646b892680
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
66 lines
1.4 KiB
Nix
66 lines
1.4 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
|
|
let
|
|
cfg = config.programs.fuse;
|
|
in
|
|
{
|
|
meta.maintainers = [ ];
|
|
|
|
options.programs.fuse = {
|
|
enable = lib.mkEnableOption "fuse" // {
|
|
default = true;
|
|
};
|
|
|
|
mountMax = lib.mkOption {
|
|
# In the C code it's an "int" (i.e. signed and at least 16 bit), but
|
|
# negative numbers obviously make no sense:
|
|
type = lib.types.ints.between 0 32767; # 2^15 - 1
|
|
default = 1000;
|
|
description = ''
|
|
Set the maximum number of FUSE mounts allowed to non-root users.
|
|
'';
|
|
};
|
|
|
|
userAllowOther = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = false;
|
|
description = ''
|
|
Allow non-root users to specify the allow_other or allow_root mount
|
|
options, see mount.fuse3(8).
|
|
'';
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
environment.systemPackages = [
|
|
pkgs.fuse
|
|
pkgs.fuse3
|
|
];
|
|
|
|
security.wrappers =
|
|
let
|
|
mkSetuidRoot = source: {
|
|
setuid = true;
|
|
owner = "root";
|
|
group = "root";
|
|
inherit source;
|
|
};
|
|
in
|
|
{
|
|
fusermount = mkSetuidRoot "${lib.getBin pkgs.fuse}/bin/fusermount";
|
|
fusermount3 = mkSetuidRoot "${lib.getBin pkgs.fuse3}/bin/fusermount3";
|
|
};
|
|
|
|
environment.etc."fuse.conf".text = ''
|
|
${lib.optionalString (!cfg.userAllowOther) "#"}user_allow_other
|
|
mount_max = ${builtins.toString cfg.mountMax}
|
|
'';
|
|
|
|
};
|
|
}
|