init

2025-01-29 15:16:47 +03:00 · 2025-01-29 15:16:47 +03:00 · 8c08adcbed
commit 8c08adcbed
parent 3eefa8298a
5 changed files with 191 additions and 0 deletions
--- a/flake.lock
+++ b/flake.lock
@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1738023785,
+        "narHash": "sha256-BPHmb3fUwdHkonHyHi1+x89eXB3kA1jffIpwPVJIVys=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "2b4230bf03deb33103947e2528cac2ed516c5c89",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-24.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,43 @@
+{
+  description = "A very basic flake";
+
+  inputs = {
+    # nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; 
+    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-24.11";
+  };
+
+  outputs = { self, nixpkgs }@inputs: 
+  	let
+    	forEachSystem = nixpkgs.lib.genAttrs [ #untested on non x86_64-linux
+   			"aarch64-linux"
+   	        "i686-linux"
+   	        "x86_64-linux"
+   	        "aarch64-darwin"
+   	        "x86_64-darwin"
+   	         ];
+        forEachPkgs = f: forEachSystem (sys: f nixpkgs.legacyPackages.${sys});
+
+        overlayList = [ self.overlays.default ];
+        pkgsBySystem = forEachSystem (
+          system:
+          import nixpkgs {
+            inherit system;
+            overlays = overlayList;
+          }
+        );
+    in
+    rec {
+   		# overlays = import ./overlay.nix { inherit inputs; };
+	    # packages = forEachPkgs (pkgs: import ./pkgs { inherit pkgs; });
+	    # devShells = forEachPkgs (pkgs: import ./shell.nix { inherit pkgs; });
+	    # formatter = forEachPkgs (pkgs: pkgs.nixpkgs-fmt);
+
+		#TODO make overlay import via  nixos module
+	
+		# for future
+	    nixosModules = import ./modules/nixos  { overlays = overlayList; };
+	    # darwinModules = import ./modules/darwin  { overlays = overlayList; };
+ 	};
+}
+
+
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@ -0,0 +1,13 @@
+{ overlays }:
+
+{
+  fix_malloc_pkgs = import ./fix_malloc_pkgs.nix;
+
+  overlayNixpkgsForThisInstance =
+    { pkgs, ... }:
+    {
+      nixpkgs = {
+        inherit overlays;
+      };
+    };
+}
--- a/modules/nixos/fix_malloc_pkgs.nix
+++ b/modules/nixos/fix_malloc_pkgs.nix
@ -0,0 +1,69 @@
+{
+  config,
+  pkgs,
+  lib ? pkgs.lib,
+  ...
+}:
+
+with lib;
+
+let
+
+  cfg = config.services.fix_malloc_pkgs;
+
+in
+
+{
+  ###### interface
+  options = {
+
+    services.fix_malloc_pkgs = rec {
+
+      enable = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          Enable overlay to disable custom memory allocators to affected packages (based on grapheneos-light)
+        '';
+      };
+
+      # the simple-go-server does not actually support specifying a port 
+      # so this actually does nothing, but it could/should be picked up and 
+      # inserted into the systemd config for the service
+      # port = mkOption {
+      #   type = types.int;
+      #   default = 8080;
+      #   description = ''
+      #     The port to run the service on 
+      #   '';
+      # };
+    };
+
+  };
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    nixpkgs.overlays = [
+
+		(self: super: {
+		firefox = pkgs.symlinkJoin {
+			      name = "firefox";
+			      paths = [ super.firefox];
+			      buildInputs = [ pkgs.makeWrapper pkgs.bubblewrap ];
+			      postBuild = ''
+			        bwrap --dev-bind / / --ro-bind /dev/null $(readlink /etc/static/ld-nix.so.preload) $out/bin/firefox
+			      '';
+			    };
+	    })
+
+		(final: prev: {
+		tor-browser =  prev.buildFHSEnv  {
+			    runScript = "${pkgs.bubblewrap}/bin/bwrap --dev-bind / / --ro-bind /dev/null $(readlink /etc/static/ld-nix.so.preload) $out/bin/tor-browser";
+			  };
+		})
+    ];
+  };
+
+}
--- a/overlay.nix
+++ b/overlay.nix
@ -0,0 +1,39 @@
+{inputs, pkgs,...}: {
+  # Add new packages
+  # default = final: _prev: import ./pkgs {pkgs = final;};
+
+  # This one contains whatever you want to overlay
+  # You can change versions, add patches, set compilation flags, anything really.
+  # https://nixos.wiki/wiki/Overlays
+  modifications = self: super: {
+
+	# Example - https://discourse.nixos.org/t/overriding-package-with-environment-variable-wrap/22466/3
+  	# discord-canary = pkgs.symlinkJoin {
+   #    name = "discord-canary";
+   #    paths = [ super.discord-canary];
+   #    buildInputs = [ pkgs.makeWrapper ];
+   #    postBuild = ''
+   #      wrapProgram $out/opt/DiscordCanary/DiscordCanary --set GDK_SCALE 2 --set XCURSOR_SIZE 64
+   #    '';
+   #  };
+	#example 2? - https://discourse.nixos.org/t/overriding-the-buildfhs-runscript-attribute/49582
+	# burpsuite =  prev.buildFHSEnv  {
+	#     runScript = "my new runScript!";
+	#   };
+   
+
+	firefox = pkgs.symlinkJoin {
+	      name = "firefox";
+	      paths = [ super.firefox];
+	      buildInputs = [ pkgs.makeWrapper pkgs.bubblewrap ];
+	      postBuild = ''
+	        bwrap --dev-bind / / --ro-bind /dev/null $(readlink /etc/static/ld-nix.so.preload) $out/bin/firefox
+	      '';
+	    };
+
+	tor-browser =  super.buildFHSEnv  {
+	    runScript = "${pkgs.bubblewrap}/bin/bwrap --dev-bind / / --ro-bind /dev/null $(readlink /etc/static/ld-nix.so.preload) $out/bin/tor-browser";
+	  };
+    
+  };
+}