diff options
Diffstat (limited to 'lib/mk-sandbox-system.nix')
-rw-r--r-- | lib/mk-sandbox-system.nix | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/mk-sandbox-system.nix b/lib/mk-sandbox-system.nix index a840dbe..bbe0238 100644 --- a/lib/mk-sandbox-system.nix +++ b/lib/mk-sandbox-system.nix | |||
@@ -3,6 +3,7 @@ | |||
3 | , name ? "sandbox" | 3 | , name ? "sandbox" |
4 | , user ? "dummy" | 4 | , user ? "dummy" |
5 | , config ? { } | 5 | , config ? { } |
6 | , restrictNetwork ? true # to be replaced with virtualisation.restrictNetwork | ||
6 | }: | 7 | }: |
7 | 8 | ||
8 | with nixpkgs.lib; | 9 | with nixpkgs.lib; |
@@ -70,13 +71,14 @@ in rec { | |||
70 | 71 | ||
71 | apps.${name} = { | 72 | apps.${name} = { |
72 | type = "app"; | 73 | type = "app"; |
73 | program = toString (pkgs.writeShellScript "sandbox-vm" '' | 74 | program = toString (pkgs.writeShellScript "sandbox-vm" ( |
75 | (pkgs.lib.optionalString restrictNetwork '' | ||
74 | # Isolate from network | 76 | # Isolate from network |
75 | # Stopgap solution until this is merged: | 77 | # Stopgap solution until this is merged: |
76 | # https://github.com/NixOS/nixpkgs/pull/200225 | 78 | # https://github.com/NixOS/nixpkgs/pull/200225 |
77 | QEMU_NET_OPTS="restrict=yes,''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}" | 79 | QEMU_NET_OPTS="restrict=yes,''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}" |
78 | export QEMU_NET_OPTS | 80 | export QEMU_NET_OPTS |
79 | 81 | '') + '' | |
80 | # Save current directory for mounting in VM | 82 | # Save current directory for mounting in VM |
81 | SHARED_CWD=$PWD | 83 | SHARED_CWD=$PWD |
82 | export SHARED_CWD | 84 | export SHARED_CWD |