nixos/shared/tor: add custom policies

This commit is contained in:
Dmitriy Pleshevskiy 2024-04-08 12:24:19 +03:00
parent 185d4548bd
commit 9001b7f501
Signed by: pleshevskiy
GPG key ID: 17041163DA10A9A2
2 changed files with 58 additions and 3 deletions

View file

@ -31,6 +31,7 @@ in
(lib.mkIf config.services.kubo.enable config.services.kubo.group) (lib.mkIf config.services.kubo.enable config.services.kubo.group)
(lib.mkIf config.programs.adb.enable "adbusers") (lib.mkIf config.programs.adb.enable "adbusers")
(lib.mkIf config.programs.adb.enable "plugdev") (lib.mkIf config.programs.adb.enable "plugdev")
(lib.mkIf config.hardware.pulseaudio.systemWide "pulse-access")
]; ];
shell = pkgs.zsh; shell = pkgs.zsh;
hashedPasswordFile = config.age.secrets.users-jan-passfile.path; hashedPasswordFile = config.age.secrets.users-jan-passfile.path;

View file

@ -3,10 +3,64 @@
let let
data = import ../../data.nix; data = import ../../data.nix;
torBrowser = pkgs.tor-browser-bundle-bin.override { # See: https://mozilla.github.io/policy-templates/
policiesJson = pkgs.writeText "policies.json" (builtins.toJSON {
policies = {
DisableAppUpdate = true;
SearchBar = "unified";
SearchSuggestEnabled = false;
SearchEngines = {
Add = [
{
Alias = "sx";
Name = "SearXNG";
Description = "SearXNG a privacy-respecting, open metasearch engine";
IconURL = "https://search.sapti.me/static/themes/simple/img/favicon.png";
URLTemplate = "https://search.sapti.me/search?q={searchTerms}";
}
{
Alias = "np";
Name = "NixOS Packages";
Description = "Search NixOS packages by name or description.";
IconURL = "https://nixos.org/favicon.png";
URLTemplate = "https://search.nixos.org/packages?query={searchTerms}";
}
{
Alias = "no";
Name = "NixOS Options";
Description = "Search NixOS options by name or description.";
IconURL = "https://nixos.org/favicon.png";
URLTemplate = "https://search.nixos.org/options?query={searchTerms}";
}
];
Default = "SearXNG";
Remove = [ "YouTube" "Google" "Twitter" "Yahoo" ];
};
FirefoxSuggest = {
WebSuggestions = false;
SponsoredSuggestions = false;
ImproveSuggest = false;
Locked = true;
};
Preferences = {
"layout.spellcheckDefault" = {
Value = 0;
Status = "locked";
};
};
};
});
torBrowser = (pkgs.unstable.tor-browser-bundle-bin.override {
mediaSupport = true; mediaSupport = true;
pulseaudioSupport = true; pulseaudioSupport = true;
}; }).overrideAttrs (attrs: {
postInstall = ''
rm $out/share/tor-browser/distribution/policies.json
install -Dvm644 ${policiesJson} $out/share/tor-browser/distribution/policies.json
'';
});
hostRunTorBrowser = pkgs.writeScriptBin "tor-browser" '' hostRunTorBrowser = pkgs.writeScriptBin "tor-browser" ''
${pkgs.socat}/bin/socat -d TCP-LISTEN:6000,fork,bind=192.168.7.10 UNIX-CONNECT:/tmp/.X11-unix/X0 & ${pkgs.socat}/bin/socat -d TCP-LISTEN:6000,fork,bind=192.168.7.10 UNIX-CONNECT:/tmp/.X11-unix/X0 &
@ -62,7 +116,7 @@ in
isNormalUser = true; isNormalUser = true;
home = "/home/browser"; home = "/home/browser";
openssh.authorizedKeys.keys = data.publicKeys.users.jan; openssh.authorizedKeys.keys = data.publicKeys.users.jan;
extraGroups = [ "audio" "video" ]; extraGroups = [ "pulse-access" ];
packages = [ clientRunTorBrowser ]; packages = [ clientRunTorBrowser ];
}; };
}; };