1 files changed, 61 insertions, 0 deletions

diff --git a/modules/nixos/phoenix.nix b/modules/nixos/phoenix.nix
new file mode 100644
index 0000000..c5d59de
--- /dev/null
+++ b/modules/nixos/phoenix.nix
@@ -0,0 +1,61 @@
+{phoenix, ...}: rec {
+  phoenixOverlay = final: prev: {
+    phoenix = (final.callPackage (import "${phoenix}/nix/package.nix")
+      {
+      }).overrideAttrs {
+      patches = [
+        ../../patches/0001-autoDisableScopes-unlocked.patch
+      ];
+    };
+    withPhoenix = firefoxPackage:
+      firefoxPackage.override {
+        extraPoliciesFiles = ["${final.phoenix}/policies.json"];
+        extraPrefsFiles = ["${final.phoenix}/phoenix.cfg"];
+      };
+  };
+  phoenixModule = {
+    pkgs,
+    config,
+    lib,
+    ...
+  }: {
+    options.programs.firefox.phoenix = {
+      enable =
+        lib.mkEnableOption "Enable privacy & security hardening of Firefox using the Phoenix configs"
+        // {
+          default = true;
+        };
+      firefoxPackages = lib.mkOption {
+        type = lib.types.listOf lib.types.str;
+        default = ["firefox"];
+        description = "The name of Firefox packages of current pkgs to patch with phoenix config and policy.";
+      };
+    };
+    config = let
+      cfg = config.programs.firefox.phoenix;
+    in
+      lib.mkIf cfg.enable {
+        assertions = [
+          {
+            assertion = !pkgs.stdenv.isDarwin;
+            message = "Phoenix module has not been ported to nix-darwin yet. Contributions welcomed.";
+          }
+        ];
+        environment.etc."firefox/defaults/pref/phoenix-desktop.js".source = "${pkgs.phoenix}/pref/phoenix-desktop.js";
+        environment.etc."firefox/phoenix/userjs".source = "${pkgs.phoenix}/userjs";
+        environment.etc."firefox/phoenix/configs".source = "${pkgs.phoenix}/configs";
+        environment.etc."firefox/phoenix/assets".source = "${pkgs.phoenix}/assets";
+        programs.firefox.policies =
+          (builtins.fromJSON (builtins.readFile "${pkgs.phoenix}/policies.json")).policies;
+        nixpkgs.overlays = [
+          phoenixOverlay
+          (
+            final: prev:
+              builtins.listToAttrs (
+                map (p: lib.nameValuePair p (final.withPhoenix prev.${p})) cfg.firefoxPackages
+              )
+          )
+        ];
+      };
+  };
+}