diff options
Diffstat (limited to 'nixos/modules/virtualisation/spice-usb-redirection.nix')
-rw-r--r-- | nixos/modules/virtualisation/spice-usb-redirection.nix | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/nixos/modules/virtualisation/spice-usb-redirection.nix b/nixos/modules/virtualisation/spice-usb-redirection.nix new file mode 100644 index 00000000000..4168cebe79b --- /dev/null +++ b/nixos/modules/virtualisation/spice-usb-redirection.nix @@ -0,0 +1,24 @@ +{ config, pkgs, lib, ... }: +{ + options.virtualisation.spiceUSBRedirection.enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Install the SPICE USB redirection helper with setuid + privileges. This allows unprivileged users to pass USB devices + connected to this machine to libvirt VMs, both local and + remote. Note that this allows users arbitrary access to USB + devices. + ''; + }; + + config = lib.mkIf config.virtualisation.spiceUSBRedirection.enable { + environment.systemPackages = [ pkgs.spice-gtk ]; # For polkit actions + security.wrappers.spice-client-glib-usb-acl-helper ={ + source = "${pkgs.spice-gtk}/bin/spice-client-glib-usb-acl-helper"; + capabilities = "cap_fowner+ep"; + }; + }; + + meta.maintainers = [ lib.maintainers.lheckemann ]; +} |