From 8c08adcbed1dad0ffda23129f209422716628e4c Mon Sep 17 00:00:00 2001
From: casual <casualcca@gmail.com>
Date: Wed, 29 Jan 2025 15:16:47 +0300
Subject: [PATCH] init

---
 flake.lock                        | 27 ++++++++++++
 flake.nix                         | 43 +++++++++++++++++++
 modules/nixos/default.nix         | 13 ++++++
 modules/nixos/fix_malloc_pkgs.nix | 69 +++++++++++++++++++++++++++++++
 overlay.nix                       | 39 +++++++++++++++++
 5 files changed, 191 insertions(+)
 create mode 100644 flake.lock
 create mode 100644 flake.nix
 create mode 100644 modules/nixos/default.nix
 create mode 100644 modules/nixos/fix_malloc_pkgs.nix
 create mode 100644 overlay.nix

diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..e0c48b0
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1738023785,
+        "narHash": "sha256-BPHmb3fUwdHkonHyHi1+x89eXB3kA1jffIpwPVJIVys=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "2b4230bf03deb33103947e2528cac2ed516c5c89",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-24.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..763651e
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,43 @@
+{
+  description = "A very basic flake";
+
+  inputs = {
+    # nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; 
+    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-24.11";
+  };
+
+  outputs = { self, nixpkgs }@inputs: 
+  	let
+    	forEachSystem = nixpkgs.lib.genAttrs [ #untested on non x86_64-linux
+   			"aarch64-linux"
+   	        "i686-linux"
+   	        "x86_64-linux"
+   	        "aarch64-darwin"
+   	        "x86_64-darwin"
+   	         ];
+        forEachPkgs = f: forEachSystem (sys: f nixpkgs.legacyPackages.${sys});
+
+        overlayList = [ self.overlays.default ];
+        pkgsBySystem = forEachSystem (
+          system:
+          import nixpkgs {
+            inherit system;
+            overlays = overlayList;
+          }
+        );
+    in
+    rec {
+   		# overlays = import ./overlay.nix { inherit inputs; };
+	    # packages = forEachPkgs (pkgs: import ./pkgs { inherit pkgs; });
+	    # devShells = forEachPkgs (pkgs: import ./shell.nix { inherit pkgs; });
+	    # formatter = forEachPkgs (pkgs: pkgs.nixpkgs-fmt);
+
+		#TODO make overlay import via  nixos module
+	
+		# for future
+	    nixosModules = import ./modules/nixos  { overlays = overlayList; };
+	    # darwinModules = import ./modules/darwin  { overlays = overlayList; };
+ 	};
+}
+
+
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
new file mode 100644
index 0000000..e8373af
--- /dev/null
+++ b/modules/nixos/default.nix
@@ -0,0 +1,13 @@
+{ overlays }:
+
+{
+  fix_malloc_pkgs = import ./fix_malloc_pkgs.nix;
+
+  overlayNixpkgsForThisInstance =
+    { pkgs, ... }:
+    {
+      nixpkgs = {
+        inherit overlays;
+      };
+    };
+}
diff --git a/modules/nixos/fix_malloc_pkgs.nix b/modules/nixos/fix_malloc_pkgs.nix
new file mode 100644
index 0000000..c767db0
--- /dev/null
+++ b/modules/nixos/fix_malloc_pkgs.nix
@@ -0,0 +1,69 @@
+{
+  config,
+  pkgs,
+  lib ? pkgs.lib,
+  ...
+}:
+
+with lib;
+
+let
+
+  cfg = config.services.fix_malloc_pkgs;
+
+in
+
+{
+  ###### interface
+  options = {
+
+    services.fix_malloc_pkgs = rec {
+
+      enable = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          Enable overlay to disable custom memory allocators to affected packages (based on grapheneos-light)
+        '';
+      };
+
+      # the simple-go-server does not actually support specifying a port 
+      # so this actually does nothing, but it could/should be picked up and 
+      # inserted into the systemd config for the service
+      # port = mkOption {
+      #   type = types.int;
+      #   default = 8080;
+      #   description = ''
+      #     The port to run the service on 
+      #   '';
+      # };
+    };
+
+  };
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    nixpkgs.overlays = [
+
+		(self: super: {
+		firefox = pkgs.symlinkJoin {
+			      name = "firefox";
+			      paths = [ super.firefox];
+			      buildInputs = [ pkgs.makeWrapper pkgs.bubblewrap ];
+			      postBuild = ''
+			        bwrap --dev-bind / / --ro-bind /dev/null $(readlink /etc/static/ld-nix.so.preload) $out/bin/firefox
+			      '';
+			    };
+	    })
+
+		(final: prev: {
+		tor-browser =  prev.buildFHSEnv  {
+			    runScript = "${pkgs.bubblewrap}/bin/bwrap --dev-bind / / --ro-bind /dev/null $(readlink /etc/static/ld-nix.so.preload) $out/bin/tor-browser";
+			  };
+		})
+    ];
+  };
+
+}
diff --git a/overlay.nix b/overlay.nix
new file mode 100644
index 0000000..7157cf6
--- /dev/null
+++ b/overlay.nix
@@ -0,0 +1,39 @@
+{inputs, pkgs,...}: {
+  # Add new packages
+  # default = final: _prev: import ./pkgs {pkgs = final;};
+
+  # This one contains whatever you want to overlay
+  # You can change versions, add patches, set compilation flags, anything really.
+  # https://nixos.wiki/wiki/Overlays
+  modifications = self: super: {
+
+	# Example - https://discourse.nixos.org/t/overriding-package-with-environment-variable-wrap/22466/3
+  	# discord-canary = pkgs.symlinkJoin {
+   #    name = "discord-canary";
+   #    paths = [ super.discord-canary];
+   #    buildInputs = [ pkgs.makeWrapper ];
+   #    postBuild = ''
+   #      wrapProgram $out/opt/DiscordCanary/DiscordCanary --set GDK_SCALE 2 --set XCURSOR_SIZE 64
+   #    '';
+   #  };
+	#example 2? - https://discourse.nixos.org/t/overriding-the-buildfhs-runscript-attribute/49582
+	# burpsuite =  prev.buildFHSEnv  {
+	#     runScript = "my new runScript!";
+	#   };
+   
+
+	firefox = pkgs.symlinkJoin {
+	      name = "firefox";
+	      paths = [ super.firefox];
+	      buildInputs = [ pkgs.makeWrapper pkgs.bubblewrap ];
+	      postBuild = ''
+	        bwrap --dev-bind / / --ro-bind /dev/null $(readlink /etc/static/ld-nix.so.preload) $out/bin/firefox
+	      '';
+	    };
+
+	tor-browser =  super.buildFHSEnv  {
+	    runScript = "${pkgs.bubblewrap}/bin/bwrap --dev-bind / / --ro-bind /dev/null $(readlink /etc/static/ld-nix.so.preload) $out/bin/tor-browser";
+	  };
+    
+  };
+}