summaryrefslogtreecommitdiffstats
path: root/lass/2configs/browsers.nix
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2018-04-03 23:20:32 +0200
committertv <tv@krebsco.de>2018-04-03 23:20:32 +0200
commiteb684c7618697b370cf69c175ef43e0ced361407 (patch)
tree2d81470fdf4063379270cfa32a2a3b6c4aa01008 /lass/2configs/browsers.nix
parent3108c4323806eee9798a6ba42977ea8f16343731 (diff)
parent1604ecfc706d2921248d0c9ac7cef02274842272 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/2configs/browsers.nix')
-rw-r--r--lass/2configs/browsers.nix74
1 files changed, 24 insertions, 50 deletions
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index cbbd54b6b..91ee08bfd 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -21,59 +21,32 @@ let
$BIN "$@"
'';
- createChromiumUser = name: extraGroups: precedence:
- let
- bin = pkgs.writeScriptBin name ''
- /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@
- '';
- in {
- users.extraUsers.${name} = {
- inherit name;
- inherit extraGroups;
- home = "/home/${name}";
- uid = genid name;
- useDefaultShell = true;
- createHome = true;
+ createUser = script: name: groups: precedence: dpi:
+ {
+ lass.xjail.${name} = {
+ inherit script groups dpi;
};
+ environment.systemPackages = [ config.lass.xjail-bins.${name} ];
lass.browser.paths.${name} = {
- path = bin;
+ path = config.lass.xjail-bins.${name};
inherit precedence;
};
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(${name}) NOPASSWD: ALL
- '';
- environment.systemPackages = [
- bin
- ];
};
- createFirefoxUser = name: extraGroups: precedence:
- let
- bin = pkgs.writeScriptBin name ''
- /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox-devedition-bin}/bin/firefox-devedition $@
- '';
- in {
- users.extraUsers.${name} = {
- inherit name;
- inherit extraGroups;
- home = "/home/${name}";
- uid = genid name;
- useDefaultShell = true;
- createHome = true;
- };
- lass.browser.paths.${name} = {
- path = bin;
- inherit precedence;
- };
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(${name}) NOPASSWD: ALL
- '';
- environment.systemPackages = [
- bin
- ];
- };
+ createChromiumUser = name: groups: precedence:
+ createUser (pkgs.writeDash name ''
+ ${pkgs.chromium}/bin/chromium "$@"
+ '') name groups precedence 80;
+
+ createFirefoxUser = name: groups: precedence:
+ createUser (pkgs.writeDash name ''
+ ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@"
+ '') name groups precedence 80;
- #TODO: abstract this
+ createQuteUser = name: groups: precedence:
+ createUser (pkgs.writeDash name ''
+ ${pkgs.qutebrowser}/bin/qutebrowser "$@"
+ '') name groups precedence 60;
in {
@@ -110,12 +83,13 @@ in {
}));
};
}
+ ( createQuteUser "qb" [ "audio" ] 20 )
( createFirefoxUser "ff" [ "audio" ] 10 )
- ( createChromiumUser "cr" [ "video" "audio" ] 9 )
+ ( createChromiumUser "cr" [ "audio" ] 9 )
( createChromiumUser "gm" [ "video" "audio" ] 8 )
- ( createChromiumUser "wk" [ "video" "audio" ] 0 )
- ( createChromiumUser "fb" [ "video" "audio" ] 0 )
- ( createChromiumUser "com" [ "video" "audio" ] 0 )
+ ( createChromiumUser "wk" [ "audio" ] 0 )
+ ( createChromiumUser "fb" [ "audio" ] 0 )
+ ( createChromiumUser "com" [ "audio" ] 0 )
( createChromiumUser "fin" [] (-1) )
];
}