diff --git a/overlays/bwrap-x.nix b/overlays/bwrap-x.nix new file mode 100644 index 0000000..241a2cc --- /dev/null +++ b/overlays/bwrap-x.nix @@ -0,0 +1,140 @@ +# SPDX-FileCopyrightText: 2022 Richard Brežák +# +# SPDX-License-Identifier: LGPL-3.0-or-later +{ + name = "bwrap-x"; + overlay = {}: final: prev: { + bwrap-factorio = final.bwrap-x { + pkgs = with prev; [ + xorg.libX11 + xorg.libXext + xorg.libXinerama + xorg.libXrandr + xorg.libXcursor + pulseaudio + libglvnd + alsa-lib + ]; + }; + bwrap-x = + { defaultPackages ? (with prev; [ bashInteractive coreutils-full gawk gzip gnutar gnugrep glibc.bin ]) + , pkgs ? [] + }: + with prev.lib; + prev.writeShellScriptBin "bwrap-x" '' + nixpkgs="${prev.path}" + + store_paths=() + preload_libraries=() + + for package in ${concatStringsSep " " (pkgs ++ defaultPackages)} + do + for path in $(nix path-info -r $package) + do + store_paths+=("$path") + done + done + + for path in $(nix path-info -r $(for package in $EXTRA_PACKAGES ; do echo $nixpkgs#$package ; done)) + do + store_paths+=("$path") + done + + for package in ${concatStringsSep " " (pkgs ++ defaultPackages)} + do + for path in $(nix build --no-link --print-out-paths $package) + do + if [ -e "$path/lib" ] + then + preload_libraries+=("$path/lib") + fi + done + done + + + for path in $(nix build --no-link --print-out-paths $(for package in $EXTRA_PACKAGES ; do echo $nixpkgs#$package ; done)) + do + if [ -e "$path/lib" ] + then + preload_libraries+=("$path/lib") + fi + done + + if [ "$ENABLE_XORG" == "1" ] + then + for package in $(readlink /run/opengl-driver /run/opengl-driver-32) + do + for path in $(nix path-info -r $package) + do + store_paths+=("$path") + done + done + preload_libraries+=("/run/opengl-driver/lib" "/run/opengl-driver-32/lib") + fi + + preload_libraries_new="$(echo "''${preload_libraries[@]}" | tr ' ' '\n' | sort | uniq | tr '\n' ' ')" + store_paths_new="$(echo "''${store_paths[@]}" | tr ' ' '\n' | sort | uniq | tr '\n' ' ')" + + ${prev.bubblewrap}/bin/bwrap \ + --unshare-all \ + --ro-bind /bin/sh /bin/sh \ + --ro-bind /usr/bin/env /usr/bin/env \ + --ro-bind ${prev.glibc}/lib64/ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2 \ + --ro-bind /nix/store /nix/store \ + `# $(for path in ''${store_paths_new[@]} ;` \ + `# do` \ + `# nix path-info $path -r | sed 's/\(.*\)/--ro-bind \1 \1/m' | tr '\n' ' ' ;` \ + `# done)` \ + --ro-bind /bin/sh /bin/sh \ + --setenv PATH \ + $(for path in ''${store_paths_new[@]} ; \ + do \ + echo $path | sed 's~\(.*\)~\1/bin~m' | tr '\n' ':' ; \ + done) \ + --tmpfs /tmp \ + --proc /proc \ + --dev /dev \ + \ + \ + $(for path in $BIND_PATHS ; \ + do \ + echo "--bind $path $path" ; \ + done) \ + $(for path in $BIND_RO_PATHS ; \ + do \ + echo "--ro-bind $path $path" ; \ + done) \ + $([ "$CWD" = "" ] && echo "--cwd $CWD") \ + \ + \ + $([ "$ENABLE_PULSEAUDIO" == "1" ] && echo "${concatStringsSep " " [ + "--dev-bind /dev/snd /dev/snd" + "--ro-bind /etc/group /etc/group" + "--bind /run/user/1000/pulse/ /run/user/1000/pulse/" + ]}") \ + \ + \ + $([ "$ENABLE_XORG" == "1" ] && echo "${concatStringsSep " " [ + "--bind /tmp/.X11-unix/X0 /tmp/.X11-unix/X0" + "--ro-bind /home/main/.Xauthority /home/main/.Xauthority" + + "--bind /run/nvidia-xdriver-e0a0641b /run/nvidia-xdriver-e0a0641b" + "--ro-bind /run/opengl-driver-32 /run/opengl-driver-32" + "--ro-bind /run/opengl-driver /run/opengl-driver" + "--ro-bind /sys/dev/char /sys/dev/char" + "--dev-bind /dev/dri /dev/dri" + "--ro-bind /sys/devices/pci0000:00 /sys/devices/pci0000:00" + "$(for dev in /dev/nvidia* ; do echo \"--dev-bind $dev $dev\" ; done)" + ]}") \ + \ + $([ "ENABLE_NETWORK" == "1" ] && echo "${concatStringsSep " " [ + "--ro-bind /etc/ssl /etc/ssl" + "--ro-bind /etc/static/ssl /etc/static/ssl" + "--ro-bind /etc/resolv.conf /etc/resolv.conf" + "--share-net" + ]}") \ + --setenv LD_LIBRARY_PATH "$(echo "''${preload_libraries_new[@]}" | tr ' ' ':')" \ + "$@" + ''; + }; +}