Use black
parent
b0d6861825
commit
e94d0227fe
GPG Key ID:
8D3C82F9F309F8EC
|
|
@ -62,6 +62,7 @@
|
|||
pre-commit-check = nix-pre-commit-hooks.lib.${system}.run {
|
||||
src = ./.;
|
||||
hooks = {
|
||||
black.enable = true;
|
||||
nixpkgs-fmt.enable = true;
|
||||
shellcheck.enable = true;
|
||||
};
|
||||
|
|
@ -138,6 +139,7 @@
|
|||
|
||||
devShell = pkgs.mkShell {
|
||||
buildInputs = (with pkgs; [
|
||||
black
|
||||
nixpkgs-fmt
|
||||
shellcheck
|
||||
sops
|
||||
|
|
|
|||
|
|
@ -15,7 +15,9 @@ def add_switch(name: str, default=False):
|
|||
if default:
|
||||
parser.add_argument(f"--no-{name}", dest=name, action="store_false")
|
||||
else:
|
||||
parser.add_argument(f"--{name}", dest=name, action="store_true", default=default)
|
||||
parser.add_argument(
|
||||
f"--{name}", dest=name, action="store_true", default=default
|
||||
)
|
||||
|
||||
|
||||
def tmp_file(name: str):
|
||||
|
|
@ -76,82 +78,136 @@ path_entries = [
|
|||
]
|
||||
|
||||
argument_groups = {
|
||||
"base": (True, [
|
||||
"--tmpfs", "/tmp",
|
||||
"--proc", "/proc",
|
||||
"--dev", "/dev",
|
||||
"--dir", home,
|
||||
"--dir", f"/run/user/{uid}",
|
||||
*ro_bind("/etc/localtime"),
|
||||
"--unshare-all",
|
||||
"--die-with-parent",
|
||||
]),
|
||||
"nix-store": (True, [
|
||||
*flat_map(ro_bind, [
|
||||
"/nix/store",
|
||||
"/etc/static",
|
||||
]),
|
||||
]),
|
||||
"path": (True, [
|
||||
*flat_map(ro_bind_try, path_entries),
|
||||
*setenv("PATH", ":".join(path_entries)),
|
||||
*ro_bind_try("/run/current-system/sw") # not really path, but also libraries etc.
|
||||
]),
|
||||
"gui": (False, [
|
||||
*dev_bind("/dev/dri"),
|
||||
*flat_map(ro_bind, [
|
||||
"/sys/dev/char",
|
||||
"/sys/devices/pci0000:00",
|
||||
f"/run/user/{uid}/{os.getenv('WAYLAND_DISPLAY')}",
|
||||
"/run/opengl-driver",
|
||||
"/etc/fonts",
|
||||
]),
|
||||
*ro_bind_try("/run/opengl-driver-32"),
|
||||
]),
|
||||
"x11": (False, [
|
||||
*ro_bind("/tmp/.X11-unix"),
|
||||
]),
|
||||
"audio": (False, [
|
||||
*ro_bind(f"/run/user/{uid}/pulse"),
|
||||
# should in theory autodetect, but sometimes it does not work
|
||||
*setenv("PULSE_SERVER", f"/run/user/{uid}/pulse/native"),
|
||||
# some programs need the cookie
|
||||
*ro_bind(f"{home}/.config/pulse/cookie"),
|
||||
*setenv("PULSE_COOKIE", f"{home}/.config/pulse/cookie"),
|
||||
# ALSA compat
|
||||
*ro_bind("/etc/asound.conf"),
|
||||
]),
|
||||
"passwd": (False, [
|
||||
*ro_bind(
|
||||
generate_tmp_file(
|
||||
"passwd",
|
||||
f"{username}:x:{uid}:{gid}::{home}:/run/current-system/sw/bin/bash\n"
|
||||
"base": (
|
||||
True,
|
||||
[
|
||||
"--tmpfs",
|
||||
"/tmp",
|
||||
"--proc",
|
||||
"/proc",
|
||||
"--dev",
|
||||
"/dev",
|
||||
"--dir",
|
||||
home,
|
||||
"--dir",
|
||||
f"/run/user/{uid}",
|
||||
*ro_bind("/etc/localtime"),
|
||||
"--unshare-all",
|
||||
"--die-with-parent",
|
||||
],
|
||||
),
|
||||
"nix-store": (
|
||||
True,
|
||||
[
|
||||
*flat_map(
|
||||
ro_bind,
|
||||
[
|
||||
"/nix/store",
|
||||
"/etc/static",
|
||||
],
|
||||
),
|
||||
"/etc/passwd"
|
||||
)
|
||||
]),
|
||||
"network": (False, [
|
||||
"--share-net",
|
||||
*flat_map(ro_bind, [
|
||||
"/etc/resolv.conf",
|
||||
"/etc/ssl/certs",
|
||||
]),
|
||||
]),
|
||||
"dbus": (False, [
|
||||
*ro_bind("/run/dbus/system_bus_socket"),
|
||||
*ro_bind(generate_tmp_file("machine-id", "0" * 32), "/etc/machine-id"),
|
||||
]),
|
||||
"new-session": (True, [
|
||||
"--new-session",
|
||||
]),
|
||||
"pwd": (False, [
|
||||
*ro_bind(os.getcwd()),
|
||||
"--chdir", os.getcwd(),
|
||||
]),
|
||||
"pwd-rw": (False, [
|
||||
*bind(os.getcwd()),
|
||||
"--chdir", os.getcwd(),
|
||||
]),
|
||||
],
|
||||
),
|
||||
"path": (
|
||||
True,
|
||||
[
|
||||
*flat_map(ro_bind_try, path_entries),
|
||||
*setenv("PATH", ":".join(path_entries)),
|
||||
*ro_bind_try(
|
||||
"/run/current-system/sw"
|
||||
), # not really path, but also libraries etc.
|
||||
],
|
||||
),
|
||||
"gui": (
|
||||
False,
|
||||
[
|
||||
*dev_bind("/dev/dri"),
|
||||
*flat_map(
|
||||
ro_bind,
|
||||
[
|
||||
"/sys/dev/char",
|
||||
"/sys/devices/pci0000:00",
|
||||
f"/run/user/{uid}/{os.getenv('WAYLAND_DISPLAY')}",
|
||||
"/run/opengl-driver",
|
||||
"/etc/fonts",
|
||||
],
|
||||
),
|
||||
*ro_bind_try("/run/opengl-driver-32"),
|
||||
],
|
||||
),
|
||||
"x11": (
|
||||
False,
|
||||
[
|
||||
*ro_bind("/tmp/.X11-unix"),
|
||||
],
|
||||
),
|
||||
"audio": (
|
||||
False,
|
||||
[
|
||||
*ro_bind(f"/run/user/{uid}/pulse"),
|
||||
# should in theory autodetect, but sometimes it does not work
|
||||
*setenv("PULSE_SERVER", f"/run/user/{uid}/pulse/native"),
|
||||
# some programs need the cookie
|
||||
*ro_bind(f"{home}/.config/pulse/cookie"),
|
||||
*setenv("PULSE_COOKIE", f"{home}/.config/pulse/cookie"),
|
||||
# ALSA compat
|
||||
*ro_bind("/etc/asound.conf"),
|
||||
],
|
||||
),
|
||||
"passwd": (
|
||||
False,
|
||||
[
|
||||
*ro_bind(
|
||||
generate_tmp_file(
|
||||
"passwd",
|
||||
f"{username}:x:{uid}:{gid}::{home}:/run/current-system/sw/bin/bash\n",
|
||||
),
|
||||
"/etc/passwd",
|
||||
)
|
||||
],
|
||||
),
|
||||
"network": (
|
||||
False,
|
||||
[
|
||||
"--share-net",
|
||||
*flat_map(
|
||||
ro_bind,
|
||||
[
|
||||
"/etc/resolv.conf",
|
||||
"/etc/ssl/certs",
|
||||
],
|
||||
),
|
||||
],
|
||||
),
|
||||
"dbus": (
|
||||
False,
|
||||
[
|
||||
*ro_bind("/run/dbus/system_bus_socket"),
|
||||
*ro_bind(generate_tmp_file("machine-id", "0" * 32), "/etc/machine-id"),
|
||||
],
|
||||
),
|
||||
"new-session": (
|
||||
True,
|
||||
[
|
||||
"--new-session",
|
||||
],
|
||||
),
|
||||
"pwd": (
|
||||
False,
|
||||
[
|
||||
*ro_bind(os.getcwd()),
|
||||
"--chdir",
|
||||
os.getcwd(),
|
||||
],
|
||||
),
|
||||
"pwd-rw": (
|
||||
False,
|
||||
[
|
||||
*bind(os.getcwd()),
|
||||
"--chdir",
|
||||
os.getcwd(),
|
||||
],
|
||||
),
|
||||
}
|
||||
|
||||
passthrough_args = [
|
||||
|
|
|
|||
Loading…
Reference in New Issue