gps-share: sandbox

2024-07-06 03:06:33 +00:00
parent bce8a0d91f
commit b062610866
2 changed files with 19 additions and 20 deletions
--- a/hosts/common/programs/gps-share.nix
+++ b/hosts/common/programs/gps-share.nix
@@ -15,38 +15,40 @@
 # - `nc localhost 10110`
 #   should stream GPS NMEA output to the console
 # - `avahi-browse --resolve _nmea-0183._tcp`: should show hosts on the local network which provide GPS info
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 let
  cfg = config.sane.programs.gps-share;
 in
 {
  sane.programs.gps-share = {
-    configOption = with lib; mkOption {
-      default = {};
-      type = types.submodule {
-        options.device = mkOption {
-          type = types.nullOr types.str;
-          default = null;
-          description = ''
-            path to GPS device to share.
-          '';
-          example = "/dev/ttyUSB1";
-        };
-      };
-    };
-
-    services.gps-share = lib.mkIf (cfg.config.device != null) {
+    suggestedPrograms = [
+      "jq"
+      # and systemd, for udevadm
+    ];
+    services.gps-share = {
      description = "gps-share: make local GPS serial readings available over Avahi";
      # usage:
      # gps-share --no-announce  # to disable Avahi
      # gps-share --no-tcp  # only makes sense if using --socket-path
      # gps-share --network-interface lo  # defaults to all interfaces, but firewalling means actually more restrictive
      # gps-share --socket-path $XDG_RUNTIME_DIR/gps-share/gps-share.sock  # share over a unix socket
-      command = "gps-share ${cfg.config.device}";
+      command = pkgs.writeShellScript "gps-share" ''
+        dev=$(udevadm info --property-match=ID_MM_PORT_TYPE_GPS=1 --json=pretty --export-db | jq -r .DEVNAME)
+        if [ -z "$dev" ]; then
+          echo "no GPS device found"
+          exit 1
+        fi
+        echo "using $dev for GPS NMEA"
+        gps-share "$dev"
+      '';
      # TODO: this should be `partOf = [ "gps" ]`:
      #   it fails to launch if the NMEA device doesn't yet exist, and so restart loop when modem is not booted
      dependencyOf = [ "geoclue-agent" ];
    };
+
+    sandbox.method = "bwrap";
+    sandbox.net = "all";
+    sandbox.autodetectCliPaths = "existingFile";
  };

  # TODO: restrict this to just LAN devices!!
--- a/hosts/modules/hal/pine64.nix
+++ b/hosts/modules/hal/pine64.nix
@@ -287,9 +287,6 @@ in
      "gps-share"
    ];
    sane.programs.nwg-panel.config.torch = "white:flash";
-    sane.programs.gps-share.config = {
-      device = "/dev/ttyUSB1";
-    };
    sane.programs.swaynotificationcenter.config = {
      backlight = "backlight";  # /sys/class/backlight/*backlight*/brightness
    };