nixos/modules/virtualisation/spice-usb-redirection.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / virtualisation / spice-usb-redirection.nix

at 23.11-pre 891 B view raw

 1{ config, pkgs, lib, ... }:
 2{
 3  options.virtualisation.spiceUSBRedirection.enable = lib.mkOption {
 4    type = lib.types.bool;
 5    default = false;
 6    description = lib.mdDoc ''
 7      Install the SPICE USB redirection helper with setuid
 8      privileges. This allows unprivileged users to pass USB devices
 9      connected to this machine to libvirt VMs, both local and
10      remote. Note that this allows users arbitrary access to USB
11      devices.
12    '';
13  };
14
15  config = lib.mkIf config.virtualisation.spiceUSBRedirection.enable {
16    environment.systemPackages = [ pkgs.spice-gtk ]; # For polkit actions
17    security.wrappers.spice-client-glib-usb-acl-helper = {
18      owner = "root";
19      group = "root";
20      capabilities = "cap_fowner+ep";
21      source = "${pkgs.spice-gtk}/bin/spice-client-glib-usb-acl-helper";
22    };
23  };
24
25  meta.maintainers = [ lib.maintainers.lheckemann ];
26}