blob: c31c8eb0e40e8367838e270b1d6848562820c6c8 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
{ lib, pkgs, config, myconfig, ... }:
{
options = {
myServices.pub.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether to enable pub user.
'';
};
};
config = lib.mkIf config.myServices.pub.enable {
users.users.pub = let
restrict = pkgs.runCommand "restrict" {
file = ./restrict;
buildInputs = [ pkgs.makeWrapper ];
} ''
mkdir -p $out/bin
cp $file $out/bin/restrict
chmod a+x $out/bin/restrict
patchShebangs $out/bin/restrict
wrapProgram $out/bin/restrict \
--prefix PATH : ${lib.makeBinPath [ pkgs.bubblewrap pkgs.rrsync ]} \
--set TMUX_RESTRICT ${./tmux.restrict.conf}
'';
purple-hangouts = pkgs.purple-hangouts.overrideAttrs(old: {
installPhase = ''
install -Dm755 -t $out/lib/purple-2/ libhangouts.so
for size in 16 22 24 48; do
install -TDm644 hangouts$size.png $out/share/pixmaps/pidgin/protocols/$size/hangouts.png
done
'';
});
in {
createHome = true;
description = "Restricted shell user";
home = "/var/lib/pub";
uid = myconfig.env.users.pub.uid;
useDefaultShell = true;
packages = [
restrict
pkgs.tmux
(pkgs.pidgin.override { plugins = [
pkgs.purple-plugin-pack purple-hangouts
pkgs.purple-discord pkgs.purple-facebook
pkgs.telegram-purple
]; })
];
};
};
}
|