forked from mirrors/nixpkgs
fedd7cd690
This is slightly more verbose and inconvenient, but it forces you to think about what the wrapper ownership and permissions will be.
28 lines
565 B
Nix
28 lines
565 B
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
with lib;
|
|
|
|
let cfg = config.programs.noisetorch;
|
|
in {
|
|
options.programs.noisetorch = {
|
|
enable = mkEnableOption "noisetorch + setcap wrapper";
|
|
|
|
package = mkOption {
|
|
type = types.package;
|
|
default = pkgs.noisetorch;
|
|
description = ''
|
|
The noisetorch package to use.
|
|
'';
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
security.wrappers.noisetorch = {
|
|
owner = "root";
|
|
group = "root";
|
|
capabilities = "cap_sys_resource=+ep";
|
|
source = "${cfg.package}/bin/noisetorch";
|
|
};
|
|
};
|
|
}
|