-{ lib, pkgs, config, myconfig, ... }:
-{
- options = {
- services.pub.enable = lib.mkOption {
- type = lib.types.bool;
- default = false;
- description = ''
- Whether to enable pub user.
- '';
- };
- };
-
- config = lib.mkIf config.services.pub.enable {
- users.users.pub = let
- restrict = pkgs.runCommand "restrict" {
- file = ./restrict;
- buildInputs = [ pkgs.makeWrapper ];
- } ''
- mkdir -p $out/bin
- cp $file $out/bin/restrict
- chmod a+x $out/bin/restrict
- patchShebangs $out/bin/restrict
- wrapProgram $out/bin/restrict \
- --prefix PATH : ${lib.makeBinPath [ pkgs.bubblewrap pkgs.rrsync ]} \
- --set TMUX_RESTRICT ${./tmux.restrict.conf}
- '';
- purple-hangouts = pkgs.purple-hangouts.overrideAttrs(old: {
- installPhase = ''
- install -Dm755 -t $out/lib/purple-2/ libhangouts.so
- for size in 16 22 24 48; do
- install -TDm644 hangouts$size.png $out/share/pixmaps/pidgin/protocols/$size/hangouts.png
- done
- '';
- });
- in {
- createHome = true;
- description = "Restricted shell user";
- home = "/var/lib/pub";
- uid = myconfig.env.users.pub.uid;
- useDefaultShell = true;
- packages = [
- restrict
- pkgs.tmux
- (pkgs.pidgin.override { plugins = [
- pkgs.purple-plugin-pack purple-hangouts
- pkgs.purple-discord pkgs.purple-facebook
- pkgs.telegram-purple
- ]; })
- ];
- };
- };
-}