diff options
| author | makefu <github@syntax-fehler.de> | 2018-04-04 15:23:44 +0200 |
|---|---|---|
| committer | makefu <github@syntax-fehler.de> | 2018-04-04 15:23:44 +0200 |
| commit | 3ed84b0b8c063a294e7cb40a786fa7a15ee0e5a4 (patch) | |
| tree | 569658ceb8fc90f640d7ce48357eb84a0383b494 /lass/2configs/browsers.nix | |
| parent | 1b740bf9ef32972f7242226699a75b39feeb18b2 (diff) | |
| parent | 1a5b58c828409ce9bf1639f3f26ebeb142e0148a (diff) | |
Merge remote-tracking branch 'lass/staging/18.03' into staging
Diffstat (limited to 'lass/2configs/browsers.nix')
| -rw-r--r-- | lass/2configs/browsers.nix | 74 |
1 files changed, 24 insertions, 50 deletions
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index cbbd54b6b..91ee08bfd 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -21,59 +21,32 @@ let $BIN "$@" ''; - createChromiumUser = name: extraGroups: precedence: - let - bin = pkgs.writeScriptBin name '' - /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ - ''; - in { - users.extraUsers.${name} = { - inherit name; - inherit extraGroups; - home = "/home/${name}"; - uid = genid name; - useDefaultShell = true; - createHome = true; + createUser = script: name: groups: precedence: dpi: + { + lass.xjail.${name} = { + inherit script groups dpi; }; + environment.systemPackages = [ config.lass.xjail-bins.${name} ]; lass.browser.paths.${name} = { - path = bin; + path = config.lass.xjail-bins.${name}; inherit precedence; }; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(${name}) NOPASSWD: ALL - ''; - environment.systemPackages = [ - bin - ]; }; - createFirefoxUser = name: extraGroups: precedence: - let - bin = pkgs.writeScriptBin name '' - /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox-devedition-bin}/bin/firefox-devedition $@ - ''; - in { - users.extraUsers.${name} = { - inherit name; - inherit extraGroups; - home = "/home/${name}"; - uid = genid name; - useDefaultShell = true; - createHome = true; - }; - lass.browser.paths.${name} = { - path = bin; - inherit precedence; - }; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(${name}) NOPASSWD: ALL - ''; - environment.systemPackages = [ - bin - ]; - }; + createChromiumUser = name: groups: precedence: + createUser (pkgs.writeDash name '' + ${pkgs.chromium}/bin/chromium "$@" + '') name groups precedence 80; + + createFirefoxUser = name: groups: precedence: + createUser (pkgs.writeDash name '' + ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@" + '') name groups precedence 80; - #TODO: abstract this + createQuteUser = name: groups: precedence: + createUser (pkgs.writeDash name '' + ${pkgs.qutebrowser}/bin/qutebrowser "$@" + '') name groups precedence 60; in { @@ -110,12 +83,13 @@ in { })); }; } + ( createQuteUser "qb" [ "audio" ] 20 ) ( createFirefoxUser "ff" [ "audio" ] 10 ) - ( createChromiumUser "cr" [ "video" "audio" ] 9 ) + ( createChromiumUser "cr" [ "audio" ] 9 ) ( createChromiumUser "gm" [ "video" "audio" ] 8 ) - ( createChromiumUser "wk" [ "video" "audio" ] 0 ) - ( createChromiumUser "fb" [ "video" "audio" ] 0 ) - ( createChromiumUser "com" [ "video" "audio" ] 0 ) + ( createChromiumUser "wk" [ "audio" ] 0 ) + ( createChromiumUser "fb" [ "audio" ] 0 ) + ( createChromiumUser "com" [ "audio" ] 0 ) ( createChromiumUser "fin" [] (-1) ) ]; } |