diff options
| author | andromeda <andromeda@lenovo> | 2026-01-25 10:58:15 +0100 |
|---|---|---|
| committer | andromeda <andromeda@lenovo> | 2026-01-25 10:58:15 +0100 |
| commit | 5c99e52e09e7fa83edfad0213c81db2bc6fa7104 (patch) | |
| tree | 855955b2202b86cf888435932c2d8d4a33df13a1 /modules | |
| parent | ad7e25dce37f45b343455d33d90c9487a5c14a48 (diff) | |
patch phoenix to allow user to auto enable extensionsnpins
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/nixos/phoenix.nix | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/modules/nixos/phoenix.nix b/modules/nixos/phoenix.nix new file mode 100644 index 0000000..c5d59de --- /dev/null +++ b/modules/nixos/phoenix.nix @@ -0,0 +1,61 @@ +{phoenix, ...}: rec { + phoenixOverlay = final: prev: { + phoenix = (final.callPackage (import "${phoenix}/nix/package.nix") + { + }).overrideAttrs { + patches = [ + ../../patches/0001-autoDisableScopes-unlocked.patch + ]; + }; + withPhoenix = firefoxPackage: + firefoxPackage.override { + extraPoliciesFiles = ["${final.phoenix}/policies.json"]; + extraPrefsFiles = ["${final.phoenix}/phoenix.cfg"]; + }; + }; + phoenixModule = { + pkgs, + config, + lib, + ... + }: { + options.programs.firefox.phoenix = { + enable = + lib.mkEnableOption "Enable privacy & security hardening of Firefox using the Phoenix configs" + // { + default = true; + }; + firefoxPackages = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = ["firefox"]; + description = "The name of Firefox packages of current pkgs to patch with phoenix config and policy."; + }; + }; + config = let + cfg = config.programs.firefox.phoenix; + in + lib.mkIf cfg.enable { + assertions = [ + { + assertion = !pkgs.stdenv.isDarwin; + message = "Phoenix module has not been ported to nix-darwin yet. Contributions welcomed."; + } + ]; + environment.etc."firefox/defaults/pref/phoenix-desktop.js".source = "${pkgs.phoenix}/pref/phoenix-desktop.js"; + environment.etc."firefox/phoenix/userjs".source = "${pkgs.phoenix}/userjs"; + environment.etc."firefox/phoenix/configs".source = "${pkgs.phoenix}/configs"; + environment.etc."firefox/phoenix/assets".source = "${pkgs.phoenix}/assets"; + programs.firefox.policies = + (builtins.fromJSON (builtins.readFile "${pkgs.phoenix}/policies.json")).policies; + nixpkgs.overlays = [ + phoenixOverlay + ( + final: prev: + builtins.listToAttrs ( + map (p: lib.nameValuePair p (final.withPhoenix prev.${p})) cfg.firefoxPackages + ) + ) + ]; + }; + }; +} |