henrov/nixos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
c8ca5bd3ec7f14c7a669747ea1ac1799b6101f0e
nixos/henrovnix_ok/home/desktop/walker.nix
T

92 lines
2.1 KiB
Nix
Raw Blame History

{ config, pkgs, lib, inputs ? null, ... }:
let
walkerPkg =
if inputs != null && inputs ? walker
then inputs.walker.packages.${pkgs.system}.default
else pkgs.walker;
elephantPkg =
if inputs != null && inputs ? elephant
then inputs.elephant.packages.${pkgs.system}.default
else pkgs.elephant;
sessionTarget = "graphical-session.target";
in
{
xdg.enable = true;
home.packages = [
walkerPkg
elephantPkg
];
systemd.user.services.elephant = {
Unit = {
Description = "Elephant backend for Walker";
PartOf = [ sessionTarget ];
After = [ sessionTarget ];
};
Service = {
Type = "simple";
ExecStart = "${elephantPkg}/bin/elephant";
Restart = "on-failure";
RestartSec = 1;
# Ensure Elephant can create its socket under:
# /run/user/$UID/elephant/...
RuntimeDirectory = "elephant";
RuntimeDirectoryMode = "0700";
# Light hardening (DO NOT use ProtectSystem=strict here)
NoNewPrivileges = true;
PrivateTmp = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
};
Install = {
WantedBy = [ sessionTarget ];
};
};
systemd.user.services.walker = {
Unit = {
Description = "Walker GApplication service";
PartOf = [ sessionTarget ];
After = [ sessionTarget "elephant.service" ];
Wants = [ "elephant.service" ];
};
Service = {
Type = "simple";
ExecStart = "${walkerPkg}/bin/walker --gapplication-service";
Restart = "on-failure";
RestartSec = 1;
# Light hardening
NoNewPrivileges = true;
PrivateTmp = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
};
Install = {
WantedBy = [ sessionTarget ];
};
};
}
Reference in New Issue View Git Blame Copy Permalink