summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/aergia/config.nix5
-rw-r--r--lass/1systems/coaxmetal/config.nix6
-rw-r--r--lass/2configs/browsers.nix14
-rw-r--r--lass/2configs/xdg-open.nix26
-rw-r--r--lass/3modules/browsers.nix94
-rw-r--r--lass/3modules/default.nix2
-rw-r--r--lass/3modules/xjail.nix173
7 files changed, 18 insertions, 302 deletions
diff --git a/lass/1systems/aergia/config.nix b/lass/1systems/aergia/config.nix
index af88a0260..6992db4a5 100644
--- a/lass/1systems/aergia/config.nix
+++ b/lass/1systems/aergia/config.nix
@@ -48,11 +48,6 @@
};
hardware.pulseaudio.package = pkgs.pulseaudioFull;
- lass.browser.config = {
- fy = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; };
- qt = { browser = "qutebrowser"; groups = [ "audio" "video" ]; hidden = true; };
- };
-
nix.trustedUsers = [ "root" "lass" ];
# nix.extraOptions = ''
diff --git a/lass/1systems/coaxmetal/config.nix b/lass/1systems/coaxmetal/config.nix
index 2c88b68cc..1df56f591 100644
--- a/lass/1systems/coaxmetal/config.nix
+++ b/lass/1systems/coaxmetal/config.nix
@@ -54,12 +54,6 @@
};
hardware.pulseaudio.package = pkgs.pulseaudioFull;
- lass.browser.config = {
- dc = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; };
- ff = { browser = "firefox"; groups = [ "audio" "video" ]; hidden = true; };
- fy = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; };
- };
-
nix.trustedUsers = [ "root" "lass" ];
services.tor = {
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index 00a5d2db0..ea6fb644b 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -1,12 +1,8 @@
{ config, lib, pkgs, ... }:
{
- lass.browser.config = {
- cr = { groups = [ "audio" "video" ]; precedence = 9; };
- };
- programs.chromium = {
- enable = true;
- extensions = [
- "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
- ];
- };
+ programs.firefox.nativeMessagingHosts.tridactyl = true;
+ environment.variables.BROWSER = "${pkgs.firefox}/bin/firefox";
+ environment.systemPackages = [
+ pkgs.firefox
+ ];
}
diff --git a/lass/2configs/xdg-open.nix b/lass/2configs/xdg-open.nix
index 88ea7ba59..02c551a2b 100644
--- a/lass/2configs/xdg-open.nix
+++ b/lass/2configs/xdg-open.nix
@@ -1,12 +1,13 @@
{ config, pkgs, lib, ... }: with import <stockholm/lib>; let
xdg-open-wrapper = pkgs.writeDashBin "xdg-open" ''
- /run/wrappers/bin/sudo -u lass ${xdg-open} "$@"
+ exec ${xdg-open}/bin/xdg-open "$@" >> /tmp/xdg-debug.log 2>&1
'';
- xdg-open = pkgs.writeBash "xdg-open" ''
- set -e
+ xdg-open = pkgs.writeBashBin "xdg-open" ''
+ set -xe
FILE="$1"
+ PATH=/run/current-system/sw/bin
mime=
case "$FILE" in
@@ -35,15 +36,13 @@
case "$mime" in
special/mailaddress)
- urxvtc --execute vim "$FILE" ;;
- ${optionalString (hasAttr "browser" config.lass) ''
+ alacritty --execute vim "$FILE" ;;
text/html)
- ${config.lass.browser.select}/bin/browser-select "$FILE" ;;
+ firefox "$FILE" ;;
text/xml)
- ${config.lass.browser.select}/bin/browser-select "$FILE" ;;
- ''}
+ firefox "$FILE" ;;
text/*)
- urxvtc --execute vim "$FILE" ;;
+ alacritty --execute vim "$FILE" ;;
image/*)
sxiv "$FILE" ;;
application/x-bittorrent)
@@ -51,17 +50,18 @@
application/pdf)
zathura "$FILE" ;;
inode/directory)
- sudo -u lass -i urxvtc --execute mc "$FILE" ;;
+ alacritty --execute mc "$FILE" ;;
*)
# open dmenu and ask for program to open with
- $(dmenu_path | dmenu) "$FILE";;
+ runner=$(print -rC1 -- ''${(ko)commands} | dmenu)
+ exec $runner "$FILE";;
esac
'';
in {
environment.systemPackages = [ xdg-open-wrapper ];
security.sudo.extraConfig = ''
- cr ALL=(lass) NOPASSWD: ${xdg-open} *
- ff ALL=(lass) NOPASSWD: ${xdg-open} *
+ cr ALL=(lass) NOPASSWD: ${xdg-open}/bin/xdg-open *
+ ff ALL=(lass) NOPASSWD: ${xdg-open}/bin/xdg-open *
'';
}
diff --git a/lass/3modules/browsers.nix b/lass/3modules/browsers.nix
deleted file mode 100644
index 4171abdb6..000000000
--- a/lass/3modules/browsers.nix
+++ /dev/null
@@ -1,94 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-let
-
- cfg = config.lass.browser;
-
- browserScripts = {
- brave = "${pkgs.brave}/bin/brave";
- chrome = "${pkgs.google-chrome}/bin/chrome";
- chromium = "${pkgs.ungoogled-chromium}/bin/chromium";
- firefox = "${pkgs.firefox.override {
- extraNativeMessagingHosts = [ pkgs.tridactyl-native ];
- }}/bin/firefox";
- qutebrowser = "${pkgs.qutebrowser}/bin/qutebrowser";
- };
-
- browser-select = let
- sortedPaths = sort (a: b: a.value.precedence > b.value.precedence)
- (filter (x: ! x.value.hidden)
- (mapAttrsToList (name: value: { inherit name value; })
- cfg.config));
- in if (lib.length sortedPaths) > 1 then
- pkgs.writeScriptBin "browser-select" ''
- BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu)
- case $BROWSER in
- ${concatMapStringsSep "\n" (n: ''
- ${n.name})
- export BIN=${config.lass.xjail-bins.${n.name}}/bin/${n.name}
- ;;
- '') (sortedPaths)}
- esac
- $BIN "$@"
- ''
- else
- let
- name = (lib.head sortedPaths).name;
- in pkgs.writeScriptBin "browser-select" ''
- ${config.lass.xjail-bins.${name}}/bin/${name} "$@"
- ''
- ;
-
-in {
- options.lass.browser = {
- select = mkOption {
- type = types.path;
- };
- config = mkOption {
- type = types.attrsOf (types.submodule ({ config, ... }: {
- options = {
- name = mkOption {
- type = types.str;
- default = config._module.args.name;
- };
- hidden = mkOption {
- type = types.bool;
- default = false;
- };
- precedence = mkOption {
- type = types.int;
- default = 0;
- };
- user = mkOption {
- type = types.str;
- default = config._module.args.name;
- };
- browser = mkOption {
- type = types.enum (attrNames browserScripts);
- default = "brave";
- };
- groups = mkOption {
- type = types.listOf types.str;
- default = [];
- };
- };
- }));
- default = {};
- };
- };
-
- config = (mkIf (cfg.config != {}) {
- lass.xjail = mapAttrs' (name: browser:
- nameValuePair name {
- script = browserScripts.${browser.browser};
- groups = browser.groups;
- }
- ) cfg.config;
- environment.systemPackages = (map (browser:
- config.lass.xjail-bins.${browser.name}
- ) (attrValues cfg.config)) ++ [
- browser-select
- ];
- lass.browser.select = browser-select;
- });
-}
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 3a0b1306c..0e1a794ca 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -12,8 +12,6 @@ _:
./pyload.nix
./screenlock.nix
./usershadow.nix
- ./xjail.nix
./autowifi.nix
- ./browsers.nix
];
}
diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix
deleted file mode 100644
index 08a28b8e3..000000000
--- a/lass/3modules/xjail.nix
+++ /dev/null
@@ -1,173 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-with import <stockholm/lib>;
-{
- options.lass.xjail = mkOption {
- type = types.attrsOf (types.submodule ({ config, ...}: {
- options = {
- name = mkOption {
- type = types.str;
- default = config._module.args.name;
- };
- user = mkOption {
- type = types.str;
- default = config.name;
- };
- groups = mkOption {
- type = types.listOf types.str;
- default = [];
- };
- from = mkOption {
- type = types.str;
- default = "lass";
- };
- display = mkOption {
- type = types.str;
- default = toString (genid_uint31 config._module.args.name);
- };
- dpi = mkOption {
- type = types.int;
- default = 90;
- };
- extraXephyrArgs = mkOption {
- type = types.str;
- default = "";
- };
- extraVglrunArgs = mkOption {
- type = types.str;
- default = "";
- };
- script = mkOption {
- type = types.path;
- default = pkgs.writeScript "echo_lol" "echo lol";
- };
- wm = mkOption {
- #TODO find type
- type = types.str;
- defaultText = "‹script›";
- default = "${pkgs.writeHaskellPackage "xephyrify-xmonad" {
- executables.xmonad = {
- extra-depends = [
- "containers"
- "unix"
- "xmonad"
- ];
- text = /* haskell */ ''
- module Main where
- import XMonad
- import Data.Monoid
- import System.Posix.Process (executeFile)
- import qualified Data.Map as Map
-
- main :: IO ()
- main = do
- xmonad def
- { workspaces = [ "1" ]
- , layoutHook = myLayoutHook
- , keys = myKeys
- , normalBorderColor = "#000000"
- , focusedBorderColor = "#000000"
- , handleEventHook = myEventHook
- }
-
- myEventHook :: Event -> X All
-
- myEventHook (ConfigureEvent { ev_event_type = 22 }) = do
- spawn "${pkgs.xorg.xrandr}/bin/xrandr >/dev/null 2>&1"
- return (All True)
-
- myEventHook _ = do
- return (All True)
-
- myLayoutHook = Full
- myKeys _ = Map.fromList []
- '';
- };
- }}/bin/xmonad";
- };
- };
- }));
- default = {};
- };
-
- options.lass.xjail-bins = mkOption {
- type = types.attrsOf types.path;
- };
-
- # implementation
- config = let
- scripts = mapAttrs' (name: cfg:
- let
- newOrExisting = pkgs.writeDash "${cfg.name}-existing" ''
- DISPLAY=:${cfg.display} ${pkgs.xorg.xrandr}/bin/xrandr
- if test $? -eq 0; then
- echo using existing xephyr
- ${sudo_} "$@"
- else
- echo starting new xephyr
- ${xephyr_} "$@"
- fi
- '';
- xephyr_ = pkgs.writeDash "${cfg.name}-xephyr" ''
- ${pkgs.xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable -nolisten local -dpi ${toString cfg.dpi} ${cfg.extraXephyrArgs} :${cfg.display} &
- XEPHYR_PID=$!
- DISPLAY=:${cfg.display} ${cfg.wm} &
- WM_PID=$!
- ${sudo_} "$@"
- ${pkgs.coreutils}/bin/kill $WM_PID
- ${pkgs.coreutils}/bin/kill $XEPHYR_PID
- '';
- # TODO fix xephyr which doesn't honor resizes anymore
- sudo_ = pkgs.writeDash "${cfg.name}-sudo" ''
- #/var/run/wrappers/bin/sudo -u ${cfg.name} -i env DISPLAY=:${cfg.display} ${cfg.script} "$@"
- ${pkgs.systemd}/bin/machinectl shell -E DISPLAY=:0 --uid=${cfg.name} .host ${cfg.script} "$@"
- '';
- in nameValuePair name {
- existing = newOrExisting;
- xephyr = xephyr_;
- sudo = sudo_;
- }
- ) config.lass.xjail;
- in {
-
- users.users = mapAttrs' (_: cfg:
- nameValuePair cfg.name {
- uid = genid_uint31 cfg.name;
- home = "/home/${cfg.name}";
- useDefaultShell = true;
- createHome = true;
- extraGroups = cfg.groups;
- isNormalUser = true;
- }
- ) config.lass.xjail;
-
- users.groups = mapAttrs' (_: cfg:
- nameValuePair cfg.name {
- members = [
- cfg.name
- cfg.from
- ];
- }
- ) config.lass.xjail;
-
- security.polkit.extraConfig = (concatStringsSep "\n" (mapAttrsToList (_: cfg: ''
- polkit.addRule(function(action, subject) {
- if (
- subject.user == "${cfg.from}" &&
- action.id == "org.freedesktop.machine1.host-shell" &&
- action.lookup("user") == "${cfg.user}" &&
- action.lookup("program") == "${cfg.script}" &&
- true
- ) {
- return polkit.Result.YES;
- }
- });
- '') config.lass.xjail));
-
- lass.xjail-bins = mapAttrs' (name: cfg:
- nameValuePair name (pkgs.writeScriptBin cfg.name ''
- ${scripts.${name}.sudo} "$@"
- '')
- ) config.lass.xjail;
- };
-}