about summary refs log tree commit diff
path: root/nixos/modules/programs/firejail.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/programs/firejail.nix')
-rw-r--r--nixos/modules/programs/firejail.nix22
1 files changed, 11 insertions, 11 deletions
diff --git a/nixos/modules/programs/firejail.nix b/nixos/modules/programs/firejail.nix
index 0abdde5ddebd..484f9eb44406 100644
--- a/nixos/modules/programs/firejail.nix
+++ b/nixos/modules/programs/firejail.nix
@@ -5,20 +5,20 @@ with lib;
 let
   cfg = config.programs.firejail;
 
-  wrappedBins = pkgs.stdenv.mkDerivation {
-    name = "firejail-wrapped-binaries";
-    nativeBuildInputs = with pkgs; [ makeWrapper ];
-    buildCommand = ''
+  wrappedBins = pkgs.runCommand "firejail-wrapped-binaries"
+    { preferLocalBuild = true;
+      allowSubstitutes = false;
+    }
+    ''
       mkdir -p $out/bin
       ${lib.concatStringsSep "\n" (lib.mapAttrsToList (command: binary: ''
-      cat <<_EOF >$out/bin/${command}
-      #!${pkgs.stdenv.shell} -e
-      /run/wrappers/bin/firejail ${binary} "\$@"
-      _EOF
-      chmod 0755 $out/bin/${command}
+        cat <<_EOF >$out/bin/${command}
+        #! ${pkgs.runtimeShell} -e
+        exec /run/wrappers/bin/firejail ${binary} "\$@"
+        _EOF
+        chmod 0755 $out/bin/${command}
       '') cfg.wrappedBinaries)}
     '';
-  };
 
 in {
   options.programs.firejail = {
@@ -47,7 +47,7 @@ in {
   config = mkIf cfg.enable {
     security.wrappers.firejail.source = "${lib.getBin pkgs.firejail}/bin/firejail";
 
-    environment.systemPackages = [ wrappedBins ];
+    environment.systemPackages = [ pkgs.firejail ] ++ [ wrappedBins ];
   };
 
   meta.maintainers = with maintainers; [ peterhoeg ];
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-11 08:45:08 +0000