dbus: manage it ourselves instead of having systemd do it

2024-05-29 11:30:29 +00:00 · 2024-05-29 11:30:29 +00:00 · 35ff7de06e
commit 35ff7de06e
parent 00d06db66a
1 changed files with 30 additions and 2 deletions
--- a/hosts/common/programs/dbus.nix
+++ b/hosts/common/programs/dbus.nix
@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 let
  cfg = config.sane.programs.dissent;
 in
@ -14,6 +14,34 @@ in
      };
    };

+    packageUnwrapped = (pkgs.dbus.override {
+      # remove features i don't want. mostly to avoid undesired interactions, but also it reduces the closure by 55 MB :)
+      enableSystemd = false;
+      x11Support = false;
+    }).overrideAttrs (upstream: {
+      postFixup = (upstream.postFixup or "") + ''
+        # the XML docs have a URI field which points to self,
+        # and that breaks the sandbox checker
+        substituteInPlace $out/share/xml/dbus-1/catalog.xml \
+          --replace-fail "$out" "/run/current-system/sw"
+
+        # conf file points to dbus-daemon-launch-helper by absolute path,
+        # which breaks sandboxing. i don't want dbus auto-launching stuff anyway though.
+        substituteInPlace $out/share/dbus-1/system.conf \
+          --replace-fail "$out/libexec/dbus-daemon-launch-helper" "false"
+      '';
+    });
+
+    sandbox.method = "bwrap";
+    sandbox.extraRuntimePaths = [
+      "/"  #< it needs to create a file in the root. TODO: move the bus handle into a sandboxable subdirectory
+    ];
+    sandbox.extraConfig = [
+      "--sanebox-keep-namespace" "pid"  #< not actually sure *why* this is necessary, but it is
+    ];
+
+    env.DBUS_SESSION_BUS_ADDRESS = "unix:path=$XDG_RUNTIME_DIR/bus";
+
    # normally systemd would create a dbus session for us, but if you configure it not to do that
    # then we can create our own. not sure if there's a dependency ordering issue here: lots
    # of things depend on dbus but i don't do anything special to guarantee this is initialized
@ -21,7 +49,7 @@ in
    services.dbus = {
      description = "dbus user session";
      partOf = lib.mkIf cfg.config.autostart [ "default" ];
-      command = "dbus-daemon --session --nofork --address=unix:path=/run/user/$UID/bus";
+      command = "dbus-daemon --session --nofork --address=$DBUS_SESSION_BUS_ADDRESS";
    };
  };
 }