pyrox.dev / nixpkgs
lol
fork atom

nixos/fuse: add enable option

Fuse is stil enabled by default so the default behaviour of NixOS
doesn't change. However, now it's possible to actively exclude fuse when
you don't need it.

nikstur 0d9a5c20 9e0ac0c7

options
unified split
Changed files
+32 -11
nixos
modules
programs
fuse.nix
security
wrappers
default.nix
tasks
filesystems.nix
+31 -2
nixos/modules/programs/fuse.nix 
···

       
1

       

       
-

       
{ config, lib, ... }:


     

       

       
1

       
+

       
{


     

       

       
2

       
+

       
  config,


     

       

       
3

       
+

       
  lib,


     

       

       
4

       
+

       
  pkgs,


     

       

       
5

       
+

       
  ...


     

       

       
6

       
+

       
}:


     

       
2

       
7

       
 

       



     

       
3

       
8

       
 

       
let


     

       
4

       
9

       
 

       
  cfg = config.programs.fuse;


     
···

       
7

       
12

       
 

       
  meta.maintainers = with lib.maintainers; [ ];


     

       
8

       
13

       
 

       



     

       
9

       
14

       
 

       
  options.programs.fuse = {


     

       

       
15

       
+

       
    enable = lib.mkEnableOption "fuse" // {


     

       

       
16

       
+

       
      default = true;


     

       

       
17

       
+

       
    };


     

       

       
18

       
+

       



     

       
10

       
19

       
 

       
    mountMax = lib.mkOption {


     

       
11

       
20

       
 

       
      # In the C code it's an "int" (i.e. signed and at least 16 bit), but


     

       
12

       
21

       
 

       
      # negative numbers obviously make no sense:


     
···

       
27

       
36

       
 

       
    };


     

       
28

       
37

       
 

       
  };


     

       
29

       
38

       
 

       



     

       
30

       

       
-

       
  config = {


     

       

       
39

       
+

       
  config = lib.mkIf cfg.enable {


     

       

       
40

       
+

       
    environment.systemPackages = [


     

       

       
41

       
+

       
      pkgs.fuse


     

       

       
42

       
+

       
      pkgs.fuse3


     

       

       
43

       
+

       
    ];


     

       

       
44

       
+

       



     

       

       
45

       
+

       
    security.wrappers =


     

       

       
46

       
+

       
      let


     

       

       
47

       
+

       
        mkSetuidRoot = source: {


     

       

       
48

       
+

       
          setuid = true;


     

       

       
49

       
+

       
          owner = "root";


     

       

       
50

       
+

       
          group = "root";


     

       

       
51

       
+

       
          inherit source;


     

       

       
52

       
+

       
        };


     

       

       
53

       
+

       
      in


     

       

       
54

       
+

       
      {


     

       

       
55

       
+

       
        fusermount = mkSetuidRoot "${lib.getBin pkgs.fuse}/bin/fusermount";


     

       

       
56

       
+

       
        fusermount3 = mkSetuidRoot "${lib.getBin pkgs.fuse3}/bin/fusermount3";


     

       

       
57

       
+

       
      };


     

       

       
58

       
+

       



     

       
31

       
59

       
 

       
    environment.etc."fuse.conf".text = ''


     

       
32

       
60

       
 

       
      ${lib.optionalString (!cfg.userAllowOther) "#"}user_allow_other


     

       
33

       
61

       
 

       
      mount_max = ${builtins.toString cfg.mountMax}


     

       
34

       
62

       
 

       
    '';


     

       

       
63

       
+

       



     

       
35

       
64

       
 

       
  };


     

       
36

       
65

       
 

       
}
-2
nixos/modules/security/wrappers/default.nix 
···

       
266

       
266

       
 

       
      in


     

       
267

       
267

       
 

       
      {


     

       
268

       
268

       
 

       
        # These are mount related wrappers that require the +s permission.


     

       
269

       

       
-

       
        fusermount = mkSetuidRoot "${lib.getBin pkgs.fuse}/bin/fusermount";


     

       
270

       

       
-

       
        fusermount3 = mkSetuidRoot "${lib.getBin pkgs.fuse3}/bin/fusermount3";


     

       
271

       
269

       
 

       
        mount = mkSetuidRoot "${lib.getBin pkgs.util-linux}/bin/mount";


     

       
272

       
270

       
 

       
        umount = mkSetuidRoot "${lib.getBin pkgs.util-linux}/bin/umount";


     

       
273

       
271

       
 

       
      };
+1 -7
nixos/modules/tasks/filesystems.nix 
···

       
461

       
461

       
 

       
    # Add the mount helpers to the system path so that `mount' can find them.


     

       
462

       
462

       
 

       
    system.fsPackages = [ pkgs.dosfstools ];


     

       
463

       
463

       
 

       



     

       
464

       

       
-

       
    environment.systemPackages =


     

       
465

       

       
-

       
      with pkgs;


     

       
466

       

       
-

       
      [


     

       
467

       

       
-

       
        fuse3


     

       
468

       

       
-

       
        fuse


     

       
469

       

       
-

       
      ]


     

       
470

       

       
-

       
      ++ config.system.fsPackages;


     

       

       
464

       
+

       
    environment.systemPackages = config.system.fsPackages;


     

       
471

       
465

       
 

       



     

       
472

       
466

       
 

       
    environment.etc.fstab.text =


     

       
473

       
467

       
 

       
      let