X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fpub%2Fdefault.nix;fp=modules%2Fprivate%2Fpub%2Fdefault.nix;h=c31c8eb0e40e8367838e270b1d6848562820c6c8;hb=8d213e2b1c934f6861f76aad5eb7c11097fa97de;hp=0000000000000000000000000000000000000000;hpb=a1a8649a2be768685eb04c246c114fce36b8096f;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/pub/default.nix b/modules/private/pub/default.nix new file mode 100644 index 0000000..c31c8eb --- /dev/null +++ b/modules/private/pub/default.nix @@ -0,0 +1,52 @@ +{ lib, pkgs, config, myconfig, ... }: +{ + options = { + myServices.pub.enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Whether to enable pub user. + ''; + }; + }; + + config = lib.mkIf config.myServices.pub.enable { + users.users.pub = let + restrict = pkgs.runCommand "restrict" { + file = ./restrict; + buildInputs = [ pkgs.makeWrapper ]; + } '' + mkdir -p $out/bin + cp $file $out/bin/restrict + chmod a+x $out/bin/restrict + patchShebangs $out/bin/restrict + wrapProgram $out/bin/restrict \ + --prefix PATH : ${lib.makeBinPath [ pkgs.bubblewrap pkgs.rrsync ]} \ + --set TMUX_RESTRICT ${./tmux.restrict.conf} + ''; + purple-hangouts = pkgs.purple-hangouts.overrideAttrs(old: { + installPhase = '' + install -Dm755 -t $out/lib/purple-2/ libhangouts.so + for size in 16 22 24 48; do + install -TDm644 hangouts$size.png $out/share/pixmaps/pidgin/protocols/$size/hangouts.png + done + ''; + }); + in { + createHome = true; + description = "Restricted shell user"; + home = "/var/lib/pub"; + uid = myconfig.env.users.pub.uid; + useDefaultShell = true; + packages = [ + restrict + pkgs.tmux + (pkgs.pidgin.override { plugins = [ + pkgs.purple-plugin-pack purple-hangouts + pkgs.purple-discord pkgs.purple-facebook + pkgs.telegram-purple + ]; }) + ]; + }; + }; +}