nixpkgs/nixos/modules/virtualisation/spice-usb-redirection.nix

{ config, pkgs, lib, ... }:
{
  options.virtualisation.spiceUSBRedirection.enable = lib.mkOption {
    type = lib.types.bool;
    default = false;
    description = ''
      Install the SPICE USB redirection helper with setuid
      privileges. This allows unprivileged users to pass USB devices
      connected to this machine to libvirt VMs, both local and
      remote. Note that this allows users arbitrary access to USB
      devices.
    '';
  };

  config = lib.mkIf config.virtualisation.spiceUSBRedirection.enable {
    environment.systemPackages = [ pkgs.spice-gtk ]; # For polkit actions
    security.wrappers.spice-client-glib-usb-acl-helper ={
      source = "${pkgs.spice-gtk}/bin/spice-client-glib-usb-acl-helper";
      capabilities = "cap_fowner+ep";
    };
  };

  meta.maintainers = [ lib.maintainers.lheckemann ];
}
nixos/spice-usb-redirection: init Fixes #39618 2020-09-12 09:10:06 +02:00			`{ config, pkgs, lib, ... }:`
			`{`
			`options.virtualisation.spiceUSBRedirection.enable = lib.mkOption {`
			`type = lib.types.bool;`
			`default = false;`
			`description = ''`
			`Install the SPICE USB redirection helper with setuid`
			`privileges. This allows unprivileged users to pass USB devices`
			`connected to this machine to libvirt VMs, both local and`
			`remote. Note that this allows users arbitrary access to USB`
			`devices.`
			`'';`
			`};`

			`config = lib.mkIf config.virtualisation.spiceUSBRedirection.enable {`
fixup: address @jtojnar's review comments 2020-09-12 17:00:44 +02:00			`environment.systemPackages = [ pkgs.spice-gtk ]; # For polkit actions`
			`security.wrappers.spice-client-glib-usb-acl-helper ={`
			`source = "${pkgs.spice-gtk}/bin/spice-client-glib-usb-acl-helper";`
			`capabilities = "cap_fowner+ep";`
			`};`
nixos/spice-usb-redirection: init Fixes #39618 2020-09-12 09:10:06 +02:00			`};`

			`meta.maintainers = [ lib.maintainers.lheckemann ];`
			`}`