Skip to content

Commit

Permalink
Update XDG handlers to use GIVC instead of SSH
Browse files Browse the repository at this point in the history
Signed-off-by: Yuri Nesterov <[email protected]>
  • Loading branch information
nesteroff committed Dec 20, 2024
1 parent 40e5ba6 commit 33904b2
Show file tree
Hide file tree
Showing 14 changed files with 250 additions and 165 deletions.
4 changes: 3 additions & 1 deletion modules/common/security/apparmor/profiles/google-chrome.nix
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,9 @@
${pkgs.chromium}-sandbox/bin/* ixr,
${pkgs.givc-cli}/bin/givc-cli ixr,
${pkgs.open-normal-extension}/* ixr,
${config.ghaf.services.xdghandlers.handlerPath}/bin/* ixr,
/nix/store/*xdgopenfile/bin/xdgopenfile ixr,
/run/xdg/pdf/* rw,
/run/xdg/image/* rw,
${pkgs.systemd}/bin/* ixr,
${pkgs.bashInteractive}/bin/* ixr,
${pkgs.libressl.nc}/bin/* ixr,
Expand Down
2 changes: 0 additions & 2 deletions modules/common/services/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,6 @@
./audio.nix
./wifi.nix
./firmware.nix
./xdgopener.nix
./xdghandlers.nix
./namespaces.nix
./yubikey.nix
./bluetooth.nix
Expand Down
81 changes: 0 additions & 81 deletions modules/common/services/xdghandlers.nix

This file was deleted.

66 changes: 0 additions & 66 deletions modules/common/services/xdgopener.nix

This file was deleted.

3 changes: 3 additions & 0 deletions modules/microvm/virtualization/microvm/appvm.nix
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,9 @@ let

./common/ghaf-audio.nix
./common/storagevm.nix
./common/xdgitems.nix
./common/xdghandlers.nix

(
with configHost.ghaf.virtualization.microvm-host;
lib.optionalAttrs (sharedVmDirectory.enable && builtins.elem vmName sharedVmDirectory.vms) (
Expand Down
110 changes: 110 additions & 0 deletions modules/microvm/virtualization/microvm/common/xdghandlers.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
# Copyright 2022-2024 TII (SSRC) and the Ghaf contributors
# SPDX-License-Identifier: Apache-2.0
{
lib,
config,
pkgs,
...
}:
let
cfg = config.ghaf.xdghandlers;
xdgOpenPdf = pkgs.writeShellApplication {
name = "xdgopenpdf";
runtimeInputs = [
pkgs.coreutils
];
# TODO: fix the url hack once GIVC supports file path arguments
text = ''
#!${pkgs.runtimeShell}
file="$1"
if [[ "$file" == http://example.com?p=* ]]; then
file="''${file:21}"
file=$(echo -n "$file" | base64 --decode)
fi
echo "XDG open PDF: $file"
${config.ghaf.givc.appPrefix}/run-waypipe ${config.ghaf.givc.appPrefix}/zathura "$file"
rm "$file"
'';
};
xdgOpenImage = pkgs.writeShellApplication {
name = "xdgopenimage";
runtimeInputs = [
pkgs.coreutils
];
# TODO: fix the url hack once GIVC supports file path arguments
text = ''
#!${pkgs.runtimeShell}
file="$1"
if [[ "$file" == http://example.com?p=* ]]; then
file="''${file:21}"
file=$(echo -n "$file" | base64 --decode)
fi
echo "XDG open image: $file"
${config.ghaf.givc.appPrefix}/run-waypipe ${config.ghaf.givc.appPrefix}/pqiv -i "$file"
rm "$file"
'';
};
in
{
options.ghaf.xdghandlers = {
enable = lib.mkEnableOption "XDG Handlers";
};

config = lib.mkIf cfg.enable {

environment.systemPackages = [
pkgs.zathura
pkgs.pqiv
];

ghaf.givc.appvm.applications = [
{
name = "xdg-pdf";
command = "${xdgOpenPdf}/bin/xdgopenpdf";
args = [ "url" ];
}
{
name = "xdg-image";
command = "${xdgOpenImage}/bin/xdgopenimage";
args = [ "url" ];
}
];

microvm.shares = [
{
tag = "xdgshare-pdf";
proto = "virtiofs";
securityModel = "passthrough";
source = "/storagevm/shared/shares/xdg/pdf";
mountPoint = "/run/xdg/pdf";
}
{
tag = "xdgshare-image";
proto = "virtiofs";
securityModel = "passthrough";
source = "/storagevm/shared/shares/xdg/image";
mountPoint = "/run/xdg/image";
}
];

fileSystems = {
"/run/xdg/pdf".options = [
"rw"
"nodev"
"nosuid"
"noexec"
];
"/run/xdg/image".options = [
"rw"
"nodev"
"nosuid"
"noexec"
];
};

systemd.tmpfiles.rules = [
"d /run/xdg/pdf 0700 ${toString config.ghaf.users.loginUser.uid}"
"d /run/xdg/image 0700 ${toString config.ghaf.users.loginUser.uid}"
];
};
}
Loading

0 comments on commit 33904b2

Please sign in to comment.