aboutsummaryrefslogtreecommitdiff
path: root/lib/mk-sandbox-system.nix
diff options
context:
space:
mode:
Diffstat (limited to 'lib/mk-sandbox-system.nix')
-rw-r--r--lib/mk-sandbox-system.nix6
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/mk-sandbox-system.nix b/lib/mk-sandbox-system.nix
index a840dbe..bbe0238 100644
--- a/lib/mk-sandbox-system.nix
+++ b/lib/mk-sandbox-system.nix
@@ -3,6 +3,7 @@
3, name ? "sandbox" 3, name ? "sandbox"
4, user ? "dummy" 4, user ? "dummy"
5, config ? { } 5, config ? { }
6, restrictNetwork ? true # to be replaced with virtualisation.restrictNetwork
6}: 7}:
7 8
8with nixpkgs.lib; 9with nixpkgs.lib;
@@ -70,13 +71,14 @@ in rec {
70 71
71 apps.${name} = { 72 apps.${name} = {
72 type = "app"; 73 type = "app";
73 program = toString (pkgs.writeShellScript "sandbox-vm" '' 74 program = toString (pkgs.writeShellScript "sandbox-vm" (
75 (pkgs.lib.optionalString restrictNetwork ''
74 # Isolate from network 76 # Isolate from network
75 # Stopgap solution until this is merged: 77 # Stopgap solution until this is merged:
76 # https://github.com/NixOS/nixpkgs/pull/200225 78 # https://github.com/NixOS/nixpkgs/pull/200225
77 QEMU_NET_OPTS="restrict=yes,''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}" 79 QEMU_NET_OPTS="restrict=yes,''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}"
78 export QEMU_NET_OPTS 80 export QEMU_NET_OPTS
79 81 '') + ''
80 # Save current directory for mounting in VM 82 # Save current directory for mounting in VM
81 SHARED_CWD=$PWD 83 SHARED_CWD=$PWD
82 export SHARED_CWD 84 export SHARED_CWD