aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--default.nix8
-rw-r--r--nix/lib.nix36
2 files changed, 44 insertions, 0 deletions
diff --git a/default.nix b/default.nix
index f986dcc..57c27c5 100644
--- a/default.nix
+++ b/default.nix
@@ -42,6 +42,9 @@ in rec {
noTunnels
noLocation
safebrowsing.disableAll
+ trackingprotection.disableAll
+
+ replaceAllUrls
# restrict
# distrustUser
@@ -81,6 +84,11 @@ in rec {
bundle = ffLib.bundle bundleConfig;
launcher = ffLib.launcher bundle;
+ export = ffLib.export {
+ inherit (bundleConfig) policies preferences;
+ selfPath = "/opt/firefox";
+ };
+
/*
bundle = profiles.bundle {
policies = {
diff --git a/nix/lib.nix b/nix/lib.nix
index e152df9..179223b 100644
--- a/nix/lib.nix
+++ b/nix/lib.nix
@@ -84,6 +84,42 @@ rec {
}) // { inherit policies preferences; };
in wrapped;
+ # This attempts to provide a start for deploying Nix-configured profiles to
+ # systems which do not have Nix installed, and where /nix/store is undesired.
+ # It does this by bundling all referenced store items into $out, and rewriting
+ # references to those store items.
+ export = { selfPath, policies ? {}, preferences ? {} }: pkgs.stdenv.mkDerivation rec {
+ name = "firefox-profile-export";
+ nativeBuildInputs = [ pkgs.jq ];
+
+ allowedRequisites = [];
+
+ buildCommand =
+ let
+ policyFile = mkPolicies policies;
+ prefsFile = mkPrefs preferences;
+
+ closure = pkgs.closureInfo {
+ rootPaths = [
+ policyFile prefsFile
+ ];
+ };
+ in ''
+ mkdir $out $out/store
+
+ storePaths=$(cat ${closure}/store-paths)
+ for p in $storePaths; do
+ cp -a "$p" $out/store/"$(basename "$p" | sed -e 's|\([a-z0-9]\{32\}\)-||')"
+ done
+
+ mv $out/store/prefs.js $out/
+ jq < $out/store/policies.json > $out/policies.json
+
+ find $out -type f -print0 |
+ xargs -0I{} -- sed -i -e "s|$NIX_STORE/\\([a-z0-9]\{32\}\\)-|${selfPath}/store/|g" "{}"
+ '';
+ };
+
launcher = firefox: pkgs.writeShellScriptBin "firefox" ''
# FF doesn't accept ro profiles, tries to create lockfile
TMP_PROFILE="$(mktemp -d)"