colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

programs: fontconfig: sandbox

Browse Source
This commit is contained in:
Colin
2024-02-15 18:26:45 +00:00
parent 7eaffc9fa0
commit 0dec8b6d5b
2 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
hosts/common/programs/fontconfig.nix
View File

@@ -28,6 +28,17 @@ let
wantedNerdfonts; wantedNerdfonts;
in in
{ {
sane.programs.fontconfig = {
sandbox.method = "bwrap"; # TODO:sandbox: untested
sandbox.wrapperType = "wrappedDerivation";
sandbox.autodetectCliPaths = "existingFileOrParent"; #< this might be overkill; or, how many programs reference fontconfig internally?
persist.byStore.plaintext = [
# < 10 MiB
".cache/fontconfig"
];
};
fonts = lib.mkIf config.sane.programs.fontconfig.enabled { fonts = lib.mkIf config.sane.programs.fontconfig.enabled {
fontconfig.enable = true; fontconfig.enable = true;
fontconfig.defaultFonts = { fontconfig.defaultFonts = {

3
hosts/common/users/colin.nix
View File

@@ -122,9 +122,8 @@
# these are persisted simply to save on RAM. # these are persisted simply to save on RAM.
# ~/.cache/nix can become several GB. # ~/.cache/nix can become several GB.
# fontconfig and mesa_shader_cache are < 10 MB. # mesa_shader_cache is < 10 MB.
# TODO: integrate with sane.programs.sandbox? # TODO: integrate with sane.programs.sandbox?
".cache/fontconfig"
".cache/mesa_shader_cache" ".cache/mesa_shader_cache"
".cache/nix" ".cache/nix"