diff options
Diffstat (limited to 'nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix')
-rw-r--r-- | nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix | 54 |
1 files changed, 28 insertions, 26 deletions
diff --git a/nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix b/nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix index 4e47febed1be..b1565a09682a 100644 --- a/nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix +++ b/nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix @@ -18,25 +18,25 @@ in { options.virtualisation.virtualbox.host = { - enable = mkEnableOption "VirtualBox" // { - description = '' + enable = mkEnableOption (lib.mdDoc "VirtualBox") // { + description = lib.mdDoc '' Whether to enable VirtualBox. - <note><para> - In order to pass USB devices from the host to the guests, the user - needs to be in the <literal>vboxusers</literal> group. - </para></note> + ::: {.note} + In order to pass USB devices from the host to the guests, the user + needs to be in the `vboxusers` group. + ::: ''; }; - enableExtensionPack = mkEnableOption "VirtualBox extension pack" // { - description = '' + enableExtensionPack = mkEnableOption (lib.mdDoc "VirtualBox extension pack") // { + description = lib.mdDoc '' Whether to install the Oracle Extension Pack for VirtualBox. - <important><para> - You must set <literal>nixpkgs.config.allowUnfree = true</literal> in - order to use this. This requires you accept the VirtualBox PUEL. - </para></important> + ::: {.important} + You must set `nixpkgs.config.allowUnfree = true` in + order to use this. This requires you accept the VirtualBox PUEL. + ::: ''; }; @@ -60,15 +60,15 @@ in enableHardening = mkOption { type = types.bool; default = true; - description = '' + description = lib.mdDoc '' Enable hardened VirtualBox, which ensures that only the binaries in the system path get access to the devices exposed by the kernel modules instead of all users in the vboxusers group. - <important><para> - Disabling this can put your system's security at risk, as local users - in the vboxusers group can tamper with the VirtualBox device files. - </para></important> + ::: {.important} + Disabling this can put your system's security at risk, as local users + in the vboxusers group can tamper with the VirtualBox device files. + ::: ''; }; @@ -104,16 +104,18 @@ in group = "vboxusers"; setuid = true; }; + executables = [ + "VBoxHeadless" + "VBoxNetAdpCtl" + "VBoxNetDHCP" + "VBoxNetNAT" + "VBoxVolInfo" + ] ++ (lib.optionals (!cfg.headless) [ + "VBoxSDL" + "VirtualBoxVM" + ]); in mkIf cfg.enableHardening - (builtins.listToAttrs (map (x: { name = x; value = mkSuid x; }) [ - "VBoxHeadless" - "VBoxNetAdpCtl" - "VBoxNetDHCP" - "VBoxNetNAT" - "VBoxSDL" - "VBoxVolInfo" - "VirtualBoxVM" - ])); + (builtins.listToAttrs (map (x: { name = x; value = mkSuid x; }) executables)); users.groups.vboxusers.gid = config.ids.gids.vboxusers; |