colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

xdg-desktop-portal: configure myself, to unblock future portal-related work

Browse Source
This commit is contained in:
Colin
2024-02-11 23:29:07 +00:00
parent 50c6e406bc
commit 772f1070e7
5 changed files with 70 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
hosts/common/programs/xdg-utils.nix
View File

@@ -1,21 +1,39 @@
{ ... }: { ... }:
{ {
sane.programs.xdg-utils = { sane.programs.xdg-utils = {
sandbox.method = "capshonly"; # xdg-open may need to open things with elevated perms, like wireshark.
sandbox.wrapperType = "wrappedDerivation"; # generally, the caller can be trusted to sandbox it.
# xdg-utils portal interaction: for `xdg-open` to open a file whose handler may require files not in the current sandbox, # if the caller is sandboxed, it will typically set NIXOS_XDG_OPEN_USE_PORTAL=1,
# we have to use a background service. that's achieved via `xdg-desktop-portal` and the org.freedesktop.portal.OpenURI dbus interface. # and then xdg-open simply forwards the request to dbus.
# so, this `xdg-open` should simply forward all requests to the portal, and the portal may re-invoke xdg-open without that redirection. sandbox.enable = false;
#
# note that `xdg-desktop-portal` seems to (inadvertently) only accept requests from applications which *don't* have elevated privileges, hence xdg-open *has* to be sandboxed for this to work.
env.NIXOS_XDG_OPEN_USE_PORTAL = "1";
}; };
# sane.programs.xdg-utils = {
# sandbox.method = "capshonly";
# sandbox.wrapperType = "wrappedDerivation";
# # xdg-utils portal interaction: for `xdg-open` to open a file whose handler may require files not in the current sandbox,
# # we have to use a background service. that's achieved via `xdg-desktop-portal` and the org.freedesktop.portal.OpenURI dbus interface.
# # so, this `xdg-open` should simply forward all requests to the portal, and the portal may re-invoke xdg-open without that redirection.
# # -- EXCEPT for if we're invoked by the portal itself.
# #
# # note that `xdg-desktop-portal` seems to (inadvertently) only accept requests from applications which *don't* have elevated privileges, hence xdg-open *has* to be sandboxed for this to work.
# # env.NIXOS_XDG_OPEN_USE_PORTAL = "1";
# packageUnwrapped = pkgs.xdg-utils.overrideAttrs (base: {
# postInstall = base.postInstall + ''
# sed '2i\
# if ! [ -e ~/.local/share/applications ]; then\
# NIXOS_XDG_OPEN_USE_PORTAL=1\
# fi\
# ' -i "$out"/bin/*
# '';
# });
# };
# ensure that any `xdg-open` invocations from within the portal don't recurse. # ensure that any `xdg-open` invocations from within the portal don't recurse.
# N.B.: use `systemd.user.units...` instead of `systemd.user.services...` because the latter # N.B.: use `systemd.user.units...` instead of `systemd.user.services...` because the latter
# pollutes the PATH for this unit. # pollutes the PATH for this unit.
systemd.user.units."xdg-desktop-portal.service".text = '' # systemd.user.units."xdg-desktop-portal.service".text = ''
[Service] # [Service]
Environment="NIXOS_XDG_OPEN_USE_PORTAL=" # Environment="NIXOS_XDG_OPEN_USE_PORTAL="
''; # '';
} }

1
hosts/modules/gui/default.nix
View File

@@ -11,6 +11,7 @@ in
./greetd.nix ./greetd.nix
./gtk.nix ./gtk.nix
./phosh.nix ./phosh.nix
./xdg-desktop-portal.nix
./sway ./sway
./sxmo ./sxmo
./theme ./theme

32
hosts/modules/gui/sway/default.nix
View File

@@ -309,6 +309,7 @@ in
wrapperFeatures.base = true; wrapperFeatures.base = true;
}; };
programs.xwayland.enable = cfg.config.xwayland; programs.xwayland.enable = cfg.config.xwayland;
# provide portals for: # provide portals for:
# - org.freedesktop.impl.portal.Access # - org.freedesktop.impl.portal.Access
# - org.freedesktop.impl.portal.Account # - org.freedesktop.impl.portal.Account
@@ -323,17 +324,26 @@ in
# - org.freedesktop.impl.portal.Lockdown (@lockdown_iface@) # - org.freedesktop.impl.portal.Lockdown (@lockdown_iface@)
# - org.freedesktop.impl.portal.Settings (@settings_iface@) # - org.freedesktop.impl.portal.Settings (@settings_iface@)
# - org.freedesktop.impl.portal.Wallpaper (@wallpaper_iface@) # - org.freedesktop.impl.portal.Wallpaper (@wallpaper_iface@)
xdg.portal.extraPortals = [ # xdg.portal.extraPortals = [
pkgs.xdg-desktop-portal-gtk # pkgs.xdg-desktop-portal-gtk
# N.B.: xdg-desktop-portal will only provide `org.freedesktop.portal.OpenURI` # # N.B.: xdg-desktop-portal will only provide `org.freedesktop.portal.OpenURI`
# if it sees a `org.freedesktop.impl.portal.AppChooser` implementation on the bus. # # if it sees a `org.freedesktop.impl.portal.AppChooser` implementation on the bus.
# so to be able to do file opening over dbus instead of base `xdg-open`, `buildPortalsInGnome` MUST be true. # # so to be able to do file opening over dbus instead of base `xdg-open`, `buildPortalsInGnome` MUST be true.
# previously `buildPortalsInGnome` provided `ScreenCast` and `Screenshot`, which conflicted with sway. # # previously `buildPortalsInGnome` provided `ScreenCast` and `Screenshot`, which conflicted with sway.
# nowadays, those live in `xdg-desktop-portal-gnome` proper. # # nowadays, those live in `xdg-desktop-portal-gnome` proper.
# (pkgs.xdg-desktop-portal-gtk.override { # # (pkgs.xdg-desktop-portal-gtk.override {
# buildPortalsInGnome = false; # # buildPortalsInGnome = false;
# }) # # })
]; # ];
# portals: i manage them myself
environment.systemPackages = [ pkgs.xdg-desktop-portal-gtk ];
services.dbus.packages = [ pkgs.xdg-desktop-portal-gtk ];
environment.etc."xdg/xdg-desktop-portal/sway-portals.conf".text = ''
[preferred]
default=wlr;gtk
'';
sane.user.services.sway-session = { sane.user.services.sway-session = {
description = "no-op unit to signal that sway is operational"; description = "no-op unit to signal that sway is operational";

3
hosts/modules/gui/sway/sway-config
View File

@@ -202,8 +202,9 @@ output "Unknown 0x0637 0x00000000" {
# - SWAYSOCK # - SWAYSOCK
# - XDG_CURRENT_DESKTOP # - XDG_CURRENT_DESKTOP
# also, manually export PATH here, since all my user services need that, and sane-sandboxed implementation depends on it. # also, manually export PATH here, since all my user services need that, and sane-sandboxed implementation depends on it.
# also, manually export XDG_DATA_DIRS. glib fails in weird ways (e.g. thinks everything is application/x-octet-stream mime type) without it.
# for more, see: <repo:nixos/nixpkgs:nixos/modules/programs/wayland/sway.nix> # for more, see: <repo:nixos/nixpkgs:nixos/modules/programs/wayland/sway.nix>
exec dbus-update-activation-environment --systemd PATH exec dbus-update-activation-environment --systemd PATH XDG_DATA_DIRS
include /etc/sway/config.d/* include /etc/sway/config.d/*
# signal to systemd that sway is active, # signal to systemd that sway is active,

16
hosts/modules/gui/xdg-desktop-portal.nix Normal file
View File

@@ -0,0 +1,16 @@
{ lib, pkgs, ... }:
{
# otherwise /share/applications gets linked into the system and complicates things (sandboxing)
xdg.portal.enable = false;
xdg.menus.enable = false; #< links /share/applications, and a bunch of other empty (i.e. unused) dirs
environment.pathsToLink = [
"/share/xdg-desktop-portal/portals"
];
# TODO: probably not needed?
environment.sessionVariables.XDG_DESKTOP_PORTAL_DIR = "/run/current-system/sw/share/xdg-desktop-portal/portals";
# TODO: use `sane.programs`, and move into gui package sets so this doesn't appear on servo
environment.systemPackages = [ pkgs.xdg-desktop-portal ];
services.dbus.packages = [ pkgs.xdg-desktop-portal ];
}