summaryrefslogtreecommitdiffstats
path: root/lass/3modules
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2018-04-03 23:20:32 +0200
committertv <tv@krebsco.de>2018-04-03 23:20:32 +0200
commiteb684c7618697b370cf69c175ef43e0ced361407 (patch)
tree2d81470fdf4063379270cfa32a2a3b6c4aa01008 /lass/3modules
parent3108c4323806eee9798a6ba42977ea8f16343731 (diff)
parent1604ecfc706d2921248d0c9ac7cef02274842272 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/3modules')
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lass/3modules/screenlock.nix4
-rw-r--r--lass/3modules/xjail.nix164
3 files changed, 167 insertions, 2 deletions
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index fd77b2262..0c10e1ec2 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -11,6 +11,7 @@ _:
./screenlock.nix
./umts.nix
./usershadow.nix
+ ./xjail.nix
./xserver
];
}
diff --git a/lass/3modules/screenlock.nix b/lass/3modules/screenlock.nix
index e16ce9868..29c3861f2 100644
--- a/lass/3modules/screenlock.nix
+++ b/lass/3modules/screenlock.nix
@@ -14,7 +14,7 @@ let
enable = mkEnableOption "screenlock";
command = mkOption {
type = types.str;
- default = "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f";
+ default = "${pkgs.xlockmore}/bin/xlock -mode life1d -size 1";
};
};
@@ -28,7 +28,7 @@ let
serviceConfig = {
SyslogIdentifier = "screenlock";
ExecStart = cfg.command;
- Type = "forking";
+ Type = "simple";
User = "lass";
};
};
diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix
new file mode 100644
index 000000000..325ebcc99
--- /dev/null
+++ b/lass/3modules/xjail.nix
@@ -0,0 +1,164 @@
+{ config, pkgs, lib, ... }:
+
+with import <stockholm/lib>;
+{
+ options.lass.xjail = mkOption {
+ type = types.attrsOf (types.submodule ({ config, ...}: {
+ options = {
+ name = mkOption {
+ type = types.string;
+ default = config._module.args.name;
+ };
+ user = mkOption {
+ type = types.string;
+ default = config.name;
+ };
+ groups = mkOption {
+ type = types.listOf types.str;
+ default = [];
+ };
+ from = mkOption {
+ type = types.string;
+ default = "lass";
+ };
+ display = mkOption {
+ type = types.string;
+ default = toString (genid_signed config._module.args.name);
+ };
+ dpi = mkOption {
+ type = types.int;
+ default = 90;
+ };
+ extraXephyrArgs = mkOption {
+ type = types.str;
+ default = "";
+ };
+ extraVglrunArgs = mkOption {
+ type = types.str;
+ default = "";
+ };
+ script = mkOption {
+ type = types.path;
+ default = pkgs.writeScript "echo_lol" "echo lol";
+ };
+ wm = mkOption {
+ #TODO find type
+ type = types.string;
+ default = "${pkgs.writeHaskell "xephyrify-xmonad" {
+ executables.xmonad = {
+ extra-depends = [
+ "containers"
+ "unix"
+ "xmonad"
+ ];
+ text = /* haskell */ ''
+ module Main where
+ import XMonad
+ import Data.Monoid
+ import System.Posix.Process (executeFile)
+ import qualified Data.Map as Map
+
+ main :: IO ()
+ main = do
+ xmonad def
+ { workspaces = [ "1" ]
+ , layoutHook = myLayoutHook
+ , keys = myKeys
+ , normalBorderColor = "#000000"
+ , focusedBorderColor = "#000000"
+ , handleEventHook = myEventHook
+ }
+
+ myEventHook :: Event -> X All
+
+ myEventHook (ConfigureEvent { ev_event_type = 22 }) = do
+ spawn "${pkgs.xorg.xrandr}/bin/xrandr >/dev/null 2>&1"
+ return (All True)
+
+ myEventHook _ = do
+ return (All True)
+
+ myLayoutHook = Full
+ myKeys _ = Map.fromList []
+ '';
+ };
+ }}/bin/xmonad";
+ };
+ };
+ }));
+ default = {};
+ };
+
+ options.lass.xjail-bins = mkOption {
+ type = types.attrsOf types.path;
+ };
+
+ # implementation
+ config = let
+ scripts = mapAttrs' (name: cfg:
+ let
+ newOrExisting = pkgs.writeDash "${cfg.name}-existing" ''
+ DISPLAY=:${cfg.display} ${pkgs.xorg.xrandr}/bin/xrandr
+ if test $? -eq 0; then
+ echo using existing xephyr
+ ${sudo_} "$@"
+ else
+ echo starting new xephyr
+ ${xephyr_} "$@"
+ fi
+ '';
+ xephyr_ = pkgs.writeDash "${cfg.name}-xephyr" ''
+ ${pkgs.xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable -nolisten local -dpi ${toString cfg.dpi} ${cfg.extraXephyrArgs} :${cfg.display} &
+ XEPHYR_PID=$!
+ DISPLAY=:${cfg.display} ${cfg.wm} &
+ WM_PID=$!
+ ${sudo_} "$@"
+ ${pkgs.coreutils}/bin/kill $WM_PID
+ ${pkgs.coreutils}/bin/kill $XEPHYR_PID
+ '';
+ sudo_ = pkgs.writeDash "${cfg.name}-sudo" ''
+ /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${vglrun_} "$@"
+ '';
+ vglrun_ = pkgs.writeDash "${cfg.name}-vglrun" ''
+ DISPLAY=:${cfg.display} ${pkgs.virtualgl}/bin/vglrun ${cfg.extraVglrunArgs} ${cfg.script} "$@"
+ '';
+ in nameValuePair name {
+ existing = newOrExisting;
+ xephyr = xephyr_;
+ sudo = sudo_;
+ vglrun = vglrun_;
+ }
+ ) config.lass.xjail;
+ in {
+
+ users.users = mapAttrs' (_: cfg:
+ nameValuePair cfg.name {
+ uid = genid cfg.name;
+ home = "/home/${cfg.name}";
+ useDefaultShell = true;
+ createHome = true;
+ extraGroups = cfg.groups;
+ }
+ ) config.lass.xjail;
+
+ users.groups = mapAttrs' (_: cfg:
+ nameValuePair cfg.name {
+ members = [
+ cfg.name
+ cfg.from
+ ];
+ }
+ ) config.lass.xjail;
+
+ security.sudo.extraConfig = (concatStringsSep "\n" (mapAttrsToList (_: cfg:
+ # TODO allow just the right script with sudo
+ "${cfg.from} ALL=(${cfg.name}) NOPASSWD: ALL"
+ ) config.lass.xjail));
+
+ lass.xjail-bins = mapAttrs' (name: cfg:
+ nameValuePair name (pkgs.writeScriptBin cfg.name ''
+ ${scripts.${name}.existing} "$@"
+ '')
+ ) config.lass.xjail;
+ };
+}