smartd: port to sane.programs
This commit is contained in:
@@ -14,7 +14,6 @@
|
|||||||
./programs
|
./programs
|
||||||
./quirks.nix
|
./quirks.nix
|
||||||
./secrets.nix
|
./secrets.nix
|
||||||
./smartd.nix
|
|
||||||
./ssh.nix
|
./ssh.nix
|
||||||
./systemd.nix
|
./systemd.nix
|
||||||
./users
|
./users
|
||||||
|
@@ -1034,12 +1034,6 @@ in
|
|||||||
|
|
||||||
slurp.sandbox.whitelistWayland = true;
|
slurp.sandbox.whitelistWayland = true;
|
||||||
|
|
||||||
# use like `sudo smartctl /dev/sda -a`
|
|
||||||
smartmontools.sandbox.wrapperType = "inplace"; # ships a script in /etc that calls into its bin
|
|
||||||
smartmontools.sandbox.autodetectCliPaths = "existing";
|
|
||||||
smartmontools.sandbox.capabilities = [ "sys_rawio" ];
|
|
||||||
smartmontools.sandbox.tryKeepUsers = true;
|
|
||||||
|
|
||||||
# snapshot camera, based on libcamera
|
# snapshot camera, based on libcamera
|
||||||
# TODO: enable dma heaps for more efficient buffer sharing: <https://gitlab.com/postmarketOS/pmaports/-/issues/2789>
|
# TODO: enable dma heaps for more efficient buffer sharing: <https://gitlab.com/postmarketOS/pmaports/-/issues/2789>
|
||||||
snapshot.sandbox.method = null; #< TODO: sandbox
|
snapshot.sandbox.method = null; #< TODO: sandbox
|
||||||
|
@@ -169,6 +169,7 @@
|
|||||||
./signal-desktop.nix
|
./signal-desktop.nix
|
||||||
./sm64coopdx.nix
|
./sm64coopdx.nix
|
||||||
./sm64ex-coop.nix
|
./sm64ex-coop.nix
|
||||||
|
./smartmontools.nix
|
||||||
./soundconverter.nix
|
./soundconverter.nix
|
||||||
./splatmoji.nix
|
./splatmoji.nix
|
||||||
./spot.nix
|
./spot.nix
|
||||||
|
16
hosts/common/programs/smartmontools.nix
Normal file
16
hosts/common/programs/smartmontools.nix
Normal file
@@ -0,0 +1,16 @@
|
|||||||
|
{ config, lib, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.sane.programs.smartmontools;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
sane.programs.smartmontools = {
|
||||||
|
# use like `sudo smartctl /dev/sda -a`
|
||||||
|
sandbox.wrapperType = "inplace"; # ships a script in /etc that calls into its bin
|
||||||
|
sandbox.autodetectCliPaths = "existing";
|
||||||
|
sandbox.capabilities = [ "sys_rawio" ];
|
||||||
|
sandbox.tryKeepUsers = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# TODO: service sandboxing
|
||||||
|
services.smartd.enable = lib.mkIf cfg.enabled true;
|
||||||
|
}
|
@@ -1,7 +0,0 @@
|
|||||||
{ ... }:
|
|
||||||
{
|
|
||||||
# disk monitoring
|
|
||||||
services.smartd.enable = true;
|
|
||||||
|
|
||||||
# TODO: systemd hardening
|
|
||||||
}
|
|
Reference in New Issue
Block a user