nixos/modules/virtualisation/spice-usb-redirection.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / virtualisation / spice-usb-redirection.nix

at 25.11-pre 862 B view raw

 1{
 2  config,
 3  pkgs,
 4  lib,
 5  ...
 6}:
 7{
 8  options.virtualisation.spiceUSBRedirection.enable = lib.mkOption {
 9    type = lib.types.bool;
10    default = false;
11    description = ''
12      Install the SPICE USB redirection helper with setuid
13      privileges. This allows unprivileged users to pass USB devices
14      connected to this machine to libvirt VMs, both local and
15      remote. Note that this allows users arbitrary access to USB
16      devices.
17    '';
18  };
19
20  config = lib.mkIf config.virtualisation.spiceUSBRedirection.enable {
21    environment.systemPackages = [ pkgs.spice-gtk ]; # For polkit actions
22    security.wrappers.spice-client-glib-usb-acl-helper = {
23      owner = "root";
24      group = "root";
25      capabilities = "cap_fowner+ep";
26      source = "${pkgs.spice-gtk}/bin/spice-client-glib-usb-acl-helper";
27    };
28  };
29
30  meta.maintainers = [ ];
31}