From e87b9d1d5f047794ee9b1da828c4665f221485bb Mon Sep 17 00:00:00 2001
From: Mikhail Klementev <blame@dumpstack.io>
Date: Mon, 13 Feb 2023 09:14:21 +0000
Subject: [PATCH] remove fhs env

---
 security.nix | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/security.nix b/security.nix
index dc8d828..033a90e 100644
--- a/security.nix
+++ b/security.nix
@@ -1,10 +1,6 @@
 { config, pkgs, ... }:
 
-let
-  fhs = pkgs.writeShellScriptBin "fhs"
-    ("${pkgs.docker}/bin/docker run -v /home/user:/home/user -v /nix:/nix "+
-     "-e \"HOST_PWD=$PWD\" -it fhs");
-in {
+{
   security.allowUserNamespaces = true;
   security.allowSimultaneousMultithreading = true;
   security.lockKernelModules = false;
@@ -45,7 +41,6 @@ in {
     extraConfig = ''
       %wheel ALL=(ALL:ALL) NOPASSWD: ${pkgs.light}/bin/light
       %wheel ALL=(captive) NOPASSWD: ${pkgs.firefox}/bin/firefox
-      %wheel ALL=(root) NOPASSWD: ${fhs}/bin/fhs
       %wheel ALL=(out-of-tree) NOPASSWD: ${pkgs.out-of-tree}/bin/out-of-tree
     '';
   };
@@ -60,12 +55,7 @@ in {
   users.groups.out-of-tree = {};
 
   environment.systemPackages = with pkgs; [
-    (writeShellScriptBin "fhs" "sudo ${fhs}/bin/fhs")
     (writeShellScriptBin "captive" "sudo -H -u captive ${pkgs.firefox}/bin/firefox")
-    (writeShellScriptBin "fhs-ptrace"
-      ("sudo ${pkgs.docker}/bin/docker run -v /home/user:/home/user " +
-       "--cap-add=SYS_PTRACE --security-opt seccomp=unconfined" +
-       " -e \"HOST_PWD=$PWD\" -v /nix=/nix -it fhs"))
     (writeShellScriptBin "out-of-tree"
       "sudo -H -u out-of-tree ${pkgs.out-of-tree}/bin/out-of-tree $@")
   ];