simon
/
nixos-config
1
1
Fork 0
Code Issues 8 Pull Requests Projects Releases Activity

Use black

upower
Simon Bruder 2021-06-01 00:02:27 +02:00
parent b0d6861825
commit e94d0227fe
Signed by: simon
GPG Key ID: 8D3C82F9F309F8EC
2 changed files with 134 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
flake.nix
View File

@ -62,6 +62,7 @@
pre-commit-check = nix-pre-commit-hooks.lib.${system}.run { pre-commit-check = nix-pre-commit-hooks.lib.${system}.run {
src = ./.; src = ./.;
hooks = { hooks = {
black.enable = true;
nixpkgs-fmt.enable = true; nixpkgs-fmt.enable = true;
shellcheck.enable = true; shellcheck.enable = true;
}; };
@ -138,6 +139,7 @@
devShell = pkgs.mkShell { devShell = pkgs.mkShell {
buildInputs = (with pkgs; [ buildInputs = (with pkgs; [
black
nixpkgs-fmt nixpkgs-fmt
shellcheck shellcheck
sops sops

208
pkgs/bwrap-helper/bwrap-helper.py
View File

@ -15,7 +15,9 @@ def add_switch(name: str, default=False):
if default: if default:
parser.add_argument(f"--no-{name}", dest=name, action="store_false") parser.add_argument(f"--no-{name}", dest=name, action="store_false")
else: else:
parser.add_argument(f"--{name}", dest=name, action="store_true", default=default) parser.add_argument(
f"--{name}", dest=name, action="store_true", default=default
)
def tmp_file(name: str): def tmp_file(name: str):
@ -76,82 +78,136 @@ path_entries = [
] ]
argument_groups = { argument_groups = {
"base": (True, [ "base": (
"--tmpfs", "/tmp", True,
"--proc", "/proc", [
"--dev", "/dev", "--tmpfs",
"--dir", home, "/tmp",
"--dir", f"/run/user/{uid}", "--proc",
*ro_bind("/etc/localtime"), "/proc",
"--unshare-all", "--dev",
"--die-with-parent", "/dev",
]), "--dir",
"nix-store": (True, [ home,
*flat_map(ro_bind, [ "--dir",
"/nix/store", f"/run/user/{uid}",
"/etc/static", *ro_bind("/etc/localtime"),
]), "--unshare-all",
]), "--die-with-parent",
"path": (True, [ ],
*flat_map(ro_bind_try, path_entries), ),
*setenv("PATH", ":".join(path_entries)), "nix-store": (
*ro_bind_try("/run/current-system/sw") # not really path, but also libraries etc. True,
]), [
"gui": (False, [ *flat_map(
*dev_bind("/dev/dri"), ro_bind,
*flat_map(ro_bind, [ [
"/sys/dev/char", "/nix/store",
"/sys/devices/pci0000:00", "/etc/static",
f"/run/user/{uid}/{os.getenv('WAYLAND_DISPLAY')}", ],
"/run/opengl-driver",
"/etc/fonts",
]),
*ro_bind_try("/run/opengl-driver-32"),
]),
"x11": (False, [
*ro_bind("/tmp/.X11-unix"),
]),
"audio": (False, [
*ro_bind(f"/run/user/{uid}/pulse"),
# should in theory autodetect, but sometimes it does not work
*setenv("PULSE_SERVER", f"/run/user/{uid}/pulse/native"),
# some programs need the cookie
*ro_bind(f"{home}/.config/pulse/cookie"),
*setenv("PULSE_COOKIE", f"{home}/.config/pulse/cookie"),
# ALSA compat
*ro_bind("/etc/asound.conf"),
]),
"passwd": (False, [
*ro_bind(
generate_tmp_file(
"passwd",
f"{username}:x:{uid}:{gid}::{home}:/run/current-system/sw/bin/bash\n"
), ),
"/etc/passwd" ],
) ),
]), "path": (
"network": (False, [ True,
"--share-net", [
*flat_map(ro_bind, [ *flat_map(ro_bind_try, path_entries),
"/etc/resolv.conf", *setenv("PATH", ":".join(path_entries)),
"/etc/ssl/certs", *ro_bind_try(
]), "/run/current-system/sw"
]), ), # not really path, but also libraries etc.
"dbus": (False, [ ],
*ro_bind("/run/dbus/system_bus_socket"), ),
*ro_bind(generate_tmp_file("machine-id", "0" * 32), "/etc/machine-id"), "gui": (
]), False,
"new-session": (True, [ [
"--new-session", *dev_bind("/dev/dri"),
]), *flat_map(
"pwd": (False, [ ro_bind,
*ro_bind(os.getcwd()), [
"--chdir", os.getcwd(), "/sys/dev/char",
]), "/sys/devices/pci0000:00",
"pwd-rw": (False, [ f"/run/user/{uid}/{os.getenv('WAYLAND_DISPLAY')}",
*bind(os.getcwd()), "/run/opengl-driver",
"--chdir", os.getcwd(), "/etc/fonts",
]), ],
),
*ro_bind_try("/run/opengl-driver-32"),
],
),
"x11": (
False,
[
*ro_bind("/tmp/.X11-unix"),
],
),
"audio": (
False,
[
*ro_bind(f"/run/user/{uid}/pulse"),
# should in theory autodetect, but sometimes it does not work
*setenv("PULSE_SERVER", f"/run/user/{uid}/pulse/native"),
# some programs need the cookie
*ro_bind(f"{home}/.config/pulse/cookie"),
*setenv("PULSE_COOKIE", f"{home}/.config/pulse/cookie"),
# ALSA compat
*ro_bind("/etc/asound.conf"),
],
),
"passwd": (
False,
[
*ro_bind(
generate_tmp_file(
"passwd",
f"{username}:x:{uid}:{gid}::{home}:/run/current-system/sw/bin/bash\n",
),
"/etc/passwd",
)
],
),
"network": (
False,
[
"--share-net",
*flat_map(
ro_bind,
[
"/etc/resolv.conf",
"/etc/ssl/certs",
],
),
],
),
"dbus": (
False,
[
*ro_bind("/run/dbus/system_bus_socket"),
*ro_bind(generate_tmp_file("machine-id", "0" * 32), "/etc/machine-id"),
],
),
"new-session": (
True,
[
"--new-session",
],
),
"pwd": (
False,
[
*ro_bind(os.getcwd()),
"--chdir",
os.getcwd(),
],
),
"pwd-rw": (
False,
[
*bind(os.getcwd()),
"--chdir",
os.getcwd(),
],
),
} }
passthrough_args = [ passthrough_args = [