programs: add slack

2025-05-29 19:12:07 +00:00
parent 065e4f8fb8
commit 047543ca93
3 changed files with 40 additions and 0 deletions
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@@ -430,6 +430,7 @@ in
      # "slic3r"
      "soundconverter"
      # "spotify"  # x86-only
+      "slack"  # x86-only
      "tor-browser"  # x86-only
      # "vlc"
      "wireshark"  # could maybe ship the cli as sysadmin pkg
--- a/hosts/common/programs/default.nix
+++ b/hosts/common/programs/default.nix
@@ -183,6 +183,7 @@
    ./sfeed.nix
    ./shadow.nix
    ./signal-desktop.nix
+    ./slack.nix
    ./sm64coopdx.nix
    ./sm64ex-coop.nix
    ./smartmontools.nix
--- a/hosts/common/programs/slack.nix
+++ b/hosts/common/programs/slack.nix
@@ -0,0 +1,38 @@
+# auth flow:
+# - launch Slack
+# - click the login button
+#   -> slack opens https://... to the slack.com login, via portal
+# - in browser, follow the auth prompts
+#   -> may involve *several* pages of SSO, and email one-time tokens.
+#   -> browser will try to launch a `slack://...` URI, to communicate the auth back to the desktop
+#   -> xdg-desktop-portal receives the slack:// request, launches a _new_ slack instance.
+#   -> presumably: new slack instance locates ~/.config/Slack/SingletonSocket;
+#      forwards the auth details to existing application
+#
+{ ... }:
+{
+  sane.programs.slack = {
+    # sandbox.whitelistDbus.user = true;
+    sandbox.net = "clearnet";
+    sandbox.whitelistAudio = true;  #< for calls, media
+    sandbox.whitelistDri = true;
+    sandbox.whitelistPortal = [
+      "OpenURI"
+    ];
+    sandbox.whitelistWayland = true;
+    # mime.urlAssociations."^slack://.*$" = "slack.desktop";
+    mime.associations."x-scheme-handler/slack" = "slack.desktop";  #< required as part of auth flow
+    persist.byStore.private = [
+      # ~/.config/Slack contains everything:
+      # - Cookies
+      # - Preferences
+      # - SingletonSocket
+      #   - presumably used for IPC, so that `slack slack://...` can forward to the existing instance
+      # - caches/storage
+      # TODO: don't persist this entire directory
+      ".config/Slack"
+    ];
+    sandbox.tmpDir = ".config/Slack/tmp";  #< tmpdir needs to be shared between instances, for the singleton socket to work
+  };
+}
+