From 7c63deb8e532159c30734ca2997e308f2cb060aa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= <kmein@posteo.de>
Date: Tue, 3 Feb 2026 22:32:35 +0100
Subject: [PATCH] tools: pmount and safe TMPDIR

---
 modules/tool.nix | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/modules/tool.nix b/modules/tool.nix
index 26ec88d..988bdaa 100644
--- a/modules/tool.nix
+++ b/modules/tool.nix
@@ -46,6 +46,28 @@ in
     pkgs.psmisc # killall, pstree
   ];
 
+  security.wrappers = {
+    pmount = {
+      setuid = true;
+      owner = "root";
+      group = "root";
+      source = "${pkgs.pmount}/bin/pmount";
+    };
+    pumount = {
+      setuid = true;
+      owner = "root";
+      group = "root";
+      source = "${pkgs.pmount}/bin/pumount";
+    };
+  };
+
+  environment.interactiveShellInit = ''
+    # Use XDG_RUNTIME_DIR for temporary files if available
+    if [ -d "$XDG_RUNTIME_DIR" ]; then
+      export TMPDIR="$XDG_RUNTIME_DIR"
+    fi
+  '';
+
   environment.shellAliases =
     let
       take = pkgs.writers.writeDash "take" ''