From 82562b316b38ca08bd0187fe5a1c3a343219b6f1 Mon Sep 17 00:00:00 2001 From: pacien Date: Sat, 12 Nov 2022 01:03:52 +0100 Subject: mkSandboxSystem: make restricted network optional --- lib/mk-sandbox-system.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/mk-sandbox-system.nix b/lib/mk-sandbox-system.nix index a840dbe..bbe0238 100644 --- a/lib/mk-sandbox-system.nix +++ b/lib/mk-sandbox-system.nix @@ -3,6 +3,7 @@ , name ? "sandbox" , user ? "dummy" , config ? { } +, restrictNetwork ? true # to be replaced with virtualisation.restrictNetwork }: with nixpkgs.lib; @@ -70,13 +71,14 @@ in rec { apps.${name} = { type = "app"; - program = toString (pkgs.writeShellScript "sandbox-vm" '' + program = toString (pkgs.writeShellScript "sandbox-vm" ( + (pkgs.lib.optionalString restrictNetwork '' # Isolate from network # Stopgap solution until this is merged: # https://github.com/NixOS/nixpkgs/pull/200225 QEMU_NET_OPTS="restrict=yes,''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}" export QEMU_NET_OPTS - + '') + '' # Save current directory for mounting in VM SHARED_CWD=$PWD export SHARED_CWD -- cgit v1.2.3