common/fs: split curlftpfs into sane.programs
this makes it easier to build outside of /etc/fstab context, and opens a future path to sandboxing
This commit is contained in:
parent
b6840a3ed4
commit
1c2a375b6d
|
@ -5,25 +5,6 @@
|
|||
{ lib, pkgs, sane-lib, ... }:
|
||||
|
||||
let
|
||||
curlftpfs = pkgs.curlftpfs.overrideAttrs (upstream: {
|
||||
# my fork includes:
|
||||
# - per-operation timeouts (CURLOPT_TIMEOUT; would use CURLOPT_LOW_SPEED_TIME/CURLOPT_LOW_SPEED_LIMIT but they don't apply)
|
||||
# - support for "meta" keys found in /etc/fstab
|
||||
src = pkgs.fetchFromGitea {
|
||||
domain = "git.uninsane.org";
|
||||
owner = "colin";
|
||||
repo = "curlftpfs";
|
||||
rev = "a413f331263e8818229f20266f3a5bf6fac3ad4d";
|
||||
hash = "sha256-nLJEKeXIZ0FpveiOf8HjOLkrgdoiT2/XyQDo8Cfj8BQ=";
|
||||
};
|
||||
# `mount` clears PATH before calling the mount helper (see util-linux/lib/env.c),
|
||||
# so the traditional /etc/fstab approach of fstype=fuse and device = curlftpfs#URI doesn't work.
|
||||
# instead, install a `mount.curlftpfs` mount helper. this is what programs like `gocryptfs` do.
|
||||
postInstall = (upstream.postInstall or "") + ''
|
||||
ln -s curlftpfs $out/bin/mount.fuse.curlftpfs
|
||||
ln -s curlftpfs $out/bin/mount.curlftpfs
|
||||
'';
|
||||
});
|
||||
fsOpts = rec {
|
||||
common = [
|
||||
"_netdev"
|
||||
|
@ -218,10 +199,9 @@ lib.mkMerge [
|
|||
# ];
|
||||
|
||||
programs.fuse.userAllowOther = true; #< necessary for `allow_other` or `allow_root` options.
|
||||
environment.systemPackages = [
|
||||
pkgs.sshfs-fuse
|
||||
curlftpfs
|
||||
];
|
||||
|
||||
sane.programs.curlftpfs.enableFor.system = true;
|
||||
sane.programs.sshfs-fuse.enableFor.system = true;
|
||||
}
|
||||
|
||||
(remoteHome "desko")
|
||||
|
|
|
@ -821,6 +821,8 @@ in
|
|||
|
||||
sqlite = {};
|
||||
|
||||
sshfs-fuse = {}; # used by fs.nix
|
||||
|
||||
strace.sandbox.enable = false; #< needs to `exec` its args, and therefore support *anything*
|
||||
|
||||
subversion.sandbox.method = "bwrap";
|
||||
|
|
24
hosts/common/programs/curlftpfs.nix
Normal file
24
hosts/common/programs/curlftpfs.nix
Normal file
|
@ -0,0 +1,24 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
sane.programs.curlftpfs = {
|
||||
packageUnwrapped = pkgs.curlftpfs.overrideAttrs (upstream: {
|
||||
# my fork includes:
|
||||
# - per-operation timeouts (CURLOPT_TIMEOUT; would use CURLOPT_LOW_SPEED_TIME/CURLOPT_LOW_SPEED_LIMIT but they don't apply)
|
||||
# - support for "meta" keys found in /etc/fstab
|
||||
src = pkgs.fetchFromGitea {
|
||||
domain = "git.uninsane.org";
|
||||
owner = "colin";
|
||||
repo = "curlftpfs";
|
||||
rev = "a413f331263e8818229f20266f3a5bf6fac3ad4d";
|
||||
hash = "sha256-nLJEKeXIZ0FpveiOf8HjOLkrgdoiT2/XyQDo8Cfj8BQ=";
|
||||
};
|
||||
# `mount` clears PATH before calling the mount helper (see util-linux/lib/env.c),
|
||||
# so the traditional /etc/fstab approach of fstype=fuse and device = curlftpfs#URI doesn't work.
|
||||
# instead, install a `mount.curlftpfs` mount helper. this is what programs like `gocryptfs` do.
|
||||
postInstall = (upstream.postInstall or "") + ''
|
||||
ln -s curlftpfs $out/bin/mount.fuse.curlftpfs
|
||||
ln -s curlftpfs $out/bin/mount.curlftpfs
|
||||
'';
|
||||
});
|
||||
};
|
||||
}
|
|
@ -21,6 +21,7 @@
|
|||
./chatty.nix
|
||||
./conky
|
||||
./cozy.nix
|
||||
./curlftpfs.nix
|
||||
./dconf.nix
|
||||
./deadd-notification-center
|
||||
./dialect.nix
|
||||
|
|
Loading…
Reference in New Issue
Block a user