From 9001b7f501f878b4b517e7456054bb84126d4511 Mon Sep 17 00:00:00 2001 From: Dmitriy Pleshevskiy Date: Mon, 8 Apr 2024 12:24:19 +0300 Subject: [PATCH] nixos/shared/tor: add custom policies --- home/users/jan/default.nix | 1 + nixos/shared/tor-browser.nix | 60 ++++++++++++++++++++++++++++++++++-- 2 files changed, 58 insertions(+), 3 deletions(-) diff --git a/home/users/jan/default.nix b/home/users/jan/default.nix index df2f48c..53fcfec 100644 --- a/home/users/jan/default.nix +++ b/home/users/jan/default.nix @@ -31,6 +31,7 @@ in (lib.mkIf config.services.kubo.enable config.services.kubo.group) (lib.mkIf config.programs.adb.enable "adbusers") (lib.mkIf config.programs.adb.enable "plugdev") + (lib.mkIf config.hardware.pulseaudio.systemWide "pulse-access") ]; shell = pkgs.zsh; hashedPasswordFile = config.age.secrets.users-jan-passfile.path; diff --git a/nixos/shared/tor-browser.nix b/nixos/shared/tor-browser.nix index 08d4d3d..ff65adb 100644 --- a/nixos/shared/tor-browser.nix +++ b/nixos/shared/tor-browser.nix @@ -3,10 +3,64 @@ let data = import ../../data.nix; - torBrowser = pkgs.tor-browser-bundle-bin.override { + # See: https://mozilla.github.io/policy-templates/ + policiesJson = pkgs.writeText "policies.json" (builtins.toJSON { + policies = { + DisableAppUpdate = true; + SearchBar = "unified"; + SearchSuggestEnabled = false; + SearchEngines = { + Add = [ + { + Alias = "sx"; + Name = "SearXNG"; + Description = "SearXNG — a privacy-respecting, open metasearch engine"; + IconURL = "https://search.sapti.me/static/themes/simple/img/favicon.png"; + URLTemplate = "https://search.sapti.me/search?q={searchTerms}"; + } + { + Alias = "np"; + Name = "NixOS Packages"; + Description = "Search NixOS packages by name or description."; + IconURL = "https://nixos.org/favicon.png"; + URLTemplate = "https://search.nixos.org/packages?query={searchTerms}"; + } + { + Alias = "no"; + Name = "NixOS Options"; + Description = "Search NixOS options by name or description."; + IconURL = "https://nixos.org/favicon.png"; + URLTemplate = "https://search.nixos.org/options?query={searchTerms}"; + } + ]; + Default = "SearXNG"; + Remove = [ "YouTube" "Google" "Twitter" "Yahoo" ]; + }; + FirefoxSuggest = { + WebSuggestions = false; + SponsoredSuggestions = false; + ImproveSuggest = false; + Locked = true; + }; + Preferences = { + "layout.spellcheckDefault" = { + Value = 0; + Status = "locked"; + }; + }; + }; + }); + + torBrowser = (pkgs.unstable.tor-browser-bundle-bin.override { mediaSupport = true; pulseaudioSupport = true; - }; + }).overrideAttrs (attrs: { + postInstall = '' + rm $out/share/tor-browser/distribution/policies.json + + install -Dvm644 ${policiesJson} $out/share/tor-browser/distribution/policies.json + ''; + }); hostRunTorBrowser = pkgs.writeScriptBin "tor-browser" '' ${pkgs.socat}/bin/socat -d TCP-LISTEN:6000,fork,bind=192.168.7.10 UNIX-CONNECT:/tmp/.X11-unix/X0 & @@ -62,7 +116,7 @@ in isNormalUser = true; home = "/home/browser"; openssh.authorizedKeys.keys = data.publicKeys.users.jan; - extraGroups = [ "audio" "video" ]; + extraGroups = [ "pulse-access" ]; packages = [ clientRunTorBrowser ]; }; };