modules/nixos/phoenix.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

{
  pkgs,
  config,
  lib,
  ...
}: {
  options.programs.firefox.phoenix = {
    enable =
      lib.mkEnableOption "Enable privacy & security hardening of Firefox using the Phoenix configs"
      // {
        default = true;
      };
    firefoxPackages = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      default = ["firefox"];
      description = "The name of Firefox packages of current pkgs to patch with phoenix config and policy.";
    };
  };
  config = let
    cfg = config.programs.firefox.phoenix;
  in
    lib.mkIf cfg.enable {
      assertions = [
        {
          assertion = !pkgs.stdenv.isDarwin;
          message = "Phoenix module has not been ported to nix-darwin yet. Contributions welcomed.";
        }
      ];
      environment.etc."firefox/defaults/pref/phoenix-desktop.js".source = "${pkgs.phoenix}/pref/phoenix-desktop.js";
      environment.etc."firefox/phoenix/userjs".source = "${pkgs.phoenix}/userjs";
      environment.etc."firefox/phoenix/configs".source = "${pkgs.phoenix}/configs";
      environment.etc."firefox/phoenix/assets".source = "${pkgs.phoenix}/assets";
      programs.firefox.policies =
        (builtins.fromJSON (builtins.readFile "${pkgs.phoenix}/policies.json")).policies;
      nixpkgs.overlays = [
        (import ../../overlays/phoenix.nix)
        (
          final: prev:
            builtins.listToAttrs (
              map (p: lib.nameValuePair p (final.withPhoenix prev.${p})) cfg.firefoxPackages
            )
        )
      ];
    };
}