Squash changes containing private information

[perso/Immae/Config/Nix.git] / systems / eldiron / pub / restrict

diff --git a/modules/private/pub/restrict b/systems/eldiron/pub/restrict
similarity index 82%
rename from modules/private/pub/restrict
rename to systems/eldiron/pub/restrict
index b2f3be369f1a60fb0efb56d7d04e8cdcc0a687c2..698e394e3d5903ef726acd308fe804c61d413138 100644 (file)
--- a/modules/private/pub/restrict
+++ b/systems/eldiron/pub/restrict
@@ -24,6 +24,13 @@ rsync*)
                | while read i; do
             printf '%s--ro-bind\0'$i'\0'$i'\0' ''
           done
+          if [ -e "/run/current-system/pub/$user" ]; then
+            nix-store -q -R "/run/current-system/pub/$user" \
+                | while read i; do
+              printf '%s--ro-bind\0'$i'\0'$i'\0' ''
+            done
+            printf '%s--ro-bind\0/run/current-system/pub/'$user'/bin\0/bin-pub-'$user'\0' ''
+          fi
         }
 
         set -euo pipefail
@@ -52,12 +59,12 @@ rsync*)
               --setenv LOCALE_ARCHIVE "/etc/locale-archive" \
               --setenv XDG_RUNTIME_DIR "/run/user/`id -u`" \
               --setenv PS1 "$user@pub $ " \
-              --setenv PATH "/bin:/bin-pub" \
+              --setenv PATH "/bin-pub-$user:/bin:/bin-pub" \
               --setenv HOME "/var/lib/pub" \
               --file 11 /etc/passwd \
               --file 12 /etc/group \
               -- $orig) \
-              10< <(nix_store_paths) \
+              10< <(nix_store_paths | sort | uniq) \
               11< <(getent passwd $UID 65534) \
               12< <(getent group $(id -g) 65534)
         ;;