diff options
-rw-r--r-- | default.nix | 8 | ||||
-rw-r--r-- | nix/lib.nix | 36 |
2 files changed, 44 insertions, 0 deletions
diff --git a/default.nix b/default.nix index f986dcc..57c27c5 100644 --- a/default.nix +++ b/default.nix @@ -42,6 +42,9 @@ in rec { noTunnels noLocation safebrowsing.disableAll + trackingprotection.disableAll + + replaceAllUrls # restrict # distrustUser @@ -81,6 +84,11 @@ in rec { bundle = ffLib.bundle bundleConfig; launcher = ffLib.launcher bundle; + export = ffLib.export { + inherit (bundleConfig) policies preferences; + selfPath = "/opt/firefox"; + }; + /* bundle = profiles.bundle { policies = { diff --git a/nix/lib.nix b/nix/lib.nix index e152df9..179223b 100644 --- a/nix/lib.nix +++ b/nix/lib.nix @@ -84,6 +84,42 @@ rec { }) // { inherit policies preferences; }; in wrapped; + # This attempts to provide a start for deploying Nix-configured profiles to + # systems which do not have Nix installed, and where /nix/store is undesired. + # It does this by bundling all referenced store items into $out, and rewriting + # references to those store items. + export = { selfPath, policies ? {}, preferences ? {} }: pkgs.stdenv.mkDerivation rec { + name = "firefox-profile-export"; + nativeBuildInputs = [ pkgs.jq ]; + + allowedRequisites = []; + + buildCommand = + let + policyFile = mkPolicies policies; + prefsFile = mkPrefs preferences; + + closure = pkgs.closureInfo { + rootPaths = [ + policyFile prefsFile + ]; + }; + in '' + mkdir $out $out/store + + storePaths=$(cat ${closure}/store-paths) + for p in $storePaths; do + cp -a "$p" $out/store/"$(basename "$p" | sed -e 's|\([a-z0-9]\{32\}\)-||')" + done + + mv $out/store/prefs.js $out/ + jq < $out/store/policies.json > $out/policies.json + + find $out -type f -print0 | + xargs -0I{} -- sed -i -e "s|$NIX_STORE/\\([a-z0-9]\{32\}\\)-|${selfPath}/store/|g" "{}" + ''; + }; + launcher = firefox: pkgs.writeShellScriptBin "firefox" '' # FF doesn't accept ro profiles, tries to create lockfile TMP_PROFILE="$(mktemp -d)" |