dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

nixos/monado: make CAP_SYS_NICE wrapper configurable

Browse Source 
Signed-off-by: Sefa Eyeoglu <contact@scrumplex.net>
This commit is contained in:
Sefa Eyeoglu 2024-01-06 12:15:47 +01:00
parent 8fc2690b73
commit 0e585a63e2
No known key found for this signature in database
GPG Key ID: E13DFD4B47127951
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
nixos/modules/services/hardware/monado.nix
View File

@ -11,7 +11,7 @@ let
in
{
options.services.monado = {
enable = mkEnableOption "Monado wrapper and user service";
enable = mkEnableOption "Monado user service";
package = mkPackageOption pkgs "monado" { };
@ -26,16 +26,19 @@ in
default = false;
example = true;
};
highPriority = mkEnableOption "high priority capability for monado-service"
// mkOption { default = true; };
};
config = mkIf cfg.enable {
security.wrappers."monado-service" = {
security.wrappers."monado-service" = mkIf cfg.highPriority {
setuid = false;
owner = "root";
group = "root";
# cap_sys_nice needed for asynchronous reprojection
capabilities = "cap_sys_nice+eip";
source = "${cfg.package}/bin/monado-service";
source = lib.getExe' cfg.package "monado-service";
};
services.udev.packages = with pkgs; [ xr-hardware ];
@ -57,7 +60,10 @@ in
};
serviceConfig = {
ExecStart = "${config.security.wrapperDir}/monado-service";
ExecStart =
if cfg.highPriority
then "${config.security.wrapperDir}/monado-service"
else lib.getExe' cfg.package "monado-service";
Restart = "no";
};