security/hakurei
security/hakurei
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

release: 0.0.2
All checks were successful
Release / Create release (push) Successful in 32s
Details
Test / Sandbox (push) Successful in 39s
Details
Test / Hakurei (push) Successful in 2m18s
Details
Test / Create distribution (push) Successful in 27s
Details
Test / Sandbox (race detector) (push) Successful in 1m15s
Details
Test / Hakurei (race detector) (push) Successful in 2m18s
Details
Test / Planterette (push) Successful in 4m24s
Details
Test / Flake checks (push) Successful in 1m18s
Details

Browse Source 
Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra 2025-06-25 21:05:12 +09:00
parent aa454b158f
commit 8fb6135976
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
3 changed files with 19 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
README.md
View File

@ -1,38 +1,29 @@
Hakurei
=======
<p align="center">
<a href="https://git.gensokyo.uk/security/hakurei">
<picture>
<img src="https://basement.gensokyo.uk/images/yukari1.png" width="200px" alt="Yukari">
</picture>
</a>
</p>
[![Go Reference](https://pkg.go.dev/badge/git.gensokyo.uk/security/hakurei.svg)](https://pkg.go.dev/git.gensokyo.uk/security/hakurei)
[![Go Report Card](https://goreportcard.com/badge/git.gensokyo.uk/security/hakurei)](https://goreportcard.com/report/git.gensokyo.uk/security/hakurei)
<p align="center">
<a href="https://pkg.go.dev/git.gensokyo.uk/security/hakurei"><img src="https://pkg.go.dev/badge/git.gensokyo.uk/security/hakurei.svg" alt="Go Reference" /></a>
<a href="https://goreportcard.com/report/git.gensokyo.uk/security/hakurei"><img src="https://goreportcard.com/badge/git.gensokyo.uk/security/hakurei" alt="Go Report Card" /></a>
</p>
Lets you run graphical applications as dedicated subordinate users in a container environment with a nice NixOS
module to configure target users and provide launch scripts and desktop files.
Hakurei is a tool for running sandboxed graphical applications as dedicated subordinate users on the Linux kernel.
It also implements [planterette (WIP)](cmd/planterette), a self-contained Android-like package manager with modern security features.
Why would you want this?
## NixOS Module usage
- It protects the desktop environment from applications.
- It protects applications from each other.
- It provides UID isolation on top of the standard application sandbox.
If you have a flakes-enabled nix environment, you can try out the tool by running:
```shell
nix run git+https://git.gensokyo.uk/security/hakurei -- help
```
## Module usage
The NixOS module currently requires home-manager to configure subordinate users.
Full module documentation can be found [here](options.md).
The NixOS module currently requires home-manager to configure subordinate users. Full module documentation can be found [here](options.md).
To use the module, import it into your configuration with
```nix
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
hakurei = {
url = "git+https://git.gensokyo.uk/security/hakurei";

4
options.md
View File

@ -35,7 +35,7 @@ package
*Default:*
` <derivation hakurei-static-x86_64-unknown-linux-musl-0.4.1> `
` <derivation hakurei-static-x86_64-unknown-linux-musl-0.0.2> `
@ -916,7 +916,7 @@ package
*Default:*
` <derivation hakurei-hsu-0.4.1> `
` <derivation hakurei-hsu-0.0.2> `

2
package.nix
View File

@ -31,7 +31,7 @@
buildGoModule rec {
pname = "hakurei";
version = "0.0.1";
version = "0.0.2";
srcFiltered = builtins.path {
name = "${pname}-src";