nixos/security: add size option to /run/wrappers

author: Justin Restivo <justin@restivo.me> 2022-07-31 19:02:42 -0400
committer: Justin Restivo <justin@restivo.me> 2022-08-14 07:31:37 -0700
commit: 82640adbf00f9ebb5da9c6c47d0b8d242755946e (patch)
tree: a06d862d6a98b1ec0e98e461df23a79cb348acfe /nixos/modules/security
parent: 5857574d45925585baffde730369414319228a84 (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix
index 169ef7442626e..dfc98ddb90961 100644
--- a/nixos/modules/security/wrappers/default.nix
+++ b/nixos/modules/security/wrappers/default.nix
@@ -188,6 +188,16 @@ in
       '';
     };
 
+    security.wrapperDirSize = lib.mkOption {
+      default = "50%";
+      example = "10G";
+      type = lib.types.str;
+      description = ''
+        Size limit for the /run/wrappers tmpfs. Look at mount(8), tmpfs size option,
+        for the accepted syntax. WARNING: don't set to less than 64MB.
+      '';
+    };
+
     security.wrapperDir = lib.mkOption {
       type        = lib.types.path;
       default     = "/run/wrappers/bin";
@@ -230,7 +240,7 @@ in
 
     boot.specialFileSystems.${parentWrapperDir} = {
       fsType = "tmpfs";
-      options = [ "nodev" "mode=755" ];
+      options = [ "nodev" "mode=755" "size=${config.security.wrapperDirSize}" ];
     };
 
     # Make sure our wrapperDir exports to the PATH env variable when
author	Justin Restivo <justin@restivo.me>	2022-07-31 19:02:42 -0400
committer	Justin Restivo <justin@restivo.me>	2022-08-14 07:31:37 -0700
commit	82640adbf00f9ebb5da9c6c47d0b8d242755946e (patch)
tree	a06d862d6a98b1ec0e98e461df23a79cb348acfe /nixos/modules/security
parent	5857574d45925585baffde730369414319228a84 (diff)