blob: c5d59de10b79b2bace2bba0da710fb1cf261f83a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
{phoenix, ...}: rec {
phoenixOverlay = final: prev: {
phoenix = (final.callPackage (import "${phoenix}/nix/package.nix")
{
}).overrideAttrs {
patches = [
../../patches/0001-autoDisableScopes-unlocked.patch
];
};
withPhoenix = firefoxPackage:
firefoxPackage.override {
extraPoliciesFiles = ["${final.phoenix}/policies.json"];
extraPrefsFiles = ["${final.phoenix}/phoenix.cfg"];
};
};
phoenixModule = {
pkgs,
config,
lib,
...
}: {
options.programs.firefox.phoenix = {
enable =
lib.mkEnableOption "Enable privacy & security hardening of Firefox using the Phoenix configs"
// {
default = true;
};
firefoxPackages = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = ["firefox"];
description = "The name of Firefox packages of current pkgs to patch with phoenix config and policy.";
};
};
config = let
cfg = config.programs.firefox.phoenix;
in
lib.mkIf cfg.enable {
assertions = [
{
assertion = !pkgs.stdenv.isDarwin;
message = "Phoenix module has not been ported to nix-darwin yet. Contributions welcomed.";
}
];
environment.etc."firefox/defaults/pref/phoenix-desktop.js".source = "${pkgs.phoenix}/pref/phoenix-desktop.js";
environment.etc."firefox/phoenix/userjs".source = "${pkgs.phoenix}/userjs";
environment.etc."firefox/phoenix/configs".source = "${pkgs.phoenix}/configs";
environment.etc."firefox/phoenix/assets".source = "${pkgs.phoenix}/assets";
programs.firefox.policies =
(builtins.fromJSON (builtins.readFile "${pkgs.phoenix}/policies.json")).policies;
nixpkgs.overlays = [
phoenixOverlay
(
final: prev:
builtins.listToAttrs (
map (p: lib.nameValuePair p (final.withPhoenix prev.${p})) cfg.firefoxPackages
)
)
];
};
};
}
|
