diff options
author | Maximilian Bosch <maximilian@mbosch.me> | 2023-08-12 14:52:38 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-08-12 14:52:38 +0200 |
commit | 66ab687151068472a795d48ee82004454963a76a (patch) | |
tree | 06e43b42eb410ffc210716c07ac651ab12536011 /nixos/modules/programs | |
parent | 054660bb0da4492c4d629eb4b0474811cc8fa548 (diff) | |
parent | 183be440fd08476354ef35a1203cf0fcd511d2f2 (diff) | |
download | nixpkgs-66ab687151068472a795d48ee82004454963a76a.tar nixpkgs-66ab687151068472a795d48ee82004454963a76a.tar.gz nixpkgs-66ab687151068472a795d48ee82004454963a76a.tar.bz2 nixpkgs-66ab687151068472a795d48ee82004454963a76a.tar.lz nixpkgs-66ab687151068472a795d48ee82004454963a76a.tar.xz nixpkgs-66ab687151068472a795d48ee82004454963a76a.tar.zst nixpkgs-66ab687151068472a795d48ee82004454963a76a.zip |
Merge pull request #248131 from Ma27/captive-browser-setcap
nixos/captive-browser: drop setcap wrapper for captive-browser
Diffstat (limited to 'nixos/modules/programs')
-rw-r--r-- | nixos/modules/programs/captive-browser.nix | 32 |
1 files changed, 18 insertions, 14 deletions
diff --git a/nixos/modules/programs/captive-browser.nix b/nixos/modules/programs/captive-browser.nix index 36ceb1a6961..032c0e71f1f 100644 --- a/nixos/modules/programs/captive-browser.nix +++ b/nixos/modules/programs/captive-browser.nix @@ -7,6 +7,8 @@ let concatStringsSep escapeShellArgs optionalString literalExpression mkEnableOption mkIf mkOption mkOptionDefault types; + requiresSetcapWrapper = config.boot.kernelPackages.kernelOlder "5.7" && cfg.bindInterface; + browserDefault = chromium: concatStringsSep " " [ ''env XDG_CONFIG_HOME="$PREV_CONFIG_HOME"'' ''${chromium}/bin/chromium'' @@ -23,11 +25,23 @@ let desktopItem = pkgs.makeDesktopItem { name = "captive-browser"; desktopName = "Captive Portal Browser"; - exec = "/run/wrappers/bin/captive-browser"; + exec = "captive-browser"; icon = "nix-snowflake"; categories = [ "Network" ]; }; + captive-browser-configured = pkgs.writeShellScriptBin "captive-browser" '' + export PREV_CONFIG_HOME="$XDG_CONFIG_HOME" + export XDG_CONFIG_HOME=${pkgs.writeTextDir "captive-browser.toml" '' + browser = """${cfg.browser}""" + dhcp-dns = """${cfg.dhcp-dns}""" + socks5-addr = """${cfg.socks5-addr}""" + ${optionalString cfg.bindInterface '' + bind-device = """${cfg.interface}""" + ''} + ''} + exec ${cfg.package}/bin/captive-browser + ''; in { ###### interface @@ -101,6 +115,7 @@ in (pkgs.runCommand "captive-browser-desktop-item" { } '' install -Dm444 -t $out/share/applications ${desktopItem}/share/applications/*.desktop '') + captive-browser-configured ]; programs.captive-browser.dhcp-dns = @@ -131,22 +146,11 @@ in source = "${pkgs.busybox}/bin/udhcpc"; }; - security.wrappers.captive-browser = { + security.wrappers.captive-browser = mkIf requiresSetcapWrapper { owner = "root"; group = "root"; capabilities = "cap_net_raw+p"; - source = pkgs.writeShellScript "captive-browser" '' - export PREV_CONFIG_HOME="$XDG_CONFIG_HOME" - export XDG_CONFIG_HOME=${pkgs.writeTextDir "captive-browser.toml" '' - browser = """${cfg.browser}""" - dhcp-dns = """${cfg.dhcp-dns}""" - socks5-addr = """${cfg.socks5-addr}""" - ${optionalString cfg.bindInterface '' - bind-device = """${cfg.interface}""" - ''} - ''} - exec ${cfg.package}/bin/captive-browser - ''; + source = "${captive-browser-configured}/bin/captive-browser"; }; }; } |