nixos,home: sandbox {firefox,librewolf} with nixpak

This commit is contained in:
Guanran Wang 2023-11-12 13:38:43 +08:00
parent 934a0eeea5
commit 3a441fceaf
Signed by: nyancat
SSH key fingerprint: SHA256:8oWGKciPALWut/6WA27oFKofX+6Wtc0gQnsefXLQx/8
4 changed files with 206 additions and 10 deletions

View file

@ -139,6 +139,29 @@
"type": "github" "type": "github"
} }
}, },
"hercules-ci-effects": {
"inputs": {
"flake-parts": [
"flake-parts"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1699381651,
"narHash": "sha256-mZlQ54xJs3j5+SJrLhzePPMXzS+Czbx7gNyOnOAQrHA=",
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"rev": "0bd99f5ab7ec7a74c11238bd02bb29e709c14328",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -344,6 +367,58 @@
"type": "github" "type": "github"
} }
}, },
"nixpak": {
"inputs": {
"flake-parts": [
"flake-parts"
],
"hercules-ci-effects": [
"hercules-ci-effects"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1699560481,
"narHash": "sha256-JwmozcjXfwo8HaAR5LBKS6+MJbfzHHE+phtFMJRmyik=",
"owner": "nixpak",
"repo": "nixpak",
"rev": "755ea83c7835d17975d151e326bf21987dd2ce57",
"type": "github"
},
"original": {
"owner": "nixpak",
"repo": "nixpak",
"type": "github"
}
},
"nixpak-pkgs": {
"inputs": {
"flake-parts": [
"flake-parts"
],
"hercules-ci-effects": [
"hercules-ci-effects"
],
"nixpak": [
"nixpak"
]
},
"locked": {
"lastModified": 1699512458,
"narHash": "sha256-PzQp4qsphDYTXdDDdrSKq5HJak6DnlziupeYG9Q99To=",
"owner": "nixpak",
"repo": "pkgs",
"rev": "65a857c8bcae181c5b8198dc44d2ed8d81a77a49",
"type": "github"
},
"original": {
"owner": "nixpak",
"repo": "pkgs",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1699099776, "lastModified": 1699099776,
@ -443,6 +518,7 @@
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"gitignore": "gitignore", "gitignore": "gitignore",
"hercules-ci-effects": "hercules-ci-effects",
"home-manager": "home-manager", "home-manager": "home-manager",
"hosts": "hosts", "hosts": "hosts",
"hyprland": "hyprland", "hyprland": "hyprland",
@ -452,6 +528,8 @@
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"metacubexd": "metacubexd", "metacubexd": "metacubexd",
"nix-darwin": "nix-darwin", "nix-darwin": "nix-darwin",
"nixpak": "nixpak",
"nixpak-pkgs": "nixpak-pkgs",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable", "nixpkgs-stable": "nixpkgs-stable",
"nvfetcher": "nvfetcher", "nvfetcher": "nvfetcher",

View file

@ -52,6 +52,18 @@
url = "github:LnL7/nix-darwin"; url = "github:LnL7/nix-darwin";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixpak = {
url = "github:nixpak/nixpak";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-parts.follows = "flake-parts";
inputs.hercules-ci-effects.follows = "hercules-ci-effects";
};
nixpak-pkgs = {
url = "github:nixpak/pkgs";
inputs.nixpak.follows = "nixpak";
inputs.flake-parts.follows = "flake-parts";
inputs.hercules-ci-effects.follows = "hercules-ci-effects";
};
sops-nix = { sops-nix = {
url = "github:Mic92/sops-nix"; url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -84,6 +96,11 @@
url = "github:hercules-ci/gitignore.nix"; url = "github:hercules-ci/gitignore.nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
hercules-ci-effects = {
url = "github:hercules-ci/hercules-ci-effects";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-parts.follows = "flake-parts";
};
hyprland-protocols = { hyprland-protocols = {
url = "github:hyprwm/hyprland-protocols"; url = "github:hyprwm/hyprland-protocols";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -129,10 +146,6 @@
# url = "github:NixOS/nixos-hardware/master"; # url = "github:NixOS/nixos-hardware/master";
# #inputs.nixpkgs.follows = "nixpkgs"; # #inputs.nixpkgs.follows = "nixpkgs";
#}; #};
#nixpak = {
# url = "github:nixpak/nixpak";
# inputs.nixpkgs.follows = "nixpkgs";
#};
## Non-Flake ## Non-Flake
### Color scheme files ### Color scheme files
@ -163,6 +176,7 @@
impermanence, impermanence,
tokyonight, tokyonight,
metacubexd, metacubexd,
nixpak,
... ...
} @ inputs: { } @ inputs: {
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra; formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;

View file

@ -1,7 +1,61 @@
{...}: { {
programs = { inputs,
enable = true; pkgs,
# TODO ...
profiles."default" = {}; }: let
mkNixPak = inputs.nixpak.lib.nixpak {
inherit (pkgs) lib;
inherit pkgs;
}; };
firefox = mkNixPak {
config = {
config,
sloth,
...
}: {
app.package = pkgs.firefox;
flatpak.appId = "org.mozilla.firefox";
imports = [
(inputs.nixpak-pkgs + "/pkgs/modules/gui-base.nix")
(inputs.nixpak-pkgs + "/pkgs/modules/network.nix")
];
# Specified in https://github.com/schizofox/schizofox/blob/main/modules/hm/default.nix
# I really don't have any idea what am I doing, it just works™
bubblewrap = let
envSuffix = envKey: sloth.concat' (sloth.env envKey);
in {
bind.rw = [
"/tmp/.X11-unix"
(sloth.envOr "XAUTHORITY" "/no-xauth")
(envSuffix "XDG_RUNTIME_DIR" "/dconf")
(sloth.concat' sloth.homeDir "/.mozilla")
(sloth.concat' sloth.homeDir "/Downloads")
];
bind.ro = [
"/etc/localtime"
"/sys/bus/pci"
["${pkgs.firefox}/lib/firefox" "/app/etc/firefox"]
(sloth.concat' sloth.xdgConfigHome "/dconf")
# https://github.com/nixpak/pkgs/pull/22
(sloth.concat' sloth.xdgConfigHome "/fontconfig")
];
};
};
};
in {
home.packages = [firefox.config.env];
# TODO: does not seem to work
#programs.firefox = {
# enable = true;
# package = firefox.config.env;
#
# # TODO
# profiles."default" = {};
#};
} }

View file

@ -1,6 +1,56 @@
{...}: { {
inputs,
pkgs,
...
}: let
mkNixPak = inputs.nixpak.lib.nixpak {
inherit (pkgs) lib;
inherit pkgs;
};
librewolf = mkNixPak {
config = {
config,
sloth,
...
}: {
app.package = pkgs.librewolf;
flatpak.appId = "io.gitlab.librewolf-community";
imports = [
(inputs.nixpak-pkgs + "/pkgs/modules/gui-base.nix")
(inputs.nixpak-pkgs + "/pkgs/modules/network.nix")
];
# Specified in https://github.com/schizofox/schizofox/blob/main/modules/hm/default.nix
# I really don't have any idea what am I doing, it just works™
bubblewrap = let
envSuffix = envKey: sloth.concat' (sloth.env envKey);
in {
bind.rw = [
"/tmp/.X11-unix"
(sloth.envOr "XAUTHORITY" "/no-xauth")
(envSuffix "XDG_RUNTIME_DIR" "/dconf")
(sloth.concat' sloth.homeDir "/.librewolf")
(sloth.concat' sloth.homeDir "/Downloads")
];
bind.ro = [
"/etc/localtime"
"/sys/bus/pci"
["${pkgs.firefox}/lib/firefox" "/app/etc/firefox"]
(sloth.concat' sloth.xdgConfigHome "/dconf")
# https://github.com/nixpak/pkgs/pull/22
(sloth.concat' sloth.xdgConfigHome "/fontconfig")
];
};
};
};
in {
programs.librewolf = { programs.librewolf = {
enable = true; enable = true;
package = librewolf.config.env;
settings = { settings = {
"identity.fxaccounts.enabled" = true; "identity.fxaccounts.enabled" = true;