mirror of
https://github.com/NixOS/nixpkgs.git
synced 2026-03-14 00:16:33 +01:00
a2ed7e8d88
Remove optional builtins prefixes from prelude functions by running:
builtins=(
abort
baseNameOf
break
derivation
derivationStrict
dirOf
false
fetchGit
fetchMercurial
fetchTarball
fetchTree
fromTOML
import
isNull
map
null
placeholder
removeAttrs
scopedImport
throw
toString
true
)
fd \
--exclude doc/manual/release-notes \
--type file \
. \
nixos \
--exec-batch sed --in-place --regexp-extended "
s/\<builtins\.($(
printf '%s\n' "${builtins[@]}" |
paste --delimiter '|' --serial -
))\>/\1/g
"
nix fmt
65 lines
1.4 KiB
Nix
65 lines
1.4 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
|
|
let
|
|
cfg = config.programs.fuse;
|
|
in
|
|
{
|
|
meta.maintainers = [ ];
|
|
|
|
options.programs.fuse = {
|
|
enable = lib.mkEnableOption "fuse" // {
|
|
default = true;
|
|
};
|
|
|
|
mountMax = lib.mkOption {
|
|
# In the C code it's an "int" (i.e. signed and at least 16 bit), but
|
|
# negative numbers obviously make no sense:
|
|
type = lib.types.ints.between 0 32767; # 2^15 - 1
|
|
default = 1000;
|
|
description = ''
|
|
Set the maximum number of FUSE mounts allowed to non-root users.
|
|
'';
|
|
};
|
|
|
|
userAllowOther = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = false;
|
|
description = ''
|
|
Allow non-root users to specify the allow_other or allow_root mount
|
|
options, see mount.fuse3(8).
|
|
'';
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
environment.systemPackages = [
|
|
pkgs.fuse
|
|
pkgs.fuse3
|
|
];
|
|
|
|
security.wrappers =
|
|
let
|
|
mkSetuidRoot = source: {
|
|
setuid = true;
|
|
owner = "root";
|
|
group = "root";
|
|
inherit source;
|
|
};
|
|
in
|
|
{
|
|
fusermount = mkSetuidRoot "${lib.getBin pkgs.fuse}/bin/fusermount";
|
|
fusermount3 = mkSetuidRoot "${lib.getBin pkgs.fuse3}/bin/fusermount3";
|
|
};
|
|
|
|
environment.etc."fuse.conf".text = ''
|
|
${lib.optionalString (!cfg.userAllowOther) "#"}user_allow_other
|
|
mount_max = ${toString cfg.mountMax}
|
|
'';
|
|
|
|
};
|
|
}
|