security/hakurei
6
3
Fork 0
Code Issues 11 Pull Requests Actions Packages Projects Releases 11 Wiki Activity
Files
2a5e0e1b50bd36ebea353299303331dc83aabd6c
hakurei/options.md
Ophestra 2a5e0e1b50
Some checks failed
Test / Create distribution (push) Successful in 43s
Details
Test / Sandbox (push) Successful in 2m27s
Details
Test / Hakurei (push) Successful in 3m24s
Details
Test / ShareFS (push) Successful in 3m25s
Details
Test / Hpkg (push) Successful in 4m7s
Details
Test / Hakurei (race detector) (push) Successful in 5m33s
Details
Test / Sandbox (race detector) (push) Successful in 4m36s
Details
Test / Flake checks (push) Failing after 1m36s
Details
nix: configure sharefs via fileSystems 
Turns out this did not work because in the vm test harness, virtualisation.fileSystems completely and silently overrides fileSystems, causing its contents to not even be evaluated anymore. This is not documented as far as I can tell, and is not obvious by any stretch of the imagination. The current hack is cargo culted from nix-community/impermanence and hopefully lasts until this project fully replaces nix.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-12-27 22:55:11 +09:00

945 lines
8.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
## environment\.hakurei\.enable
Whether to enable hakurei\.
*Type:*
boolean
*Default:*
` false `
*Example:*
` true `
## environment\.hakurei\.package
The hakurei package to use\.
*Type:*
package
*Default:*
` <derivation hakurei-static-x86_64-unknown-linux-musl-0.3.3> `
## environment\.hakurei\.apps
Declaratively configured hakurei apps\.
*Type:*
attribute set of (submodule)
*Default:*
` { } `
## environment\.hakurei\.apps\.\<name>\.enablements\.dbus
Whether to proxy D-Bus\.
*Type:*
null or boolean
*Default:*
` true `
## environment\.hakurei\.apps\.\<name>\.enablements\.pipewire
Whether to share the PipeWire server via pipewire-pulse on a SecurityContext socket\.
*Type:*
null or boolean
*Default:*
` true `
## environment\.hakurei\.apps\.\<name>\.enablements\.wayland
Whether to share the Wayland server via security-context-v1\.
*Type:*
null or boolean
*Default:*
` true `
## environment\.hakurei\.apps\.\<name>\.enablements\.x11
Whether to share the X11 socket and allow connection\.
*Type:*
null or boolean
*Default:*
` false `
## environment\.hakurei\.apps\.\<name>\.packages
List of extra packages to install via home-manager\.
*Type:*
list of package
*Default:*
` [ ] `
## environment\.hakurei\.apps\.\<name>\.args
Custom args\.
Setting this to null will default to script name\.
*Type:*
null or (list of string)
*Default:*
` null `
## environment\.hakurei\.apps\.\<name>\.command
Command to run as the target user\.
Setting this to null will default command to launcher name\.
Has no effect when script is set\.
*Type:*
null or string
*Default:*
` null `
## environment\.hakurei\.apps\.\<name>\.dbus\.session
D-Bus session bus custom configuration\.
Setting this to null will enable built-in defaults\.
*Type:*
null or (function that evaluates to a(n) anything)
*Default:*
` null `
## environment\.hakurei\.apps\.\<name>\.dbus\.system
D-Bus system bus custom configuration\.
Setting this to null will disable the system bus proxy\.
*Type:*
null or anything
*Default:*
` null `
## environment\.hakurei\.apps\.\<name>\.devel
Whether to enable debugging-related kernel interfaces\.
*Type:*
boolean
*Default:*
` false `
*Example:*
` true `
## environment\.hakurei\.apps\.\<name>\.device
Whether to enable access to all devices\.
*Type:*
boolean
*Default:*
` false `
*Example:*
` true `
## environment\.hakurei\.apps\.\<name>\.env
Environment variables to set for the initial process in the sandbox\.
*Type:*
null or (attribute set of string)
*Default:*
` null `
## environment\.hakurei\.apps\.\<name>\.extraConfig
Extra home-manager configuration\.
*Type:*
anything
*Default:*
` { } `
## environment\.hakurei\.apps\.\<name>\.extraPaths
Extra paths to make available to the container\.
*Type:*
list of attribute set of anything
*Default:*
` [ ] `
## environment\.hakurei\.apps\.\<name>\.gpu
Target process GPU and driver access\.
Setting this to null will enable GPU whenever X or Wayland is enabled\.
*Type:*
null or boolean
*Default:*
` null `
## environment\.hakurei\.apps\.\<name>\.groups
List of groups to inherit from the privileged user\.
*Type:*
list of string
*Default:*
` [ ] `
## environment\.hakurei\.apps\.\<name>\.hostAbstract
Whether to enable share abstract unix socket scope\.
*Type:*
boolean
*Default:*
` false `
*Example:*
` true `
## environment\.hakurei\.apps\.\<name>\.hostNet
Whether to enable share host net namespace\.
*Type:*
boolean
*Default:*
` true `
*Example:*
` true `
## environment\.hakurei\.apps\.\<name>\.identity
Application identity\. Identity 0 is reserved for system services\.
*Type:*
integer between 1 and 9999 (both inclusive)
## environment\.hakurei\.apps\.\<name>\.insecureWayland
Whether to enable direct access to the Wayland socket\.
*Type:*
boolean
*Default:*
` false `
*Example:*
` true `
## environment\.hakurei\.apps\.\<name>\.mapRealUid
Whether to enable mapping to priv-user uid\.
*Type:*
boolean
*Default:*
` false `
*Example:*
` true `
## environment\.hakurei\.apps\.\<name>\.multiarch
Whether to enable multiarch kernel-level support\.
*Type:*
boolean
*Default:*
` false `
*Example:*
` true `
## environment\.hakurei\.apps\.\<name>\.name
Name of the apps launcher script\.
*Type:*
string
## environment\.hakurei\.apps\.\<name>\.nix
Whether to enable nix daemon access\.
*Type:*
boolean
*Default:*
` false `
*Example:*
` true `
## environment\.hakurei\.apps\.\<name>\.path
Custom executable path\.
Setting this to null will default to the start script\.
*Type:*
null or string
*Default:*
` null `
## environment\.hakurei\.apps\.\<name>\.script
Application launch script\.
*Type:*
null or string
*Default:*
` null `
## environment\.hakurei\.apps\.\<name>\.share
Package containing share files\.
Setting this to null will default package name to wrapper name\.
*Type:*
null or package
*Default:*
` null `
## environment\.hakurei\.apps\.\<name>\.shareRuntime
Whether to enable sharing of XDG_RUNTIME_DIR between containers under the same identity\.
*Type:*
boolean
*Default:*
` false `
*Example:*
` true `
## environment\.hakurei\.apps\.\<name>\.shareTmpdir
Whether to enable sharing of TMPDIR between containers under the same identity\.
*Type:*
boolean
*Default:*
` false `
*Example:*
` true `
## environment\.hakurei\.apps\.\<name>\.shareUid
Whether to enable sharing identity with another application\.
*Type:*
boolean
*Default:*
` false `
*Example:*
` true `
## environment\.hakurei\.apps\.\<name>\.tty
Whether to enable access to the controlling terminal\.
*Type:*
boolean
*Default:*
` false `
*Example:*
` true `
## environment\.hakurei\.apps\.\<name>\.useCommonPaths
Whether to enable common extra paths\.
*Type:*
boolean
*Default:*
` true `
*Example:*
` true `
## environment\.hakurei\.apps\.\<name>\.userns
Whether to enable user namespace creation\.
*Type:*
boolean
*Default:*
` false `
*Example:*
` true `
## environment\.hakurei\.apps\.\<name>\.verbose
Whether to enable launchers with verbose output\.
*Type:*
boolean
*Default:*
` false `
*Example:*
` true `
## environment\.hakurei\.apps\.\<name>\.wait_delay
Duration to wait for after interrupting a containers initial process in nanoseconds\.
A negative value causes the container to be terminated immediately on cancellation\.
Setting this to null defaults to five seconds\.
*Type:*
null or signed integer
*Default:*
` null `
## environment\.hakurei\.commonPaths
Common extra paths to make available to the container\.
*Type:*
list of attribute set of anything
*Default:*
` [ ] `
## environment\.hakurei\.extraHomeConfig
Extra home-manager configuration to merge with all target users\.
*Type:*
anything
## environment\.hakurei\.hsuPackage
The hsu package to use\.
*Type:*
package
*Default:*
` <derivation hakurei-hsu-0.3.3> `
## environment\.hakurei\.sharefs\.package
The sharefs package to use\.
*Type:*
package
*Default:*
` <derivation sharefs> `
## environment\.hakurei\.sharefs\.group
Name of the group to run the sharefs daemon as\.
*Type:*
string
*Default:*
` "sharefs" `
## environment\.hakurei\.sharefs\.name
Host path to mount sharefs on\.
*Type:*
string
*Default:*
` "/sdcard" `
## environment\.hakurei\.sharefs\.source
Writable backing directory\. Setting this to null disables sharefs\.
*Type:*
null or string
*Default:*
` null `
## environment\.hakurei\.sharefs\.user
Name of the user to run the sharefs daemon as\.
*Type:*
string
*Default:*
` "sharefs" `
## environment\.hakurei\.shell
Absolute path to preferred shell\.
*Type:*
string
*Default:*
` "/run/current-system/sw/bin/bash" `
## environment\.hakurei\.stateDir
The state directory where app home directories are stored\.
*Type:*
string
## environment\.hakurei\.users
Users allowed to spawn hakurei apps and their corresponding hakurei identity\.
*Type:*
attribute set of integer between 0 and 99 (both inclusive)
Reference in New Issue View Git Blame Copy Permalink