From 2992d92e6ce0d7c96ccded0747d8815d8cfed956 Mon Sep 17 00:00:00 2001
From: tilpner
Date: Sun, 14 Jun 2020 21:48:09 +0200
Subject: lib: add escape-hatch exporting mechanism

---
 default.nix |  8 ++++++++
 nix/lib.nix | 36 ++++++++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+)

diff --git a/default.nix b/default.nix
index f986dcc..57c27c5 100644
--- a/default.nix
+++ b/default.nix
@@ -42,6 +42,9 @@ in rec {
     noTunnels
     noLocation
     safebrowsing.disableAll
+    trackingprotection.disableAll
+
+    replaceAllUrls
     # restrict
     # distrustUser
 
@@ -81,6 +84,11 @@ in rec {
   bundle = ffLib.bundle bundleConfig;
   launcher = ffLib.launcher bundle;
 
+  export = ffLib.export {
+    inherit (bundleConfig) policies preferences;
+    selfPath = "/opt/firefox";
+  };
+
 /*
   bundle = profiles.bundle {
     policies = {
diff --git a/nix/lib.nix b/nix/lib.nix
index e152df9..179223b 100644
--- a/nix/lib.nix
+++ b/nix/lib.nix
@@ -84,6 +84,42 @@ rec {
       }) // { inherit policies preferences; };
     in wrapped;
 
+  # This attempts to provide a start for deploying Nix-configured profiles to
+  # systems which do not have Nix installed, and where /nix/store is undesired.
+  # It does this by bundling all referenced store items into $out, and rewriting
+  # references to those store items.
+  export = { selfPath, policies ? {}, preferences ? {} }: pkgs.stdenv.mkDerivation rec {
+    name = "firefox-profile-export";
+    nativeBuildInputs = [ pkgs.jq ];
+
+    allowedRequisites = [];
+
+    buildCommand =
+      let
+        policyFile = mkPolicies policies;
+        prefsFile = mkPrefs preferences;
+
+        closure = pkgs.closureInfo {
+          rootPaths = [
+            policyFile prefsFile
+          ];
+        };
+      in ''
+      mkdir $out $out/store
+
+      storePaths=$(cat ${closure}/store-paths)
+      for p in $storePaths; do
+        cp -a "$p" $out/store/"$(basename "$p" | sed -e 's|\([a-z0-9]\{32\}\)-||')"
+      done
+
+      mv $out/store/prefs.js $out/
+      jq < $out/store/policies.json > $out/policies.json
+
+      find $out -type f -print0 |
+        xargs -0I{} -- sed -i -e "s|$NIX_STORE/\\([a-z0-9]\{32\}\\)-|${selfPath}/store/|g" "{}"
+    '';
+  };
+
   launcher = firefox: pkgs.writeShellScriptBin "firefox" ''
     # FF doesn't accept ro profiles, tries to create lockfile
     TMP_PROFILE="$(mktemp -d)"
-- 
cgit v1.2.3