diff options
| author | andromeda <andromeda@lenovo> | 2026-01-25 15:44:32 +0100 |
|---|---|---|
| committer | andromeda <andromeda@lenovo> | 2026-01-25 15:44:32 +0100 |
| commit | 2386fea0ebfedd486e8945b19b3ff4898c29a75e (patch) | |
| tree | 0a3403595638cc51056603fc6ecb3fc7f009bf97 | |
| parent | e1c510fc641825d51da12aa1dce7885dd5aee0de (diff) | |
split out phoenix overlay
| -rw-r--r-- | flake.lock | 21 | ||||
| -rw-r--r-- | flake.nix | 7 | ||||
| -rw-r--r-- | machines.nix | 1 | ||||
| -rw-r--r-- | modules/nixos/phoenix.nix | 98 | ||||
| -rw-r--r-- | overlays/phoenix.nix | 21 |
5 files changed, 63 insertions, 85 deletions
@@ -737,26 +737,6 @@ "type": "github" } }, - "phoenix": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1769035606, - "narHash": "sha256-I9pKhfhAz3JsGBLIqr9MNycTEQn0Bc3jzf0mKeWLlsE=", - "owner": "celenityy", - "repo": "Phoenix", - "rev": "07d9be8cbf938962f9847b0970274b885ff48792", - "type": "github" - }, - "original": { - "owner": "celenityy", - "repo": "Phoenix", - "type": "github" - } - }, "root": { "inputs": { "agenix": "agenix", @@ -770,7 +750,6 @@ "noshell": "noshell", "nur": "nur", "nvf": "nvf", - "phoenix": "phoenix", "stylix": "stylix" } }, @@ -38,10 +38,6 @@ url = "github:notashelf/nvf"; inputs.nixpkgs.follows = "nixpkgs"; }; - phoenix = { - url = "github:celenityy/Phoenix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; stylix = { url = "github:nix-community/stylix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -59,11 +55,9 @@ noshell, nur, nvf, - phoenix, stylix, ... }: let - phoenix' = (import ./modules/nixos/phoenix.nix) {inherit phoenix;}; nix-zulip' = (import "${nix-zulip}/nix/default.nix" {}).output; machines = import ./machines.nix; configuration = machine: modules: @@ -81,7 +75,6 @@ impermanence.nixosModules.impermanence nixos-mailserver.nixosModule noshell.nixosModules.default - phoenix'.phoenixModule nix-zulip'.nixosModules.zulip { nixpkgs.overlays = [ diff --git a/machines.nix b/machines.nix index 82819d3..88c7b98 100644 --- a/machines.nix +++ b/machines.nix @@ -30,6 +30,7 @@ # apps ./modules/nixos/steam.nix + ./modules/nixos/phoenix.nix # substitutors ./substitutors.nix diff --git a/modules/nixos/phoenix.nix b/modules/nixos/phoenix.nix index c5d59de..a656f7f 100644 --- a/modules/nixos/phoenix.nix +++ b/modules/nixos/phoenix.nix @@ -1,61 +1,45 @@ -{phoenix, ...}: rec { - phoenixOverlay = final: prev: { - phoenix = (final.callPackage (import "${phoenix}/nix/package.nix") - { - }).overrideAttrs { - patches = [ - ../../patches/0001-autoDisableScopes-unlocked.patch - ]; - }; - withPhoenix = firefoxPackage: - firefoxPackage.override { - extraPoliciesFiles = ["${final.phoenix}/policies.json"]; - extraPrefsFiles = ["${final.phoenix}/phoenix.cfg"]; - }; - }; - phoenixModule = { - pkgs, - config, - lib, - ... - }: { - options.programs.firefox.phoenix = { - enable = - lib.mkEnableOption "Enable privacy & security hardening of Firefox using the Phoenix configs" - // { - default = true; - }; - firefoxPackages = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = ["firefox"]; - description = "The name of Firefox packages of current pkgs to patch with phoenix config and policy."; +{ + pkgs, + config, + lib, + ... +}: { + options.programs.firefox.phoenix = { + enable = + lib.mkEnableOption "Enable privacy & security hardening of Firefox using the Phoenix configs" + // { + default = true; }; + firefoxPackages = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = ["firefox"]; + description = "The name of Firefox packages of current pkgs to patch with phoenix config and policy."; }; - config = let - cfg = config.programs.firefox.phoenix; - in - lib.mkIf cfg.enable { - assertions = [ - { - assertion = !pkgs.stdenv.isDarwin; - message = "Phoenix module has not been ported to nix-darwin yet. Contributions welcomed."; - } - ]; - environment.etc."firefox/defaults/pref/phoenix-desktop.js".source = "${pkgs.phoenix}/pref/phoenix-desktop.js"; - environment.etc."firefox/phoenix/userjs".source = "${pkgs.phoenix}/userjs"; - environment.etc."firefox/phoenix/configs".source = "${pkgs.phoenix}/configs"; - environment.etc."firefox/phoenix/assets".source = "${pkgs.phoenix}/assets"; - programs.firefox.policies = - (builtins.fromJSON (builtins.readFile "${pkgs.phoenix}/policies.json")).policies; - nixpkgs.overlays = [ - phoenixOverlay - ( - final: prev: - builtins.listToAttrs ( - map (p: lib.nameValuePair p (final.withPhoenix prev.${p})) cfg.firefoxPackages - ) - ) - ]; - }; }; + config = let + cfg = config.programs.firefox.phoenix; + in + lib.mkIf cfg.enable { + assertions = [ + { + assertion = !pkgs.stdenv.isDarwin; + message = "Phoenix module has not been ported to nix-darwin yet. Contributions welcomed."; + } + ]; + environment.etc."firefox/defaults/pref/phoenix-desktop.js".source = "${pkgs.phoenix}/pref/phoenix-desktop.js"; + environment.etc."firefox/phoenix/userjs".source = "${pkgs.phoenix}/userjs"; + environment.etc."firefox/phoenix/configs".source = "${pkgs.phoenix}/configs"; + environment.etc."firefox/phoenix/assets".source = "${pkgs.phoenix}/assets"; + programs.firefox.policies = + (builtins.fromJSON (builtins.readFile "${pkgs.phoenix}/policies.json")).policies; + nixpkgs.overlays = [ + (import ../../overlays/phoenix.nix) + ( + final: prev: + builtins.listToAttrs ( + map (p: lib.nameValuePair p (final.withPhoenix prev.${p})) cfg.firefoxPackages + ) + ) + ]; + }; } diff --git a/overlays/phoenix.nix b/overlays/phoenix.nix new file mode 100644 index 0000000..ad9bab4 --- /dev/null +++ b/overlays/phoenix.nix @@ -0,0 +1,21 @@ +final: prev: let + phoenix-src = prev.fetchFromGitHub { + owner = "celenityy"; + repo = "Phoenix"; + rev = "07d9be8cbf938962f9847b0970274b885ff48792"; + hash = "sha256-I9pKhfhAz3JsGBLIqr9MNycTEQn0Bc3jzf0mKeWLlsE="; + }; +in { + phoenix = (final.callPackage (import "${phoenix-src}/nix/package.nix") + { + }).overrideAttrs { + patches = [ + ../patches/0001-autoDisableScopes-unlocked.patch + ]; + }; + withPhoenix = firefoxPackage: + firefoxPackage.override { + extraPoliciesFiles = ["${final.phoenix}/policies.json"]; + extraPrefsFiles = ["${final.phoenix}/phoenix.cfg"]; + }; +} |