Merge pull request #184368 from DieracDelta/jr/wrappers-run-size-option

nixos/security: add size option to /run/wrappers
author: Robert Hensing <roberth@users.noreply.github.com> 2022-08-14 19:13:17 +0200
committer: GitHub <noreply@github.com> 2022-08-14 19:13:17 +0200
commit: d00583540b162c86fa39cf3e7595bc8be2b9ff6a (patch)
tree: dcf11dfd17d595e45691cadec23b5c95057896e2 /nixos/modules/security
parent: 796f2694a3e196c94e3dafe912e1ccb471ba1d1e (diff)
parent: 82640adbf00f9ebb5da9c6c47d0b8d242755946e (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix
index 098ed85919fd8..aa37ec7db4968 100644
--- a/nixos/modules/security/wrappers/default.nix
+++ b/nixos/modules/security/wrappers/default.nix
@@ -185,6 +185,16 @@ in
       '';
     };
 
+    security.wrapperDirSize = lib.mkOption {
+      default = "50%";
+      example = "10G";
+      type = lib.types.str;
+      description = ''
+        Size limit for the /run/wrappers tmpfs. Look at mount(8), tmpfs size option,
+        for the accepted syntax. WARNING: don't set to less than 64MB.
+      '';
+    };
+
     security.wrapperDir = lib.mkOption {
       type        = lib.types.path;
       default     = "/run/wrappers/bin";
@@ -227,7 +237,7 @@ in
 
     boot.specialFileSystems.${parentWrapperDir} = {
       fsType = "tmpfs";
-      options = [ "nodev" "mode=755" ];
+      options = [ "nodev" "mode=755" "size=${config.security.wrapperDirSize}" ];
     };
 
     # Make sure our wrapperDir exports to the PATH env variable when
author	Robert Hensing <roberth@users.noreply.github.com>	2022-08-14 19:13:17 +0200
committer	GitHub <noreply@github.com>	2022-08-14 19:13:17 +0200
commit	d00583540b162c86fa39cf3e7595bc8be2b9ff6a (patch)
tree	dcf11dfd17d595e45691cadec23b5c95057896e2 /nixos/modules/security
parent	796f2694a3e196c94e3dafe912e1ccb471ba1d1e (diff)
parent	82640adbf00f9ebb5da9c6c47d0b8d242755946e (diff)