internal/outcome: expose pipewire via pipewire-pulse
All checks were successful
Test / Create distribution (push) Successful in 28s
Test / Sandbox (push) Successful in 42s
Test / Hakurei (push) Successful in 3m20s
Test / Hpkg (push) Successful in 2m13s
Test / Sandbox (race detector) (push) Successful in 4m25s
Test / Hakurei (race detector) (push) Successful in 3m21s
Test / Flake checks (push) Successful in 1m30s
All checks were successful
Test / Create distribution (push) Successful in 28s
Test / Sandbox (push) Successful in 42s
Test / Hakurei (push) Successful in 3m20s
Test / Hpkg (push) Successful in 2m13s
Test / Sandbox (race detector) (push) Successful in 4m25s
Test / Hakurei (race detector) (push) Successful in 3m21s
Test / Flake checks (push) Successful in 1m30s
This no longer exposes the pipewire socket to the container, and instead mediates access via pipewire-pulse. This makes insecure parts of the protocol inaccessible as explained in the doc comment in hst. Closes #29. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
11
nixos.nix
11
nixos.nix
@@ -68,7 +68,7 @@ in
|
||||
|
||||
home-manager =
|
||||
let
|
||||
privPackages = mapAttrs (username: userid: {
|
||||
privPackages = mapAttrs (_: userid: {
|
||||
home.packages = foldlAttrs (
|
||||
acc: id: app:
|
||||
[
|
||||
@@ -196,15 +196,6 @@ in
|
||||
}
|
||||
]
|
||||
)
|
||||
++ optional (app.enablements.pipewire && app.pulse) {
|
||||
type = "daemon";
|
||||
dst = if app.mapRealUid then "/run/user/${toString config.users.users.${username}.uid}/pulse/native" else "/run/user/65534/pulse/native";
|
||||
path = cfg.shell;
|
||||
args = [
|
||||
"-lc"
|
||||
"exec pipewire-pulse"
|
||||
];
|
||||
}
|
||||
++ [
|
||||
{
|
||||
type = "bind";
|
||||
|
||||
Reference in New Issue
Block a user