From 0ea072393307e5cd250b412dd0026bf8f6f1251b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 21 Feb 2023 07:35:27 +0100 Subject: l browsers: use firefox directly, RIP xjails --- lass/1systems/aergia/config.nix | 5 -- lass/1systems/coaxmetal/config.nix | 6 -- lass/2configs/browsers.nix | 14 ++- lass/2configs/xdg-open.nix | 26 +++--- lass/3modules/browsers.nix | 94 -------------------- lass/3modules/default.nix | 2 - lass/3modules/xjail.nix | 173 ------------------------------------- 7 files changed, 18 insertions(+), 302 deletions(-) delete mode 100644 lass/3modules/browsers.nix delete mode 100644 lass/3modules/xjail.nix (limited to 'lass') diff --git a/lass/1systems/aergia/config.nix b/lass/1systems/aergia/config.nix index af88a0260..6992db4a5 100644 --- a/lass/1systems/aergia/config.nix +++ b/lass/1systems/aergia/config.nix @@ -48,11 +48,6 @@ }; hardware.pulseaudio.package = pkgs.pulseaudioFull; - lass.browser.config = { - fy = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; }; - qt = { browser = "qutebrowser"; groups = [ "audio" "video" ]; hidden = true; }; - }; - nix.trustedUsers = [ "root" "lass" ]; # nix.extraOptions = '' diff --git a/lass/1systems/coaxmetal/config.nix b/lass/1systems/coaxmetal/config.nix index 2c88b68cc..1df56f591 100644 --- a/lass/1systems/coaxmetal/config.nix +++ b/lass/1systems/coaxmetal/config.nix @@ -54,12 +54,6 @@ }; hardware.pulseaudio.package = pkgs.pulseaudioFull; - lass.browser.config = { - dc = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; }; - ff = { browser = "firefox"; groups = [ "audio" "video" ]; hidden = true; }; - fy = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; }; - }; - nix.trustedUsers = [ "root" "lass" ]; services.tor = { diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 00a5d2db0..ea6fb644b 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -1,12 +1,8 @@ { config, lib, pkgs, ... }: { - lass.browser.config = { - cr = { groups = [ "audio" "video" ]; precedence = 9; }; - }; - programs.chromium = { - enable = true; - extensions = [ - "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin - ]; - }; + programs.firefox.nativeMessagingHosts.tridactyl = true; + environment.variables.BROWSER = "${pkgs.firefox}/bin/firefox"; + environment.systemPackages = [ + pkgs.firefox + ]; } diff --git a/lass/2configs/xdg-open.nix b/lass/2configs/xdg-open.nix index 88ea7ba59..02c551a2b 100644 --- a/lass/2configs/xdg-open.nix +++ b/lass/2configs/xdg-open.nix @@ -1,12 +1,13 @@ { config, pkgs, lib, ... }: with import ; let xdg-open-wrapper = pkgs.writeDashBin "xdg-open" '' - /run/wrappers/bin/sudo -u lass ${xdg-open} "$@" + exec ${xdg-open}/bin/xdg-open "$@" >> /tmp/xdg-debug.log 2>&1 ''; - xdg-open = pkgs.writeBash "xdg-open" '' - set -e + xdg-open = pkgs.writeBashBin "xdg-open" '' + set -xe FILE="$1" + PATH=/run/current-system/sw/bin mime= case "$FILE" in @@ -35,15 +36,13 @@ case "$mime" in special/mailaddress) - urxvtc --execute vim "$FILE" ;; - ${optionalString (hasAttr "browser" config.lass) '' + alacritty --execute vim "$FILE" ;; text/html) - ${config.lass.browser.select}/bin/browser-select "$FILE" ;; + firefox "$FILE" ;; text/xml) - ${config.lass.browser.select}/bin/browser-select "$FILE" ;; - ''} + firefox "$FILE" ;; text/*) - urxvtc --execute vim "$FILE" ;; + alacritty --execute vim "$FILE" ;; image/*) sxiv "$FILE" ;; application/x-bittorrent) @@ -51,17 +50,18 @@ application/pdf) zathura "$FILE" ;; inode/directory) - sudo -u lass -i urxvtc --execute mc "$FILE" ;; + alacritty --execute mc "$FILE" ;; *) # open dmenu and ask for program to open with - $(dmenu_path | dmenu) "$FILE";; + runner=$(print -rC1 -- ''${(ko)commands} | dmenu) + exec $runner "$FILE";; esac ''; in { environment.systemPackages = [ xdg-open-wrapper ]; security.sudo.extraConfig = '' - cr ALL=(lass) NOPASSWD: ${xdg-open} * - ff ALL=(lass) NOPASSWD: ${xdg-open} * + cr ALL=(lass) NOPASSWD: ${xdg-open}/bin/xdg-open * + ff ALL=(lass) NOPASSWD: ${xdg-open}/bin/xdg-open * ''; } diff --git a/lass/3modules/browsers.nix b/lass/3modules/browsers.nix deleted file mode 100644 index 4171abdb6..000000000 --- a/lass/3modules/browsers.nix +++ /dev/null @@ -1,94 +0,0 @@ -{ config, lib, pkgs, ... }: -with import ; -let - - cfg = config.lass.browser; - - browserScripts = { - brave = "${pkgs.brave}/bin/brave"; - chrome = "${pkgs.google-chrome}/bin/chrome"; - chromium = "${pkgs.ungoogled-chromium}/bin/chromium"; - firefox = "${pkgs.firefox.override { - extraNativeMessagingHosts = [ pkgs.tridactyl-native ]; - }}/bin/firefox"; - qutebrowser = "${pkgs.qutebrowser}/bin/qutebrowser"; - }; - - browser-select = let - sortedPaths = sort (a: b: a.value.precedence > b.value.precedence) - (filter (x: ! x.value.hidden) - (mapAttrsToList (name: value: { inherit name value; }) - cfg.config)); - in if (lib.length sortedPaths) > 1 then - pkgs.writeScriptBin "browser-select" '' - BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu) - case $BROWSER in - ${concatMapStringsSep "\n" (n: '' - ${n.name}) - export BIN=${config.lass.xjail-bins.${n.name}}/bin/${n.name} - ;; - '') (sortedPaths)} - esac - $BIN "$@" - '' - else - let - name = (lib.head sortedPaths).name; - in pkgs.writeScriptBin "browser-select" '' - ${config.lass.xjail-bins.${name}}/bin/${name} "$@" - '' - ; - -in { - options.lass.browser = { - select = mkOption { - type = types.path; - }; - config = mkOption { - type = types.attrsOf (types.submodule ({ config, ... }: { - options = { - name = mkOption { - type = types.str; - default = config._module.args.name; - }; - hidden = mkOption { - type = types.bool; - default = false; - }; - precedence = mkOption { - type = types.int; - default = 0; - }; - user = mkOption { - type = types.str; - default = config._module.args.name; - }; - browser = mkOption { - type = types.enum (attrNames browserScripts); - default = "brave"; - }; - groups = mkOption { - type = types.listOf types.str; - default = []; - }; - }; - })); - default = {}; - }; - }; - - config = (mkIf (cfg.config != {}) { - lass.xjail = mapAttrs' (name: browser: - nameValuePair name { - script = browserScripts.${browser.browser}; - groups = browser.groups; - } - ) cfg.config; - environment.systemPackages = (map (browser: - config.lass.xjail-bins.${browser.name} - ) (attrValues cfg.config)) ++ [ - browser-select - ]; - lass.browser.select = browser-select; - }); -} diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 3a0b1306c..0e1a794ca 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -12,8 +12,6 @@ _: ./pyload.nix ./screenlock.nix ./usershadow.nix - ./xjail.nix ./autowifi.nix - ./browsers.nix ]; } diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix deleted file mode 100644 index 08a28b8e3..000000000 --- a/lass/3modules/xjail.nix +++ /dev/null @@ -1,173 +0,0 @@ -{ config, pkgs, lib, ... }: - -with import ; -{ - options.lass.xjail = mkOption { - type = types.attrsOf (types.submodule ({ config, ...}: { - options = { - name = mkOption { - type = types.str; - default = config._module.args.name; - }; - user = mkOption { - type = types.str; - default = config.name; - }; - groups = mkOption { - type = types.listOf types.str; - default = []; - }; - from = mkOption { - type = types.str; - default = "lass"; - }; - display = mkOption { - type = types.str; - default = toString (genid_uint31 config._module.args.name); - }; - dpi = mkOption { - type = types.int; - default = 90; - }; - extraXephyrArgs = mkOption { - type = types.str; - default = ""; - }; - extraVglrunArgs = mkOption { - type = types.str; - default = ""; - }; - script = mkOption { - type = types.path; - default = pkgs.writeScript "echo_lol" "echo lol"; - }; - wm = mkOption { - #TODO find type - type = types.str; - defaultText = "‹script›"; - default = "${pkgs.writeHaskellPackage "xephyrify-xmonad" { - executables.xmonad = { - extra-depends = [ - "containers" - "unix" - "xmonad" - ]; - text = /* haskell */ '' - module Main where - import XMonad - import Data.Monoid - import System.Posix.Process (executeFile) - import qualified Data.Map as Map - - main :: IO () - main = do - xmonad def - { workspaces = [ "1" ] - , layoutHook = myLayoutHook - , keys = myKeys - , normalBorderColor = "#000000" - , focusedBorderColor = "#000000" - , handleEventHook = myEventHook - } - - myEventHook :: Event -> X All - - myEventHook (ConfigureEvent { ev_event_type = 22 }) = do - spawn "${pkgs.xorg.xrandr}/bin/xrandr >/dev/null 2>&1" - return (All True) - - myEventHook _ = do - return (All True) - - myLayoutHook = Full - myKeys _ = Map.fromList [] - ''; - }; - }}/bin/xmonad"; - }; - }; - })); - default = {}; - }; - - options.lass.xjail-bins = mkOption { - type = types.attrsOf types.path; - }; - - # implementation - config = let - scripts = mapAttrs' (name: cfg: - let - newOrExisting = pkgs.writeDash "${cfg.name}-existing" '' - DISPLAY=:${cfg.display} ${pkgs.xorg.xrandr}/bin/xrandr - if test $? -eq 0; then - echo using existing xephyr - ${sudo_} "$@" - else - echo starting new xephyr - ${xephyr_} "$@" - fi - ''; - xephyr_ = pkgs.writeDash "${cfg.name}-xephyr" '' - ${pkgs.xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable -nolisten local -dpi ${toString cfg.dpi} ${cfg.extraXephyrArgs} :${cfg.display} & - XEPHYR_PID=$! - DISPLAY=:${cfg.display} ${cfg.wm} & - WM_PID=$! - ${sudo_} "$@" - ${pkgs.coreutils}/bin/kill $WM_PID - ${pkgs.coreutils}/bin/kill $XEPHYR_PID - ''; - # TODO fix xephyr which doesn't honor resizes anymore - sudo_ = pkgs.writeDash "${cfg.name}-sudo" '' - #/var/run/wrappers/bin/sudo -u ${cfg.name} -i env DISPLAY=:${cfg.display} ${cfg.script} "$@" - ${pkgs.systemd}/bin/machinectl shell -E DISPLAY=:0 --uid=${cfg.name} .host ${cfg.script} "$@" - ''; - in nameValuePair name { - existing = newOrExisting; - xephyr = xephyr_; - sudo = sudo_; - } - ) config.lass.xjail; - in { - - users.users = mapAttrs' (_: cfg: - nameValuePair cfg.name { - uid = genid_uint31 cfg.name; - home = "/home/${cfg.name}"; - useDefaultShell = true; - createHome = true; - extraGroups = cfg.groups; - isNormalUser = true; - } - ) config.lass.xjail; - - users.groups = mapAttrs' (_: cfg: - nameValuePair cfg.name { - members = [ - cfg.name - cfg.from - ]; - } - ) config.lass.xjail; - - security.polkit.extraConfig = (concatStringsSep "\n" (mapAttrsToList (_: cfg: '' - polkit.addRule(function(action, subject) { - if ( - subject.user == "${cfg.from}" && - action.id == "org.freedesktop.machine1.host-shell" && - action.lookup("user") == "${cfg.user}" && - action.lookup("program") == "${cfg.script}" && - true - ) { - return polkit.Result.YES; - } - }); - '') config.lass.xjail)); - - lass.xjail-bins = mapAttrs' (name: cfg: - nameValuePair name (pkgs.writeScriptBin cfg.name '' - ${scripts.${name}.sudo} "$@" - '') - ) config.lass.xjail; - }; -} -- cgit v1.2.3