colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

eg25-control: fix sandboxing (at least, for --power-on)

Browse Source
This commit is contained in:
Colin
2024-10-18 02:40:56 +00:00
parent b33e6a0c73
commit bc8e0d07f4
1 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
hosts/common/programs/eg25-control.nix
View File

@@ -7,8 +7,12 @@ in
suggestedPrograms = [ "mmcli" ];
sandbox.extraPaths = [
"/dev/gpiochip1"
"/sys/class/modem-power"
"/dev/gpiochip0" # Pinephone Pro
"/dev/gpiochip1" # Pinephone
"/dev/gpiochip3" # Pinephone Pro
# "/sys/class/modem-power"
"/sys/bus/gpio"
"/sys/dev/char"
"/sys/devices"
# "/var/lib/eg25-control"
];
@@ -60,11 +64,9 @@ in
# wantedBy = [ "network-online.target" ]; # auto-start immediately after boot
};
services.udev.extraRules = let
chmod = lib.getExe' pkgs.coreutils "chmod";
chown = lib.getExe' pkgs.coreutils "chown";
in lib.optionalString cfg.enabled ''
# make Modem controllable by user
DRIVER=="modem-power", RUN+="${chmod} g+w /sys%p/powered", RUN+="${chown} :networkmanager /sys%p/powered"
services.udev.extraRules = lib.optionalString cfg.enabled ''
# make modem controllable by user
# DRIVER=="modem-power", RUN+="chmod g+w /sys%p/powered", RUN+="chown :networkmanager /sys%p/powered"
SUBSYSTEM=="gpio", MODE="660" GROUP="input"
'';
}