54 lines
2.0 KiB
Nix
54 lines
2.0 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
let
|
|
cfg = config.sane.programs.dissent;
|
|
in
|
|
{
|
|
sane.programs.dbus = {
|
|
configOption = with lib; mkOption {
|
|
default = {};
|
|
type = types.submodule {
|
|
options.autostart = mkOption {
|
|
type = types.bool;
|
|
default = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
packageUnwrapped = (pkgs.dbus.override {
|
|
# remove features i don't want. mostly to avoid undesired interactions, but also it reduces the closure by 55 MB :)
|
|
enableSystemd = false;
|
|
x11Support = false;
|
|
}).overrideAttrs (upstream: {
|
|
postFixup = (upstream.postFixup or "") + ''
|
|
# the XML docs have a URI field which points to self,
|
|
# and that breaks the sandbox checker
|
|
substituteInPlace $out/share/xml/dbus-1/catalog.xml \
|
|
--replace-fail "$out" "/run/current-system/sw"
|
|
|
|
# conf file points to dbus-daemon-launch-helper by absolute path,
|
|
# which breaks sandboxing. i don't want dbus auto-launching stuff anyway though.
|
|
substituteInPlace $out/share/dbus-1/system.conf \
|
|
--replace-fail "$out/libexec/dbus-daemon-launch-helper" "false"
|
|
'';
|
|
});
|
|
|
|
sandbox.method = "bwrap";
|
|
sandbox.extraRuntimePaths = [
|
|
"/" #< it needs to create a file in the root. TODO: move the bus handle into a sandboxable subdirectory
|
|
];
|
|
sandbox.isolatePids = false; #< not actually sure *why* this is necessary, but it is
|
|
|
|
env.DBUS_SESSION_BUS_ADDRESS = "unix:path=$XDG_RUNTIME_DIR/bus";
|
|
|
|
# normally systemd would create a dbus session for us, but if you configure it not to do that
|
|
# then we can create our own. not sure if there's a dependency ordering issue here: lots
|
|
# of things depend on dbus but i don't do anything special to guarantee this is initialized
|
|
# before them.
|
|
services.dbus = {
|
|
description = "dbus user session";
|
|
partOf = lib.mkIf cfg.config.autostart [ "default" ];
|
|
command = "dbus-daemon --session --nofork --address=$DBUS_SESSION_BUS_ADDRESS";
|
|
};
|
|
};
|
|
}
|