--- /dev/null
+{ lib, pkgs, config, myconfig, ... }:
+{
+ options = {
+ myServices.pub.enable = lib.mkOption {
+ type = lib.types.bool;
+ default = false;
+ description = ''
+ Whether to enable pub user.
+ '';
+ };
+ };
+
+ config = lib.mkIf config.myServices.pub.enable {
+ users.users.pub = let
+ restrict = pkgs.runCommand "restrict" {
+ file = ./restrict;
+ buildInputs = [ pkgs.makeWrapper ];
+ } ''
+ mkdir -p $out/bin
+ cp $file $out/bin/restrict
+ chmod a+x $out/bin/restrict
+ patchShebangs $out/bin/restrict
+ wrapProgram $out/bin/restrict \
+ --prefix PATH : ${lib.makeBinPath [ pkgs.bubblewrap pkgs.rrsync ]} \
+ --set TMUX_RESTRICT ${./tmux.restrict.conf}
+ '';
+ purple-hangouts = pkgs.purple-hangouts.overrideAttrs(old: {
+ installPhase = ''
+ install -Dm755 -t $out/lib/purple-2/ libhangouts.so
+ for size in 16 22 24 48; do
+ install -TDm644 hangouts$size.png $out/share/pixmaps/pidgin/protocols/$size/hangouts.png
+ done
+ '';
+ });
+ in {
+ createHome = true;
+ description = "Restricted shell user";
+ home = "/var/lib/pub";
+ uid = myconfig.env.users.pub.uid;
+ useDefaultShell = true;
+ packages = [
+ restrict
+ pkgs.tmux
+ (pkgs.pidgin.override { plugins = [
+ pkgs.purple-plugin-pack purple-hangouts
+ pkgs.purple-discord pkgs.purple-facebook
+ pkgs.telegram-purple
+ ]; })
+ ];
+ };
+ };
+}