nixos/modules/programs/fuse.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / programs / fuse.nix
at master 1.5 kB view raw
 1{
 2  config,
 3  lib,
 4  pkgs,
 5  ...
 6}:
 7
 8let
 9  cfg = config.programs.fuse;
10in
11{
12  meta.maintainers = with lib.maintainers; [ ];
13
14  options.programs.fuse = {
15    enable = lib.mkEnableOption "fuse" // {
16      default = true;
17    };
18
19    mountMax = lib.mkOption {
20      # In the C code it's an "int" (i.e. signed and at least 16 bit), but
21      # negative numbers obviously make no sense:
22      type = lib.types.ints.between 0 32767; # 2^15 - 1
23      default = 1000;
24      description = ''
25        Set the maximum number of FUSE mounts allowed to non-root users.
26      '';
27    };
28
29    userAllowOther = lib.mkOption {
30      type = lib.types.bool;
31      default = false;
32      description = ''
33        Allow non-root users to specify the allow_other or allow_root mount
34        options, see mount.fuse3(8).
35      '';
36    };
37  };
38
39  config = lib.mkIf cfg.enable {
40    environment.systemPackages = [
41      pkgs.fuse
42      pkgs.fuse3
43    ];
44
45    security.wrappers =
46      let
47        mkSetuidRoot = source: {
48          setuid = true;
49          owner = "root";
50          group = "root";
51          inherit source;
52        };
53      in
54      {
55        fusermount = mkSetuidRoot "${lib.getBin pkgs.fuse}/bin/fusermount";
56        fusermount3 = mkSetuidRoot "${lib.getBin pkgs.fuse3}/bin/fusermount3";
57      };
58
59    environment.etc."fuse.conf".text = ''
60      ${lib.optionalString (!cfg.userAllowOther) "#"}user_allow_other
61      mount_max = ${builtins.toString cfg.mountMax}
62    '';
63
64  };
65}