70 lines
1.4 KiB
Nix
70 lines
1.4 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib ? pkgs.lib,
|
|
...
|
|
}:
|
|
|
|
with lib;
|
|
|
|
let
|
|
|
|
cfg = config.services.fix_malloc_pkgs;
|
|
|
|
in
|
|
|
|
{
|
|
###### interface
|
|
options = {
|
|
|
|
services.fix_malloc_pkgs = rec {
|
|
|
|
enable = mkOption {
|
|
type = types.bool;
|
|
default = true;
|
|
description = ''
|
|
Enable overlay to disable custom memory allocators to affected packages (based on grapheneos-light)
|
|
'';
|
|
};
|
|
|
|
# the simple-go-server does not actually support specifying a port
|
|
# so this actually does nothing, but it could/should be picked up and
|
|
# inserted into the systemd config for the service
|
|
# port = mkOption {
|
|
# type = types.int;
|
|
# default = 8080;
|
|
# description = ''
|
|
# The port to run the service on
|
|
# '';
|
|
# };
|
|
};
|
|
|
|
};
|
|
|
|
###### implementation
|
|
|
|
config = mkIf cfg.enable {
|
|
|
|
nixpkgs.overlays = [
|
|
|
|
(self: super: {
|
|
firefox = pkgs.symlinkJoin {
|
|
name = "firefox";
|
|
paths = [ super.firefox];
|
|
buildInputs = [ pkgs.makeWrapper pkgs.bubblewrap ];
|
|
postBuild = ''
|
|
bwrap --dev-bind / / --ro-bind /dev/null $(readlink /etc/static/ld-nix.so.preload) $out/bin/firefox
|
|
'';
|
|
};
|
|
})
|
|
|
|
(final: prev: {
|
|
tor-browser = prev.buildFHSEnv {
|
|
runScript = "${pkgs.bubblewrap}/bin/bwrap --dev-bind / / --ro-bind /dev/null $(readlink /etc/static/ld-nix.so.preload) $out/bin/tor-browser";
|
|
};
|
|
})
|
|
];
|
|
};
|
|
|
|
}
|