init

2025-01-29 15:16:47 +03:00 · 2025-01-29 15:16:47 +03:00 · 8c08adcbed
commit 8c08adcbed
parent 3eefa8298a
5 changed files with 191 additions and 0 deletions
--- a/flake.lock
+++ b/flake.lock
@ -0,0 +1,27 @@
 {
  "nodes": {
    "nixpkgs": {
      "locked": {
        "lastModified": 1738023785,
        "narHash": "sha256-BPHmb3fUwdHkonHyHi1+x89eXB3kA1jffIpwPVJIVys=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "2b4230bf03deb33103947e2528cac2ed516c5c89",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-24.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "nixpkgs": "nixpkgs"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,43 @@
 {
  description = "A very basic flake";
  inputs = {
    # nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; 
    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-24.11";
  };
  outputs = { self, nixpkgs }@inputs: 
  	let
    	forEachSystem = nixpkgs.lib.genAttrs [ #untested on non x86_64-linux
   			"aarch64-linux"
   	        "i686-linux"
   	        "x86_64-linux"
   	        "aarch64-darwin"
   	        "x86_64-darwin"
   	         ];
        forEachPkgs = f: forEachSystem (sys: f nixpkgs.legacyPackages.${sys});
        overlayList = [ self.overlays.default ];
        pkgsBySystem = forEachSystem (
          system:
          import nixpkgs {
            inherit system;
            overlays = overlayList;
          }
        );
    in
    rec {
   		# overlays = import ./overlay.nix { inherit inputs; };
 	    # packages = forEachPkgs (pkgs: import ./pkgs { inherit pkgs; });
 	    # devShells = forEachPkgs (pkgs: import ./shell.nix { inherit pkgs; });
 	    # formatter = forEachPkgs (pkgs: pkgs.nixpkgs-fmt);
 		#TODO make overlay import via  nixos module
 		# for future
 	    nixosModules = import ./modules/nixos  { overlays = overlayList; };
 	    # darwinModules = import ./modules/darwin  { overlays = overlayList; };
 	};
 }
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@ -0,0 +1,13 @@
 { overlays }:
 {
  fix_malloc_pkgs = import ./fix_malloc_pkgs.nix;
  overlayNixpkgsForThisInstance =
    { pkgs, ... }:
    {
      nixpkgs = {
        inherit overlays;
      };
    };
 }
--- a/modules/nixos/fix_malloc_pkgs.nix
+++ b/modules/nixos/fix_malloc_pkgs.nix
@ -0,0 +1,69 @@
 {
  config,
  pkgs,
  lib ? pkgs.lib,
  ...
 }:
 with lib;
 let
  cfg = config.services.fix_malloc_pkgs;
 in
 {
  ###### interface
  options = {
    services.fix_malloc_pkgs = rec {
      enable = mkOption {
        type = types.bool;
        default = true;
        description = ''
          Enable overlay to disable custom memory allocators to affected packages (based on grapheneos-light)
        '';
      };
      # the simple-go-server does not actually support specifying a port 
      # so this actually does nothing, but it could/should be picked up and 
      # inserted into the systemd config for the service
      # port = mkOption {
      #   type = types.int;
      #   default = 8080;
      #   description = ''
      #     The port to run the service on 
      #   '';
      # };
    };
  };
  ###### implementation
  config = mkIf cfg.enable {
    nixpkgs.overlays = [
 		(self: super: {
 		firefox = pkgs.symlinkJoin {
 			      name = "firefox";
 			      paths = [ super.firefox];
 			      buildInputs = [ pkgs.makeWrapper pkgs.bubblewrap ];
 			      postBuild = ''
 			        bwrap --dev-bind / / --ro-bind /dev/null $(readlink /etc/static/ld-nix.so.preload) $out/bin/firefox
 			      '';
 			    };
 	    })
 		(final: prev: {
 		tor-browser =  prev.buildFHSEnv  {
 			    runScript = "${pkgs.bubblewrap}/bin/bwrap --dev-bind / / --ro-bind /dev/null $(readlink /etc/static/ld-nix.so.preload) $out/bin/tor-browser";
 			  };
 		})
    ];
  };
 }
--- a/overlay.nix
+++ b/overlay.nix
@ -0,0 +1,39 @@
 {inputs, pkgs,...}: {
  # Add new packages
  # default = final: _prev: import ./pkgs {pkgs = final;};
  # This one contains whatever you want to overlay
  # You can change versions, add patches, set compilation flags, anything really.
  # https://nixos.wiki/wiki/Overlays
  modifications = self: super: {
 	# Example - https://discourse.nixos.org/t/overriding-package-with-environment-variable-wrap/22466/3
  	# discord-canary = pkgs.symlinkJoin {
   #    name = "discord-canary";
   #    paths = [ super.discord-canary];
   #    buildInputs = [ pkgs.makeWrapper ];
   #    postBuild = ''
   #      wrapProgram $out/opt/DiscordCanary/DiscordCanary --set GDK_SCALE 2 --set XCURSOR_SIZE 64
   #    '';
   #  };
 	#example 2? - https://discourse.nixos.org/t/overriding-the-buildfhs-runscript-attribute/49582
 	# burpsuite =  prev.buildFHSEnv  {
 	#     runScript = "my new runScript!";
 	#   };
 	firefox = pkgs.symlinkJoin {
 	      name = "firefox";
 	      paths = [ super.firefox];
 	      buildInputs = [ pkgs.makeWrapper pkgs.bubblewrap ];
 	      postBuild = ''
 	        bwrap --dev-bind / / --ro-bind /dev/null $(readlink /etc/static/ld-nix.so.preload) $out/bin/firefox
 	      '';
 	    };
 	tor-browser =  super.buildFHSEnv  {
 	    runScript = "${pkgs.bubblewrap}/bin/bwrap --dev-bind / / --ro-bind /dev/null $(readlink /etc/static/ld-nix.so.preload) $out/bin/tor-browser";
 	  };
  };
 }