]>
Commit | Line | Data |
---|---|---|
5ccc61bb IB |
1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
2 | { | |
3 | options = { | |
4 | services.pub.enable = lib.mkOption { | |
5 | type = lib.types.bool; | |
6 | default = false; | |
7 | description = '' | |
8 | Whether to enable pub user. | |
9 | ''; | |
10 | }; | |
11 | }; | |
12 | ||
13 | config = lib.mkIf config.services.pub.enable { | |
14 | users.users.pub = let | |
15 | restrict = pkgs.runCommand "restrict" { | |
16 | file = ./restrict; | |
17 | buildInputs = [ pkgs.makeWrapper ]; | |
18 | } '' | |
19 | mkdir -p $out/bin | |
20 | cp $file $out/bin/restrict | |
21 | chmod a+x $out/bin/restrict | |
22 | patchShebangs $out/bin/restrict | |
23 | wrapProgram $out/bin/restrict \ | |
24 | --prefix PATH : ${lib.makeBinPath [ pkgs.bubblewrap pkgs.rrsync ]} \ | |
25 | --set TMUX_RESTRICT ${./tmux.restrict.conf} | |
26 | ''; | |
27 | in { | |
28 | createHome = true; | |
29 | description = "Restricted shell user"; | |
30 | home = "/var/lib/pub"; | |
31 | uid = myconfig.env.users.pub.uid; | |
32 | useDefaultShell = true; | |
33 | packages = [ | |
34 | restrict | |
35 | pkgs.tmux | |
36 | (pkgs.pidgin.override { plugins = [ | |
37 | pkgs.purple-plugin-pack pkgs.purple-hangouts | |
38 | pkgs.purple-discord pkgs.purple-facebook | |
39 | pkgs.telegram-purple | |
40 | ]; }) | |
41 | ]; | |
42 | }; | |
43 | }; | |
44 | } |