system/modules/nixos/programs/browsers/default.nix

107 lines
2.9 KiB
Nix

{ config, pkgs, lib, ... }:
let
cfg = config.local.programs.browsers;
contPackages =
lib.optional cfg.tor-browser.enable cfg.tor-browser.finalPackage
++ lib.optional cfg.librewolf.enable cfg.librewolf.finalPackage
++ lib.optional cfg.mullvad-browser.enable cfg.mullvad-browser.finalPackage
++ lib.optional cfg.ungoogled-chromium.enable cfg.ungoogled-chromium.package;
hostPackages = lib.flip map contPackages (p:
let
hostRunBrowser = pkgs.writeScript "cont-run-browser" ''
sudo nixos-container run browsers -- su -l jan -c "$*"
'';
hostBrowserScript = pkgs.writeScriptBin "${p.meta.mainProgram}" ''
${hostRunBrowser} ${p.meta.mainProgram} $@
'';
in
pkgs.runCommand "${p.meta.mainProgram}" { } ''
mkdir $out
cp -r ${hostBrowserScript}/bin $out/bin
cp -r ${p}/share $out/share
''
);
isEnable = cfg.tor-browser.enable
or cfg.librewolf.enable
or cfg.mullvad-browser.enable;
in
{
imports = [
./tor-browser.nix
./mullvad-browser.nix
./librewolf.nix
./ungoogled-chromium.nix
];
config = lib.mkIf isEnable {
environment.systemPackages = hostPackages;
local.sound.systemWide = true;
containers.browsers = {
autoStart = true;
ephemeral = true;
restartIfChanged = false;
bindMounts = lib.mkMerge [
{
"/tmp/.X11-unix" = { };
"/home/jan/Downloads" = {
isReadOnly = false;
hostPath = "/home/jan/downloads/browser";
};
}
(lib.mkIf config.hardware.graphics.enable {
"/run/opengl-driver/lib" = { };
})
(lib.mkIf config.hardware.graphics.enable32Bit {
"/run/opengl-driver-32/lib" = { };
})
(lib.mkIf cfg.librewolf.enable {
"/home/jan/.librewolf" = {
isReadOnly = false;
hostPath = "/persistent/per-machine/browsers/home/jan/.librewolf";
};
})
(lib.mkIf cfg.ungoogled-chromium.enable {
"/home/jan/.config/chromium" = {
isReadOnly = false;
hostPath = "/persistent/per-machine/browsers/home/jan/.config/chromium";
};
})
(lib.mkIf config.local.programs.communication.telegram.enable {
"/home/jan/downloads/telegram" = { };
})
];
config = { pkgs, ... }: {
system.stateVersion = "23.11";
fonts = {
inherit (config.fonts) enableDefaultPackages packages;
fontconfig = { inherit (config.fonts.fontconfig) defaultFonts; };
};
networking.hosts = config.networking.hosts;
users.users.jan = {
isNormalUser = true;
home = "/home/jan";
password = "hello";
extraGroups = [ "pulse-access" ];
packages = contPackages;
};
environment.sessionVariables = {
DISPLAY = ":0";
PULSE_SERVER = "tcp:127.0.0.1:4713";
};
};
};
};
}