colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

nwg-panel: restrict dbus access

Browse Source
This commit is contained in:
Colin
2025-01-26 09:06:02 +00:00
parent 049011e7db
commit 5f8d64cdb5
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
hosts/common/programs/nwg-panel/default.nix
View File

@@ -197,7 +197,8 @@ in
sandbox.whitelistDri = true; sandbox.whitelistDri = true;
sandbox.whitelistSystemctl = true; sandbox.whitelistSystemctl = true;
sandbox.whitelistWayland = true; sandbox.whitelistWayland = true;
sandbox.whitelistDbus.user = true; # playerctl, swaync, ... (TODO: reduce) sandbox.whitelistMpris.controlPlayers = true;
sandbox.whitelistDbus.user.call."org.erikreider.swaync.cc" = "*";
sandbox.extraPaths = [ sandbox.extraPaths = [
"/sys/class/backlight" "/sys/class/backlight"
"/sys/class/leds" #< for torch/flashlight on moby "/sys/class/leds" #< for torch/flashlight on moby
@@ -205,7 +206,7 @@ in
"/sys/devices" "/sys/devices"
]; ];
sandbox.extraRuntimePaths = [ "sway" ]; sandbox.extraRuntimePaths = [ "sway" ];
sandbox.keepPidsAndProc = true; #< nwg-panel restarts itself on display dis/connect, by killing all other instances. sandbox.keepPidsAndProc = true; #< nwg-panel restarts itself on display dis/connect, by killing all other instances (TODO: fix to just exit on display attach?)
services.nwg-panel = { services.nwg-panel = {
description = "nwg-panel status/topbar for wayland"; description = "nwg-panel status/topbar for wayland";