nix-files/hosts/common/programs/xdg-utils.nix

{ ... }:
{
  sane.programs.xdg-utils = {
    sandbox.method = "capshonly";
    sandbox.wrapperType = "wrappedDerivation";
    # xdg-utils portal interaction: for `xdg-open` to open a file whose handler may require files not in the current sandbox,
    # we have to use a background service. that's achieved via `xdg-desktop-portal` and the org.freedesktop.portal.OpenURI dbus interface.
    # so, this `xdg-open` should simply forward all requests to the portal, and the portal may re-invoke xdg-open without that redirection.
    #
    # note that `xdg-desktop-portal` seems to (inadvertently) only accept requests from applications which *don't* have elevated privileges, hence xdg-open *has* to be sandboxed for this to work.
    env.NIXOS_XDG_OPEN_USE_PORTAL = "1";
  };

  # ensure that any `xdg-open` invocations from within the portal don't recurse.
  # N.B.: use `systemd.user.units...` instead of `systemd.user.services...` because the latter
  # pollutes the PATH for this unit.
  systemd.user.units."xdg-desktop-portal.service".text = ''
    [Service]
    Environment="NIXOS_XDG_OPEN_USE_PORTAL="
  '';
}
programs: get xdg-open to work from within sandboxes note that implementation may have a quirk that applications launched via the portal cannot themselves "xdg-open" through the portal, because of the environment variable manipulation. not sure how best to address that. 2024-02-09 10:27:23 +00:00			`{ ... }:`
			`{`
			`sane.programs.xdg-utils = {`
			`sandbox.method = "capshonly";`
			`sandbox.wrapperType = "wrappedDerivation";`
			# xdg-utils portal interaction: for `xdg-open` to open a file whose handler may require files not in the current sandbox,
			# we have to use a background service. that's achieved via `xdg-desktop-portal` and the org.freedesktop.portal.OpenURI dbus interface.
			# so, this `xdg-open` should simply forward all requests to the portal, and the portal may re-invoke xdg-open without that redirection.
			`#`
			# note that `xdg-desktop-portal` seems to (inadvertently) only accept requests from applications which don't have elevated privileges, hence xdg-open has to be sandboxed for this to work.
			`env.NIXOS_XDG_OPEN_USE_PORTAL = "1";`
			`};`

			# ensure that any `xdg-open` invocations from within the portal don't recurse.
			# N.B.: use `systemd.user.units...` instead of `systemd.user.services...` because the latter
			`# pollutes the PATH for this unit.`
			`systemd.user.units."xdg-desktop-portal.service".text = ''`
			`[Service]`
			`Environment="NIXOS_XDG_OPEN_USE_PORTAL="`
			`'';`
			`}`