X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=systems%2Feldiron%2Fpub%2Frestrict;fp=modules%2Fprivate%2Fpub%2Frestrict;h=698e394e3d5903ef726acd308fe804c61d413138;hb=1a64deeb894dc95e2645a75771732c6cc53a79ad;hp=b2f3be369f1a60fb0efb56d7d04e8cdcc0a687c2;hpb=fa25ffd4583cc362075cd5e1b4130f33306103f0;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/pub/restrict b/systems/eldiron/pub/restrict
similarity index 82%
rename from modules/private/pub/restrict
rename to systems/eldiron/pub/restrict
index b2f3be3..698e394 100644
--- a/modules/private/pub/restrict
+++ b/systems/eldiron/pub/restrict
@@ -24,6 +24,13 @@ rsync*)
                | while read i; do
             printf '%s--ro-bind\0'$i'\0'$i'\0' ''
           done
+          if [ -e "/run/current-system/pub/$user" ]; then
+            nix-store -q -R "/run/current-system/pub/$user" \
+                | while read i; do
+              printf '%s--ro-bind\0'$i'\0'$i'\0' ''
+            done
+            printf '%s--ro-bind\0/run/current-system/pub/'$user'/bin\0/bin-pub-'$user'\0' ''
+          fi
         }
 
         set -euo pipefail
@@ -52,12 +59,12 @@ rsync*)
               --setenv LOCALE_ARCHIVE "/etc/locale-archive" \
               --setenv XDG_RUNTIME_DIR "/run/user/`id -u`" \
               --setenv PS1 "$user@pub $ " \
-              --setenv PATH "/bin:/bin-pub" \
+              --setenv PATH "/bin-pub-$user:/bin:/bin-pub" \
               --setenv HOME "/var/lib/pub" \
               --file 11 /etc/passwd \
               --file 12 /etc/group \
               -- $orig) \
-              10< <(nix_store_paths) \
+              10< <(nix_store_paths | sort | uniq) \
               11< <(getent passwd $UID 65534) \
               12< <(getent group $(id -g) 65534)
         ;;