xdg-desktop-portal: configure myself, to unblock future portal-related work
This commit is contained in:
parent
50c6e406bc
commit
772f1070e7
|
@ -1,21 +1,39 @@
|
|||
{ ... }:
|
||||
{
|
||||
sane.programs.xdg-utils = {
|
||||
sandbox.method = "capshonly";
|
||||
sandbox.wrapperType = "wrappedDerivation";
|
||||
# xdg-utils portal interaction: for `xdg-open` to open a file whose handler may require files not in the current sandbox,
|
||||
# we have to use a background service. that's achieved via `xdg-desktop-portal` and the org.freedesktop.portal.OpenURI dbus interface.
|
||||
# so, this `xdg-open` should simply forward all requests to the portal, and the portal may re-invoke xdg-open without that redirection.
|
||||
#
|
||||
# note that `xdg-desktop-portal` seems to (inadvertently) only accept requests from applications which *don't* have elevated privileges, hence xdg-open *has* to be sandboxed for this to work.
|
||||
env.NIXOS_XDG_OPEN_USE_PORTAL = "1";
|
||||
# xdg-open may need to open things with elevated perms, like wireshark.
|
||||
# generally, the caller can be trusted to sandbox it.
|
||||
# if the caller is sandboxed, it will typically set NIXOS_XDG_OPEN_USE_PORTAL=1,
|
||||
# and then xdg-open simply forwards the request to dbus.
|
||||
sandbox.enable = false;
|
||||
};
|
||||
|
||||
# sane.programs.xdg-utils = {
|
||||
# sandbox.method = "capshonly";
|
||||
# sandbox.wrapperType = "wrappedDerivation";
|
||||
# # xdg-utils portal interaction: for `xdg-open` to open a file whose handler may require files not in the current sandbox,
|
||||
# # we have to use a background service. that's achieved via `xdg-desktop-portal` and the org.freedesktop.portal.OpenURI dbus interface.
|
||||
# # so, this `xdg-open` should simply forward all requests to the portal, and the portal may re-invoke xdg-open without that redirection.
|
||||
# # -- EXCEPT for if we're invoked by the portal itself.
|
||||
# #
|
||||
# # note that `xdg-desktop-portal` seems to (inadvertently) only accept requests from applications which *don't* have elevated privileges, hence xdg-open *has* to be sandboxed for this to work.
|
||||
# # env.NIXOS_XDG_OPEN_USE_PORTAL = "1";
|
||||
# packageUnwrapped = pkgs.xdg-utils.overrideAttrs (base: {
|
||||
# postInstall = base.postInstall + ''
|
||||
# sed '2i\
|
||||
# if ! [ -e ~/.local/share/applications ]; then\
|
||||
# NIXOS_XDG_OPEN_USE_PORTAL=1\
|
||||
# fi\
|
||||
# ' -i "$out"/bin/*
|
||||
# '';
|
||||
# });
|
||||
# };
|
||||
|
||||
# ensure that any `xdg-open` invocations from within the portal don't recurse.
|
||||
# N.B.: use `systemd.user.units...` instead of `systemd.user.services...` because the latter
|
||||
# pollutes the PATH for this unit.
|
||||
systemd.user.units."xdg-desktop-portal.service".text = ''
|
||||
[Service]
|
||||
Environment="NIXOS_XDG_OPEN_USE_PORTAL="
|
||||
'';
|
||||
# systemd.user.units."xdg-desktop-portal.service".text = ''
|
||||
# [Service]
|
||||
# Environment="NIXOS_XDG_OPEN_USE_PORTAL="
|
||||
# '';
|
||||
}
|
||||
|
|
|
@ -11,6 +11,7 @@ in
|
|||
./greetd.nix
|
||||
./gtk.nix
|
||||
./phosh.nix
|
||||
./xdg-desktop-portal.nix
|
||||
./sway
|
||||
./sxmo
|
||||
./theme
|
||||
|
|
|
@ -309,6 +309,7 @@ in
|
|||
wrapperFeatures.base = true;
|
||||
};
|
||||
programs.xwayland.enable = cfg.config.xwayland;
|
||||
|
||||
# provide portals for:
|
||||
# - org.freedesktop.impl.portal.Access
|
||||
# - org.freedesktop.impl.portal.Account
|
||||
|
@ -323,17 +324,26 @@ in
|
|||
# - org.freedesktop.impl.portal.Lockdown (@lockdown_iface@)
|
||||
# - org.freedesktop.impl.portal.Settings (@settings_iface@)
|
||||
# - org.freedesktop.impl.portal.Wallpaper (@wallpaper_iface@)
|
||||
xdg.portal.extraPortals = [
|
||||
pkgs.xdg-desktop-portal-gtk
|
||||
# N.B.: xdg-desktop-portal will only provide `org.freedesktop.portal.OpenURI`
|
||||
# if it sees a `org.freedesktop.impl.portal.AppChooser` implementation on the bus.
|
||||
# so to be able to do file opening over dbus instead of base `xdg-open`, `buildPortalsInGnome` MUST be true.
|
||||
# previously `buildPortalsInGnome` provided `ScreenCast` and `Screenshot`, which conflicted with sway.
|
||||
# nowadays, those live in `xdg-desktop-portal-gnome` proper.
|
||||
# (pkgs.xdg-desktop-portal-gtk.override {
|
||||
# buildPortalsInGnome = false;
|
||||
# })
|
||||
];
|
||||
# xdg.portal.extraPortals = [
|
||||
# pkgs.xdg-desktop-portal-gtk
|
||||
# # N.B.: xdg-desktop-portal will only provide `org.freedesktop.portal.OpenURI`
|
||||
# # if it sees a `org.freedesktop.impl.portal.AppChooser` implementation on the bus.
|
||||
# # so to be able to do file opening over dbus instead of base `xdg-open`, `buildPortalsInGnome` MUST be true.
|
||||
# # previously `buildPortalsInGnome` provided `ScreenCast` and `Screenshot`, which conflicted with sway.
|
||||
# # nowadays, those live in `xdg-desktop-portal-gnome` proper.
|
||||
# # (pkgs.xdg-desktop-portal-gtk.override {
|
||||
# # buildPortalsInGnome = false;
|
||||
# # })
|
||||
# ];
|
||||
|
||||
|
||||
# portals: i manage them myself
|
||||
environment.systemPackages = [ pkgs.xdg-desktop-portal-gtk ];
|
||||
services.dbus.packages = [ pkgs.xdg-desktop-portal-gtk ];
|
||||
environment.etc."xdg/xdg-desktop-portal/sway-portals.conf".text = ''
|
||||
[preferred]
|
||||
default=wlr;gtk
|
||||
'';
|
||||
|
||||
sane.user.services.sway-session = {
|
||||
description = "no-op unit to signal that sway is operational";
|
||||
|
|
|
@ -202,8 +202,9 @@ output "Unknown 0x0637 0x00000000" {
|
|||
# - SWAYSOCK
|
||||
# - XDG_CURRENT_DESKTOP
|
||||
# also, manually export PATH here, since all my user services need that, and sane-sandboxed implementation depends on it.
|
||||
# also, manually export XDG_DATA_DIRS. glib fails in weird ways (e.g. thinks everything is application/x-octet-stream mime type) without it.
|
||||
# for more, see: <repo:nixos/nixpkgs:nixos/modules/programs/wayland/sway.nix>
|
||||
exec dbus-update-activation-environment --systemd PATH
|
||||
exec dbus-update-activation-environment --systemd PATH XDG_DATA_DIRS
|
||||
include /etc/sway/config.d/*
|
||||
|
||||
# signal to systemd that sway is active,
|
||||
|
|
16
hosts/modules/gui/xdg-desktop-portal.nix
Normal file
16
hosts/modules/gui/xdg-desktop-portal.nix
Normal file
|
@ -0,0 +1,16 @@
|
|||
{ lib, pkgs, ... }:
|
||||
{
|
||||
# otherwise /share/applications gets linked into the system and complicates things (sandboxing)
|
||||
xdg.portal.enable = false;
|
||||
xdg.menus.enable = false; #< links /share/applications, and a bunch of other empty (i.e. unused) dirs
|
||||
|
||||
environment.pathsToLink = [
|
||||
"/share/xdg-desktop-portal/portals"
|
||||
];
|
||||
# TODO: probably not needed?
|
||||
environment.sessionVariables.XDG_DESKTOP_PORTAL_DIR = "/run/current-system/sw/share/xdg-desktop-portal/portals";
|
||||
|
||||
# TODO: use `sane.programs`, and move into gui package sets so this doesn't appear on servo
|
||||
environment.systemPackages = [ pkgs.xdg-desktop-portal ];
|
||||
services.dbus.packages = [ pkgs.xdg-desktop-portal ];
|
||||
}
|
Loading…
Reference in New Issue
Block a user