From 6722b4ade920b46ff51144e06bffc92f7b8bb1f4 Mon Sep 17 00:00:00 2001 From: Quantenzitrone Date: Wed, 8 May 2024 20:22:34 +0200 Subject: [PATCH 1/4] ydotool: move to pkgs/by-name, add meta.mainProgram, refactor --- .../yd/ydotool/package.nix} | 35 +++++++++++++------ pkgs/top-level/all-packages.nix | 2 -- 2 files changed, 25 insertions(+), 12 deletions(-) rename pkgs/{tools/wayland/ydotool/default.nix => by-name/yd/ydotool/package.nix} (59%) diff --git a/pkgs/tools/wayland/ydotool/default.nix b/pkgs/by-name/yd/ydotool/package.nix similarity index 59% rename from pkgs/tools/wayland/ydotool/default.nix rename to pkgs/by-name/yd/ydotool/package.nix index 42f95735de59..70c75165af45 100644 --- a/pkgs/tools/wayland/ydotool/default.nix +++ b/pkgs/by-name/yd/ydotool/package.nix @@ -1,13 +1,21 @@ -{ lib, stdenv, fetchFromGitHub, cmake, scdoc, util-linux, xorg }: +{ + lib, + stdenv, + fetchFromGitHub, + cmake, + scdoc, + util-linux, + xorg, +}: -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "ydotool"; version = "1.0.4"; src = fetchFromGitHub { owner = "ReimuNotMoe"; repo = "ydotool"; - rev = "v${version}"; + rev = "v${finalAttrs.version}"; hash = "sha256-MtanR+cxz6FsbNBngqLE+ITKPZFHmWGsD1mBDk0OVng="; }; @@ -19,13 +27,20 @@ stdenv.mkDerivation rec { ''; strictDeps = true; - nativeBuildInputs = [ cmake scdoc ]; + nativeBuildInputs = [ + cmake + scdoc + ]; - meta = with lib; { - homepage = "https://github.com/ReimuNotMoe/ydotool"; + meta = { description = "Generic Linux command-line automation tool"; - license = licenses.agpl3Plus; - maintainers = with maintainers; [ willibutz kraem ]; - platforms = with platforms; linux; + homepage = "https://github.com/ReimuNotMoe/ydotool"; + license = lib.licenses.agpl3Plus; + mainProgram = "ydotool"; + maintainers = with lib.maintainers; [ + willibutz + kraem + ]; + platforms = lib.platforms.linux; }; -} +}) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 323c8fba6fcc..3714a4c3c51e 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -4766,8 +4766,6 @@ with pkgs; wtype = callPackage ../tools/wayland/wtype { }; - ydotool = callPackage ../tools/wayland/ydotool { }; - cambalache = callPackage ../development/tools/cambalache { }; cambrinary = python3Packages.callPackage ../applications/misc/cambrinary { }; From 73d91cdd70bf10f155d3701b0949ec227bfbaf31 Mon Sep 17 00:00:00 2001 From: Quantenzitrone Date: Mon, 15 Apr 2024 23:06:19 +0200 Subject: [PATCH 2/4] nixos/ydotool: init module Co-authored-by: Cosima Neidahl --- .../manual/release-notes/rl-2405.section.md | 2 + nixos/modules/module-list.nix | 1 + nixos/modules/programs/ydotool.nix | 83 +++++++++++++++++++ 3 files changed, 86 insertions(+) create mode 100644 nixos/modules/programs/ydotool.nix diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index e9d13cc3c265..55fb366a75e9 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -209,6 +209,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - [isolate](https://github.com/ioi/isolate), a sandbox for securely executing untrusted programs. Available as [security.isolate](#opt-security.isolate.enable). +- [ydotool](https://github.com/ReimuNotMoe/ydotool), a generic command-line automation tool now has a module. Available as [programs.ydotool](#opt-programs.ydotool.enable) + - [private-gpt](https://github.com/zylon-ai/private-gpt), a service to interact with your documents using the power of LLMs, 100% privately, no data leaks. Available as [services.private-gpt](#opt-services.private-gpt.enable). ## Backward Incompatibilities {#sec-release-24.05-incompatibilities} diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 3cbb4617517a..f0bf5bf9ec30 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -308,6 +308,7 @@ ./programs/xwayland.nix ./programs/yabar.nix ./programs/yazi.nix + ./programs/ydotool.nix ./programs/yubikey-touch-detector.nix ./programs/zmap.nix ./programs/zsh/oh-my-zsh.nix diff --git a/nixos/modules/programs/ydotool.nix b/nixos/modules/programs/ydotool.nix new file mode 100644 index 000000000000..f639e9283de4 --- /dev/null +++ b/nixos/modules/programs/ydotool.nix @@ -0,0 +1,83 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.programs.ydotool; +in +{ + meta = { + maintainers = with lib.maintainers; [ quantenzitrone ]; + }; + + options.programs.ydotool = { + enable = lib.mkEnableOption '' + ydotoold system service and install ydotool. + Add yourself to the 'ydotool' group to be able to use it. + ''; + }; + + config = lib.mkIf cfg.enable { + users.groups.ydotool = { }; + + systemd.services.ydotoold = { + description = "ydotoold - backend for ydotool"; + wantedBy = [ "multi-user.target" ]; + partOf = [ "multi-user.target" ]; + serviceConfig = { + Group = "ydotool"; + RuntimeDirectory = "ydotoold"; + RuntimeDirectoryMode = "0750"; + ExecStart = "${lib.getExe' pkgs.ydotool "ydotoold"} --socket-path=/run/ydotoold/socket --socket-perm=0660"; + + # hardening + + ## allow access to uinput + DeviceAllow = [ "/dev/uinput" ]; + DevicePolicy = "closed"; + + ## allow creation of unix sockets + RestrictAddressFamilies = [ "AF_UNIX" ]; + + CapabilityBoundingSet = ""; + IPAddressDeny = "any"; + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateNetwork = true; + PrivateTmp = true; + PrivateUsers = true; + ProcSubset = "pid"; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + ProtectSystem = "strict"; + ProtectUser = true; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "~@privileged" + "~@resources" + ]; + UMask = "0077"; + + # -> systemd-analyze security score 0.7 SAFE 😀 + }; + }; + + environment.variables = { + YDOTOOL_SOCKET = "/run/ydotoold/socket"; + }; + environment.systemPackages = with pkgs; [ ydotool ]; + }; +} From 483392f20917afadead9e9c834b745d6b5cfda03 Mon Sep 17 00:00:00 2001 From: Quantenzitrone Date: Wed, 8 May 2024 17:58:21 +0200 Subject: [PATCH 3/4] nixosTests.ydotool: init Co-authored-by: Cosima Neidahl --- nixos/tests/all-tests.nix | 1 + nixos/tests/ydotool.nix | 115 ++++++++++++++++++++++++++++ pkgs/by-name/yd/ydotool/package.nix | 3 + 3 files changed, 119 insertions(+) create mode 100644 nixos/tests/ydotool.nix diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index a8f8c470e6e2..4da387b24c40 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -1038,6 +1038,7 @@ in { xterm = handleTest ./xterm.nix {}; xxh = handleTest ./xxh.nix {}; yabar = handleTest ./yabar.nix {}; + ydotool = handleTest ./ydotool.nix {}; yggdrasil = handleTest ./yggdrasil.nix {}; zammad = handleTest ./zammad.nix {}; zeronet-conservancy = handleTest ./zeronet-conservancy.nix {}; diff --git a/nixos/tests/ydotool.nix b/nixos/tests/ydotool.nix new file mode 100644 index 000000000000..818ac6f2d50d --- /dev/null +++ b/nixos/tests/ydotool.nix @@ -0,0 +1,115 @@ +import ./make-test-python.nix ( + { pkgs, lib, ... }: + let + textInput = "This works."; + inputBoxText = "Enter input"; + inputBox = pkgs.writeShellScript "zenity-input" '' + ${lib.getExe pkgs.gnome.zenity} --entry --text '${inputBoxText}:' > /tmp/output & + ''; + in + { + name = "ydotool"; + + meta = { + maintainers = with lib.maintainers; [ + OPNA2608 + quantenzitrone + ]; + }; + + nodes = { + headless = + { config, ... }: + { + imports = [ ./common/user-account.nix ]; + + users.users.alice.extraGroups = [ "ydotool" ]; + + programs.ydotool.enable = true; + + services.getty.autologinUser = "alice"; + }; + + x11 = + { config, ... }: + { + imports = [ + ./common/user-account.nix + ./common/auto.nix + ./common/x11.nix + ]; + + users.users.alice.extraGroups = [ "ydotool" ]; + + programs.ydotool.enable = true; + + test-support.displayManager.auto = { + enable = true; + user = "alice"; + }; + + services.xserver.windowManager.dwm.enable = true; + services.displayManager.defaultSession = lib.mkForce "none+dwm"; + }; + + wayland = + { config, ... }: + { + imports = [ ./common/user-account.nix ]; + + services.cage = { + enable = true; + user = "alice"; + }; + + programs.ydotool.enable = true; + + services.cage.program = inputBox; + }; + }; + + enableOCR = true; + + testScript = + { nodes, ... }: + '' + def as_user(cmd: str): + """ + Return a shell command for running a shell command as a specific user. + """ + return f"sudo -u alice -i {cmd}" + + start_all() + + # Headless + headless.wait_for_unit("multi-user.target") + headless.wait_for_text("alice") + headless.succeed(as_user("ydotool type 'echo ${textInput} > /tmp/output'")) # text input + headless.succeed(as_user("ydotool key 28:1 28:0")) # text input + headless.screenshot("headless_input") + headless.wait_for_file("/tmp/output") + headless.wait_until_succeeds("grep '${textInput}' /tmp/output") # text input + + # X11 + x11.wait_for_x() + x11.execute(as_user("${inputBox}")) + x11.wait_for_text("${inputBoxText}") + x11.succeed(as_user("ydotool type '${textInput}'")) # text input + x11.screenshot("x11_input") + x11.succeed(as_user("ydotool mousemove -a 400 110")) # mouse input + x11.succeed(as_user("ydotool click 0xC0")) # mouse input + x11.wait_for_file("/tmp/output") + x11.wait_until_succeeds("grep '${textInput}' /tmp/output") # text input + + # Wayland + wayland.wait_for_unit("graphical.target") + wayland.wait_for_text("${inputBoxText}") + wayland.succeed("ydotool type '${textInput}'") # text input + wayland.screenshot("wayland_input") + wayland.succeed("ydotool mousemove -a 100 100") # mouse input + wayland.succeed("ydotool click 0xC0") # mouse input + wayland.wait_for_file("/tmp/output") + wayland.wait_until_succeeds("grep '${textInput}' /tmp/output") # text input + ''; + } +) diff --git a/pkgs/by-name/yd/ydotool/package.nix b/pkgs/by-name/yd/ydotool/package.nix index 70c75165af45..137a701d87a3 100644 --- a/pkgs/by-name/yd/ydotool/package.nix +++ b/pkgs/by-name/yd/ydotool/package.nix @@ -6,6 +6,7 @@ scdoc, util-linux, xorg, + nixosTests, }: stdenv.mkDerivation (finalAttrs: { @@ -32,6 +33,8 @@ stdenv.mkDerivation (finalAttrs: { scdoc ]; + passthru.tests.basic = nixosTests.ydotool; + meta = { description = "Generic Linux command-line automation tool"; homepage = "https://github.com/ReimuNotMoe/ydotool"; From 8621da969e26c435da5608351b44a84a947fa6e4 Mon Sep 17 00:00:00 2001 From: OPNA2608 Date: Mon, 13 May 2024 15:46:00 +0200 Subject: [PATCH 4/4] doc/release-notes: add finishing dot for ydotool entry --- nixos/doc/manual/release-notes/rl-2405.section.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index 55fb366a75e9..5ee914673a44 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -209,7 +209,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - [isolate](https://github.com/ioi/isolate), a sandbox for securely executing untrusted programs. Available as [security.isolate](#opt-security.isolate.enable). -- [ydotool](https://github.com/ReimuNotMoe/ydotool), a generic command-line automation tool now has a module. Available as [programs.ydotool](#opt-programs.ydotool.enable) +- [ydotool](https://github.com/ReimuNotMoe/ydotool), a generic command-line automation tool now has a module. Available as [programs.ydotool](#opt-programs.ydotool.enable). - [private-gpt](https://github.com/zylon-ai/private-gpt), a service to interact with your documents using the power of LLMs, 100% privately, no data leaks. Available as [services.private-gpt](#opt-services.private-gpt.enable).