mirror of
https://codeberg.org/icewind/shortcutd.git
synced 2026-06-03 17:24:08 +02:00
nixos module
This commit is contained in:
parent
42237bc965
commit
1f5b9a129f
3 changed files with 149 additions and 39 deletions
111
flake.nix
111
flake.nix
|
|
@ -38,7 +38,7 @@
|
||||||
|
|
||||||
releaseTargets = lib.lists.remove hostTarget targets;
|
releaseTargets = lib.lists.remove hostTarget targets;
|
||||||
|
|
||||||
toolchain = (pkgs.rust-bin.stable.latest.default.override { inherit targets; });
|
toolchain = pkgs.rust-bin.stable.latest.default.override {inherit targets;};
|
||||||
assetNameForTarget = replaceStrings ["-unknown" "-gnu" "-musl" "eabihf" "-pc"] ["" "" "" "" ""];
|
assetNameForTarget = replaceStrings ["-unknown" "-gnu" "-musl" "eabihf" "-pc"] ["" "" "" "" ""];
|
||||||
|
|
||||||
cross-naersk' = pkgs.callPackage cross-naersk {inherit naersk;};
|
cross-naersk' = pkgs.callPackage cross-naersk {inherit naersk;};
|
||||||
|
|
@ -49,21 +49,31 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
buildMatrix = targets: {
|
buildMatrix = targets: {
|
||||||
include = (map (target: {
|
include =
|
||||||
|
map (target: {
|
||||||
inherit target;
|
inherit target;
|
||||||
artifact_name = "shortcutd";
|
artifact_name = "shortcutd";
|
||||||
asset_name = "shortcutd-${assetNameForTarget target}";
|
asset_name = "shortcutd-${assetNameForTarget target}";
|
||||||
}) targets ++ map (target: {
|
})
|
||||||
|
targets
|
||||||
|
++ map (target: {
|
||||||
target = "${target}-example-client";
|
target = "${target}-example-client";
|
||||||
artifact_name = "client";
|
artifact_name = "client";
|
||||||
asset_name = "example-client-${assetNameForTarget target}";
|
asset_name = "example-client-${assetNameForTarget target}";
|
||||||
}) targets);
|
})
|
||||||
|
targets;
|
||||||
};
|
};
|
||||||
serverPackages = genAttrs targets (target: (cross-naersk' target).buildPackage ({
|
serverPackages = genAttrs targets (target:
|
||||||
|
(cross-naersk' target).buildPackage {
|
||||||
pname = "shortcutd";
|
pname = "shortcutd";
|
||||||
root = src;
|
root = src;
|
||||||
}));
|
postInstall = ''
|
||||||
clientPackages = listToAttrs (map (target: nameValuePair "${target}-example-client" ((cross-naersk' target).buildPackage ({
|
mkdir -p $out/etc/dbus-1/system.d/
|
||||||
|
cp ${./nixos-nl.icewind.shortcutd.conf} $out/etc/dbus-1/system.d/nl.icewind.shortcutd.conf
|
||||||
|
'';
|
||||||
|
});
|
||||||
|
clientPackages = listToAttrs (map (target:
|
||||||
|
nameValuePair "${target}-example-client" ((cross-naersk' target).buildPackage {
|
||||||
pname = "shortcutd-example-client";
|
pname = "shortcutd-example-client";
|
||||||
root = src;
|
root = src;
|
||||||
|
|
||||||
|
|
@ -72,15 +82,21 @@
|
||||||
cargo_build_options="$cargo_build_options --example client"
|
cargo_build_options="$cargo_build_options --example client"
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}))) targets);
|
}))
|
||||||
|
targets);
|
||||||
in rec {
|
in rec {
|
||||||
packages = serverPackages // clientPackages // rec {
|
packages =
|
||||||
|
serverPackages
|
||||||
|
// clientPackages
|
||||||
|
// rec {
|
||||||
shortcutd = packages.${hostTarget};
|
shortcutd = packages.${hostTarget};
|
||||||
example-client = packages."${hostTarget}-example-client";
|
example-client = packages."${hostTarget}-example-client";
|
||||||
check = (cross-naersk' hostTarget).buildPackage (naerskOpt // {
|
check = (cross-naersk' hostTarget).buildPackage (naerskOpt
|
||||||
|
// {
|
||||||
mode = "check";
|
mode = "check";
|
||||||
});
|
});
|
||||||
clippy = (cross-naersk' hostTarget).buildPackage (naerskOpt // {
|
clippy = (cross-naersk' hostTarget).buildPackage (naerskOpt
|
||||||
|
// {
|
||||||
mode = "clippy";
|
mode = "clippy";
|
||||||
});
|
});
|
||||||
default = shortcutd;
|
default = shortcutd;
|
||||||
|
|
@ -102,5 +118,76 @@
|
||||||
devShells.default = pkgs.mkShell {
|
devShells.default = pkgs.mkShell {
|
||||||
nativeBuildInputs = with pkgs; [rust-bin.stable.latest.default bacon cargo-edit cargo-outdated rustfmt clippy cargo-audit hyperfine valgrind];
|
nativeBuildInputs = with pkgs; [rust-bin.stable.latest.default bacon cargo-edit cargo-outdated rustfmt clippy cargo-audit hyperfine valgrind];
|
||||||
};
|
};
|
||||||
});
|
})
|
||||||
|
// {
|
||||||
|
nixosModule = {
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
with lib; let
|
||||||
|
cfg = config.services.shortcutd;
|
||||||
|
in {
|
||||||
|
options.services.shortcutd = {
|
||||||
|
enable = mkEnableOption "Enables the shortcutd service";
|
||||||
|
|
||||||
|
log = mkOption rec {
|
||||||
|
type = types.str;
|
||||||
|
default = "WARN";
|
||||||
|
example = "INFO";
|
||||||
|
description = "log level";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
services.dbus.packages = [self.packages.${pkgs.system}.default];
|
||||||
|
|
||||||
|
users.users.shortcutd = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "shortcutd";
|
||||||
|
};
|
||||||
|
users.groups.shortcutd = {};
|
||||||
|
|
||||||
|
systemd.services."shortcutd" = {
|
||||||
|
wantedBy = ["multi-user.target"];
|
||||||
|
|
||||||
|
environment = {
|
||||||
|
RUST_LOG = cfg.log;
|
||||||
|
};
|
||||||
|
|
||||||
|
serviceConfig = let
|
||||||
|
pkg = self.packages.${pkgs.system}.default;
|
||||||
|
in {
|
||||||
|
User = "shortcutd";
|
||||||
|
Restart = "on-failure";
|
||||||
|
ExecStart = "${pkg}/bin/shortcutd";
|
||||||
|
PrivateTmp = true;
|
||||||
|
ProtectSystem = "strict";
|
||||||
|
ProtectHome = true;
|
||||||
|
NoNewPrivileges = true;
|
||||||
|
CapabilityBoundingSet = true;
|
||||||
|
ProtectKernelLogs = true;
|
||||||
|
ProtectControlGroups = true;
|
||||||
|
SystemCallArchitectures = "native";
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
RestrictNamespaces = true;
|
||||||
|
MemoryDenyWriteExecute = true;
|
||||||
|
ProtectHostname = true;
|
||||||
|
LockPersonality = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
RestrictRealtime = true;
|
||||||
|
SystemCallFilter = ["@system-service" "~@resources" "~@privileged"];
|
||||||
|
RestrictAddressFamilies = ["AF_UNIX"];
|
||||||
|
IPAddressDeny = "any";
|
||||||
|
PrivateUsers = true;
|
||||||
|
RestrictSUIDSGID = true;
|
||||||
|
PrivateNetwork = true;
|
||||||
|
UMask = "0077";
|
||||||
|
SupplementaryGroups = ["input"];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
16
nixos-nl.icewind.shortcutd.conf
Normal file
16
nixos-nl.icewind.shortcutd.conf
Normal file
|
|
@ -0,0 +1,16 @@
|
||||||
|
<?xml version="1.0"?> <!--*-nxml-*-->
|
||||||
|
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
|
||||||
|
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
|
||||||
|
|
||||||
|
<busconfig>
|
||||||
|
|
||||||
|
<policy user="shortcutd">
|
||||||
|
<allow own="nl.icewind.shortcutd"/>
|
||||||
|
</policy>
|
||||||
|
|
||||||
|
<policy context="default">
|
||||||
|
<allow send_destination="nl.icewind.shortcutd"/>
|
||||||
|
<allow receive_sender="nl.icewind.shortcutd"/>
|
||||||
|
</policy>
|
||||||
|
|
||||||
|
</busconfig>
|
||||||
|
|
@ -3,7 +3,7 @@ use futures::stream::StreamExt;
|
||||||
use glob::GlobError;
|
use glob::GlobError;
|
||||||
use main_error::MainError;
|
use main_error::MainError;
|
||||||
use std::path::PathBuf;
|
use std::path::PathBuf;
|
||||||
use tracing::info;
|
use tracing::{error, info};
|
||||||
use zbus::export::futures_util::pin_mut;
|
use zbus::export::futures_util::pin_mut;
|
||||||
use zbus::{dbus_interface, fdo, ConnectionBuilder, ObjectServer, SignalContext};
|
use zbus::{dbus_interface, fdo, ConnectionBuilder, ObjectServer, SignalContext};
|
||||||
|
|
||||||
|
|
@ -24,7 +24,6 @@ impl Register {
|
||||||
match shortcut.parse::<Shortcut>() {
|
match shortcut.parse::<Shortcut>() {
|
||||||
Ok(shortcut) => {
|
Ok(shortcut) => {
|
||||||
if shortcut.modifiers.is_empty() && !self.listener.has(&shortcut) {
|
if shortcut.modifiers.is_empty() && !self.listener.has(&shortcut) {
|
||||||
dbg!(&shortcut);
|
|
||||||
if self.bare_count >= MAX_BARE {
|
if self.bare_count >= MAX_BARE {
|
||||||
return Err(fdo::Error::InvalidArgs(format!(
|
return Err(fdo::Error::InvalidArgs(format!(
|
||||||
"Only {} shortcuts without modifiers are allowed",
|
"Only {} shortcuts without modifiers are allowed",
|
||||||
|
|
@ -68,11 +67,19 @@ async fn main() -> Result<(), MainError> {
|
||||||
listener,
|
listener,
|
||||||
bare_count: 0,
|
bare_count: 0,
|
||||||
};
|
};
|
||||||
let conn = ConnectionBuilder::system()?
|
let conn = ConnectionBuilder::system()
|
||||||
|
.map_err(|e| {
|
||||||
|
error!(error = ?e, "error while connecting to dbus system socket");
|
||||||
|
e
|
||||||
|
})?
|
||||||
.name("nl.icewind.shortcutd")?
|
.name("nl.icewind.shortcutd")?
|
||||||
.serve_at("/register", bus)?
|
.serve_at("/register", bus)?
|
||||||
.build()
|
.build()
|
||||||
.await?;
|
.await
|
||||||
|
.map_err(|e| {
|
||||||
|
error!(error = ?e, "error while binding dbus service");
|
||||||
|
e
|
||||||
|
})?;
|
||||||
|
|
||||||
let server = conn.object_server();
|
let server = conn.object_server();
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue