pyrox.dev / nixpkgs
lol
fork atom

nixos/monado: make CAP_SYS_NICE wrapper configurable

Signed-off-by: Sefa Eyeoglu <contact@scrumplex.net>

scrumplex.net 0e585a63 8fc2690b

options
unified split
Changed files
+10 -4
nixos
modules
services
hardware
monado.nix
+10 -4
nixos/modules/services/hardware/monado.nix 
···

       
11

       
11

       
 

       
in


     

       
12

       
12

       
 

       
{


     

       
13

       
13

       
 

       
  options.services.monado = {


     

       
14

       

       
-

       
    enable = mkEnableOption "Monado wrapper and user service";


     

       

       
14

       
+

       
    enable = mkEnableOption "Monado user service";


     

       
15

       
15

       
 

       



     

       
16

       
16

       
 

       
    package = mkPackageOption pkgs "monado" { };


     

       
17

       
17

       
 

       



     
···

       
26

       
26

       
 

       
      default = false;


     

       
27

       
27

       
 

       
      example = true;


     

       
28

       
28

       
 

       
    };


     

       

       
29

       
+

       



     

       

       
30

       
+

       
    highPriority = mkEnableOption "high priority capability for monado-service"


     

       

       
31

       
+

       
      // mkOption { default = true; };


     

       
29

       
32

       
 

       
  };


     

       
30

       
33

       
 

       



     

       
31

       
34

       
 

       
  config = mkIf cfg.enable {


     

       
32

       

       
-

       
    security.wrappers."monado-service" = {


     

       

       
35

       
+

       
    security.wrappers."monado-service" = mkIf cfg.highPriority {


     

       
33

       
36

       
 

       
      setuid = false;


     

       
34

       
37

       
 

       
      owner = "root";


     

       
35

       
38

       
 

       
      group = "root";


     

       
36

       
39

       
 

       
      # cap_sys_nice needed for asynchronous reprojection


     

       
37

       
40

       
 

       
      capabilities = "cap_sys_nice+eip";


     

       
38

       

       
-

       
      source = "${cfg.package}/bin/monado-service";


     

       

       
41

       
+

       
      source = lib.getExe' cfg.package "monado-service";


     

       
39

       
42

       
 

       
    };


     

       
40

       
43

       
 

       



     

       
41

       
44

       
 

       
    services.udev.packages = with pkgs; [ xr-hardware ];


     
···

       
57

       
60

       
 

       
        };


     

       
58

       
61

       
 

       



     

       
59

       
62

       
 

       
        serviceConfig = {


     

       
60

       

       
-

       
          ExecStart = "${config.security.wrapperDir}/monado-service";


     

       

       
63

       
+

       
          ExecStart =


     

       

       
64

       
+

       
            if cfg.highPriority


     

       

       
65

       
+

       
            then "${config.security.wrapperDir}/monado-service"


     

       

       
66

       
+

       
            else lib.getExe' cfg.package "monado-service";


     

       
61

       
67

       
 

       
          Restart = "no";


     

       
62

       
68

       
 

       
        };


     

       
63

       
69