hst: check for insecure PulseAudio enablement

This is currently still a noop, but required for #26.

Signed-off-by: Ophestra <cat@gensokyo.uk>

hst/config.go

@@ -60,6 +60,9 @@ var (
 
 	// ErrEnviron is returned by [Config.Validate] if an environment variable name contains '=' or NUL.
 	ErrEnviron = errors.New("invalid environment variable name")
+
+	// ErrInsecure is returned by [Config.Validate] if the configuration is considered insecure.
+	ErrInsecure = errors.New("configuration is insecure")
 )
 
 // Validate checks [Config] and returns [AppError] if an invalid value is encountered.
@@ -106,6 +109,13 @@ func (config *Config) Validate() error {
 		}
 	}
 
+	// EPulse without EPipeWire is insecure
+	if et := config.Enablements.Unwrap(); !config.DirectPulse &&
+		et&EPipeWire == 0 && et&EPulse != 0 {
+		return &AppError{Step: "validate configuration", Err: ErrInsecure,
+			Msg: "enablement PulseAudio requires PipeWire, which is not set"}
+	}
+
 	return nil
 }
 

hst/config_test.go

@@ -53,6 +53,12 @@ func TestConfigValidate(t *testing.T) {
 			Env:   map[string]string{"TERM\x00": ""},
 		}}, &hst.AppError{Step: "validate configuration", Err: hst.ErrEnviron,
 			Msg: `invalid environment variable "TERM\x00"`}},
+		{"insecure pulse", &hst.Config{Enablements: hst.NewEnablements(hst.EPulse), Container: &hst.ContainerConfig{
+			Home:  fhs.AbsTmp,
+			Shell: fhs.AbsTmp,
+			Path:  fhs.AbsTmp,
+		}}, &hst.AppError{Step: "validate configuration", Err: hst.ErrInsecure,
+			Msg: "enablement PulseAudio requires PipeWire, which is not set"}},
 		{"valid", &hst.Config{Container: &hst.ContainerConfig{
 			Home:  fhs.AbsTmp,
 			Shell: fhs.AbsTmp,

hst/hst.go

@@ -92,7 +92,6 @@ func Template() *Config {
 			Log:       false,
 			Filter:    true,
 		},
-		DirectWayland: false,
 
 		ExtraPerms: []ExtraPermConfig{
 			{Path: fhs.AbsVarLib.Append("hakurei/u0"), Ensure: true, Execute: true},