui-base.nix | 4 ++-- packages/packages.nix | 20 ++++++++++++++++++-- packages/patched-derivations.nix | 12 ------------ 4 files changed, 38 insertions(+), 16 deletions(-) create mode 100644 packages/nixpak/fragments/default.nix diff --git a/packages/nixpak/fragments/default.nix b/packages/nixpak/fragments/default.nix new file mode 100644 index 0000000..5cfeecf --- /dev/null +++ b/packages/nixpak/fragments/default.nix @@ -0,0 +1,18 @@ +{ mkNixPak, fragments }: + +mkNixPak { + config = { + imports = [ ../modules/gui-base.nix ]; + flatpak.appId = "de.haeckerfelix.Fragments"; + app.package = fragments; + dbus.policies = { + "org.freedesktop.secrets" = "talk"; + }; + bubblewrap = { + network = true; + bind.rw = [ + "$HOME/.config/fragments" + ]; + }; + }; +} \ No newline at end of file diff --git a/packages/nixpak/modules/gui-base.nix b/packages/nixpak/modules/gui-base.nix index cf5012a..86bfa32 100644 --- a/packages/nixpak/modules/gui-base.nix +++ b/packages/nixpak/modules/gui-base.nix @@ -11,9 +11,9 @@ "org.freedesktop.portal.*" = "talk"; "org.a11y.Bus" = "talk"; }; - gpu.enable = true; + gpu.enable = lib.mkDefault true; bubblewrap = { - network = false; + network = lib.mkDefault false; bind.rw = [ "$HOME/.cache/fontconfig" "$HOME/.cache/mesa_shader_cache" diff --git a/packages/packages.nix b/packages/packages.nix index 6f30afc..9b93cf0 100644 --- a/packages/packages.nix +++ b/packages/packages.nix @@ -1,5 +1,7 @@ { inputs, pkgs }: let + tools = import ./lib/tools.nix; + patch' = super: tools.patch super "patches/base/${super.pname}"; dream2nix = inputs.dream2nix.lib2.init { inherit pkgs; config = { @@ -12,10 +14,10 @@ let inherit pkgs; }; - sandbox = path: (pkgs.callPackage path {inherit mkNixPak;}).config.env; + sandbox = path: extra: (pkgs.callPackage path ({ inherit mkNixPak; } // extra)).config.env; in { - amberol = sandbox ./nixpak/amberol; + amberol = sandbox ./nixpak/amberol { }; brig = pkgs.callPackage ./tools/brig { }; @@ -25,6 +27,20 @@ in doom-one-vim = pkgs.callPackage ./vim-plugins/doom-one-vim.nix { }; + fragments-remote = let + fakeTransmission = pkgs.writeShellScriptBin "transmission-daemon" '' + exec ${pkgs.coreutils}/bin/sleep +Infinity + ''; + + app = pkgs.fragments.overrideAttrs (_: { + preFixup = '' + gappsWrapperArgs+=( + --prefix PATH : "${pkgs.lib.makeBinPath [ fakeTransmission ] }" + ) + ''; + }); + in sandbox ./nixpak/fragments { fragments = app; }; + git-remote-ipld = pkgs.callPackage ./tools/git-remote-ipld { }; hyprspace = pkgs.callPackage ./networking/hyprspace { iproute2mac = null; }; diff --git a/packages/patched-derivations.nix b/packages/patched-derivations.nix index 57430bc..e5adb32 100644 --- a/packages/patched-derivations.nix +++ b/packages/patched-derivations.nix @@ -7,18 +7,6 @@ super: rec { doas-interactive = patch-rename super.doas "doas-interactive" "patches/base/doas"; - fragments-remote = let - fakeTransmission = super.writeShellScriptBin "transmission-daemon" '' - exec ${super.coreutils}/bin/sleep +Infinity - ''; - in super.fragments.overrideAttrs (_: { - preFixup = '' - gappsWrapperArgs+=( - --prefix PATH : "${super.lib.makeBinPath [ fakeTransmission ] }" - ) - ''; - }); - lain-ipfs = patch-rename super.ipfs "lain-ipfs" "patches/base/ipfs"; gnome-control-center = patch' super.gnome.gnome-control-center;