diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 75e513b76c6..33430f4d739 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -111,6 +111,7 @@ ./programs/firejail.nix ./programs/fish.nix ./programs/freetds.nix + ./programs/fuse.nix ./programs/gnome-disks.nix ./programs/gnome-documents.nix ./programs/gpaste.nix diff --git a/nixos/modules/programs/fuse.nix b/nixos/modules/programs/fuse.nix new file mode 100644 index 00000000000..d3b644024e0 --- /dev/null +++ b/nixos/modules/programs/fuse.nix @@ -0,0 +1,37 @@ +{ config, lib, ... }: + +with lib; + +let + cfg = config.programs.fuse; +in { + meta.maintainers = with maintainers; [ primeos ]; + + options.programs.fuse = { + mountMax = mkOption { + # In the C code it's an "int" (i.e. signed and at least 16 bit), but + # negative numbers obviously make no sense: + type = types.ints.between 0 32767; # 2^15 - 1 + default = 1000; + description = '' + Set the maximum number of FUSE mounts allowed to non-root users. + ''; + }; + + userAllowOther = mkOption { + type = types.bool; + default = false; + description = '' + Allow non-root users to specify the allow_other or allow_root mount + options, see mount.fuse3(8). + ''; + }; + }; + + config = { + environment.etc."fuse.conf".text = '' + ${optionalString (!cfg.userAllowOther) "#"}user_allow_other + mount_max = ${toString cfg.mountMax} + ''; + }; +} diff --git a/nixos/modules/services/network-filesystems/ipfs.nix b/nixos/modules/services/network-filesystems/ipfs.nix index f19bf9d8139..bbbfcf6a473 100644 --- a/nixos/modules/services/network-filesystems/ipfs.nix +++ b/nixos/modules/services/network-filesystems/ipfs.nix @@ -208,9 +208,9 @@ in { config = mkIf cfg.enable { environment.systemPackages = [ wrapped ]; - environment.etc."fuse.conf" = mkIf cfg.autoMount { text = '' - user_allow_other - ''; }; + programs.fuse = mkIf cfg.autoMount { + userAllowOther = true; + }; users.users = mkIf (cfg.user == "ipfs") { ipfs = {