nixos/systembus-notify: add support for system services notifying users

2021-07-12 15:34:26 +08:00 · 2021-07-12 15:34:26 +08:00 · 27e32bbfde
parent 8d0f7b0cda
commit 27e32bbfde
5 changed files with 80 additions and 5 deletions
--- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
@ -249,6 +249,17 @@
          <link linkend="opt-services.prosody-filer.enable">services.prosody-filer</link>.
        </para>
      </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://github.com/rfjakob/systembus-notify">systembus-notify</link>,
+          allow system level notifications to reach the users. Available
+          as
+          <link xlink:href="opt-services.systembus-notify.enable">services.systembus-notify</link>.
+          Please keep in mind that this service should only be enabled
+          on machines with fully trusted users, as any local user is
+          able to DoS user sessions by spamming notifications.
+        </para>
+      </listitem>
      <listitem>
        <para>
          <link xlink:href="https://github.com/audreyt/ethercalc">ethercalc</link>,
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@ -72,6 +72,8 @@ In addition to numerous new and upgraded packages, this release has the followin

 - [prosody-filer](https://github.com/ThomasLeister/prosody-filer), a server for handling XMPP HTTP Upload requests. Available at [services.prosody-filer](#opt-services.prosody-filer.enable).

+- [systembus-notify](https://github.com/rfjakob/systembus-notify), allow system level notifications to reach the users. Available as [services.systembus-notify](opt-services.systembus-notify.enable). Please keep in mind that this service should only be enabled on machines with fully trusted users, as any local user is able to DoS user sessions by spamming notifications.
+
 - [ethercalc](https://github.com/audreyt/ethercalc), an online collaborative
  spreadsheet. Available as [services.ethercalc](options.html#opt-services.ethercalc.enable).

--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -987,6 +987,7 @@
  ./services/system/nscd.nix
  ./services/system/saslauthd.nix
  ./services/system/self-deploy.nix
+  ./services/system/systembus-notify.nix
  ./services/system/uptimed.nix
  ./services/torrent/deluge.nix
  ./services/torrent/flexget.nix
--- a/nixos/modules/services/system/systembus-notify.nix
+++ b/nixos/modules/services/system/systembus-notify.nix
@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.services.systembus-notify;
+
+  inherit (lib) mkEnableOption mkIf;
+
+in
+{
+  options.services.systembus-notify = {
+    enable = mkEnableOption ''
+      System bus notification support
+
+      WARNING: enabling this option (while convenient) should *not* be done on a
+      machine where you do not trust the other users as it allows any other
+      local user to DoS your session by spamming notifications.
+    '';
+  };
+
+  config = mkIf cfg.enable {
+    systemd = {
+      packages = with pkgs; [ systembus-notify ];
+
+      user.services.systembus-notify.wantedBy = [ "graphical-session.target" ];
+    };
+  };
+}
--- a/pkgs/applications/misc/systembus-notify/default.nix
+++ b/pkgs/applications/misc/systembus-notify/default.nix
@ -1,5 +1,30 @@
-{ lib, stdenv, fetchFromGitHub, systemd }:
+{ lib
+, stdenv
+, fetchFromGitHub
+, formats
+, systemd
+}:

+let
+  ini = formats.ini { };
+
+  unit = ini.generate "systembus-notify.service" {
+    Unit = {
+      Description = "system bus notification daemon";
+    };
+
+    Service = {
+      Type = "exec";
+      ExecStart = "@out@/bin/systembus-notify";
+      PrivateTmp = true;
+      ProtectHome = true;
+      ProtectSystem = "strict";
+      Restart = "on-failure";
+      Slice = "background.slice";
+    };
+  };
+
+in
 stdenv.mkDerivation rec {
  pname = "systembus-notify";
  version = "1.1";
@ -8,23 +33,32 @@ stdenv.mkDerivation rec {
    owner = "rfjakob";
    repo = "systembus-notify";
    rev = "v${version}";
-    sha256 = "1pdn45rfpwhrf20hs87qmk2j8sr7ab8161f81019wnypnb1q2fsv";
+    sha256 = "sha256-WzuBw7LXW54CCMgFE9BSJ2skxaz4IA2BcBny63Ihtt0=";
  };

  buildInputs = [ systemd ];

  installPhase = ''
    runHook preInstall
-    install -Dm755 systembus-notify -t $out/bin
-    install -Dm644 systembus-notify.desktop -t $out/etc/xdg/autostart
+
+    install -Dm555 -t $out/bin systembus-notify
+    install -Dm444 -t $out/share/systembus-notify systembus-notify.desktop
+
+    install -d $out/lib/systemd/user
+    substitute ${unit} $out/lib/systemd/user/${unit.name} \
+      --subst-var out
+
    runHook postInstall
  '';

+  # requires a running dbus instance
+  doCheck = false;
+
  meta = with lib; {
    description = "System bus notification daemon";
    homepage = "https://github.com/rfjakob/systembus-notify";
    license = licenses.mit;
+    maintainers = with maintainers; [ peterhoeg ];
    platforms = platforms.linux;
-    maintainers = with maintainers; [];
  };
 }