You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
26 lines
881 B
26 lines
881 B
{ config, pkgs, lib, ... }:
|
|
{
|
|
options.virtualisation.spiceUSBRedirection.enable = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = false;
|
|
description = ''
|
|
Install the SPICE USB redirection helper with setuid
|
|
privileges. This allows unprivileged users to pass USB devices
|
|
connected to this machine to libvirt VMs, both local and
|
|
remote. Note that this allows users arbitrary access to USB
|
|
devices.
|
|
'';
|
|
};
|
|
|
|
config = lib.mkIf config.virtualisation.spiceUSBRedirection.enable {
|
|
environment.systemPackages = [ pkgs.spice-gtk ]; # For polkit actions
|
|
security.wrappers.spice-client-glib-usb-acl-helper = {
|
|
owner = "root";
|
|
group = "root";
|
|
capabilities = "cap_fowner+ep";
|
|
source = "${pkgs.spice-gtk}/bin/spice-client-glib-usb-acl-helper";
|
|
};
|
|
};
|
|
|
|
meta.maintainers = [ lib.maintainers.lheckemann ];
|
|
}
|
|
|