summary refs log tree commit diff
path: root/pkgs/applications/networking/p2p
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/applications/networking/p2p')
-rw-r--r--pkgs/applications/networking/p2p/transmission/default.nix27
1 files changed, 27 insertions, 0 deletions
diff --git a/pkgs/applications/networking/p2p/transmission/default.nix b/pkgs/applications/networking/p2p/transmission/default.nix
index 363e5f7cfbe..b3a2a3eb212 100644
--- a/pkgs/applications/networking/p2p/transmission/default.nix
+++ b/pkgs/applications/networking/p2p/transmission/default.nix
@@ -21,6 +21,7 @@
 , enableDaemon ? true
 , enableCli ? true
 , installLib ? false
+, apparmorRulesFromClosure
 }:
 
 let
@@ -38,6 +39,8 @@ in stdenv.mkDerivation {
     fetchSubmodules = true;
   };
 
+  outputs = [ "out" "apparmor" ];
+
   cmakeFlags =
     let
       mkFlag = opt: if opt then "ON" else "OFF";
@@ -74,6 +77,30 @@ in stdenv.mkDerivation {
 
   NIX_LDFLAGS = lib.optionalString stdenv.isDarwin "-framework CoreFoundation";
 
+  postInstall = ''
+    install -D -m 644 /dev/stdin $apparmor/bin.transmission-daemon <<EOF
+    include <tunables/global>
+    $out/bin/transmission-daemon {
+      include <abstractions/base>
+      include <abstractions/nameservice>
+      include <abstractions/ssl_certs>
+      include "${apparmorRulesFromClosure { name = "transmission-daemon"; } ([
+        curl libevent openssl pcre zlib
+      ] ++ lib.optionals enableSystemd [ systemd ]
+        ++ lib.optionals stdenv.isLinux [ inotify-tools ]
+      )}"
+      r @{PROC}/sys/kernel/random/uuid,
+      r @{PROC}/sys/vm/overcommit_memory,
+      r @{PROC}/@{pid}/environ,
+      r @{PROC}/@{pid}/mounts,
+      rwk /tmp/tr_session_id_*,
+      r /run/systemd/resolve/stub-resolv.conf,
+
+      include <local/bin.transmission-daemon>
+    }
+    EOF
+  '';
+
   meta = {
     description = "A fast, easy and free BitTorrent client";
     longDescription = ''
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-27 05:00:09 +0000