1
0
forked from extern/nix-config

meta: Remove gui container

Although this was cool, it created some inconveniences that I'd rather
not have to deal with. For example, opening a document required manually
copying the file to the container mount first.

Instead of containerizing a subset of GUI applications, it's likely much
easier and more effective to spin up a virtual machine of the current
system. That way all GUI applications benefit from virtualization and
not simply containerization, which caused issues when certain programs
detected that they were already open from the wayland socket.

A final benefit of this change is that which container an application is
running in is no longer ambiguous. Although it was possible to use
custom GTK themes depending on which container an application belonged
to, containers for system-installed applications tend to bring a large
amount of overhead. Only using containers for applications that deal
with untrusted inputs and have a large attack surface seems better in
this case.
This commit is contained in:
Donovan Glover 2023-08-01 10:31:05 -04:00
parent ddaa5abc7a
commit d61e7b8a31
No known key found for this signature in database
GPG Key ID: EA7408A77AE1BE65

View File

@ -1,42 +0,0 @@
{ home-manager, stylix, ... }:
{
containers.gui = {
privateNetwork = true;
ephemeral = true;
bindMounts = {
"/mnt" = {
hostPath = "/home/user/containers/gui";
isReadOnly = false;
};
waylandDisplay = rec {
hostPath = "/run/user/1000";
mountPoint = hostPath;
};
x11Display = rec {
hostPath = "/tmp/.X11-unix";
mountPoint = hostPath;
};
};
config = { pkgs, ... }: {
imports = [
home-manager.nixosModules.home-manager
stylix.nixosModules.stylix
../setup.nix
];
environment.systemPackages = with pkgs; [
audacity # Audio editing
gimp # Video editing
anki # Spaced repetition
sqlitebrowser # SQL
kanjidraw # Kanji draw
libreoffice
];
};
};
}