6afb255d97
these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned.
27 lines
881 B
Nix
27 lines
881 B
Nix
{ config, pkgs, lib, ... }:
|
|
{
|
|
options.virtualisation.spiceUSBRedirection.enable = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = false;
|
|
description = ''
|
|
Install the SPICE USB redirection helper with setuid
|
|
privileges. This allows unprivileged users to pass USB devices
|
|
connected to this machine to libvirt VMs, both local and
|
|
remote. Note that this allows users arbitrary access to USB
|
|
devices.
|
|
'';
|
|
};
|
|
|
|
config = lib.mkIf config.virtualisation.spiceUSBRedirection.enable {
|
|
environment.systemPackages = [ pkgs.spice-gtk ]; # For polkit actions
|
|
security.wrappers.spice-client-glib-usb-acl-helper = {
|
|
owner = "root";
|
|
group = "root";
|
|
capabilities = "cap_fowner+ep";
|
|
source = "${pkgs.spice-gtk}/bin/spice-client-glib-usb-acl-helper";
|
|
};
|
|
};
|
|
|
|
meta.maintainers = [ lib.maintainers.lheckemann ];
|
|
}
|