failed to npins, patch phoenix

2026-01-25 10:58:46 +01:00
parent 6e7e52aecf 5c99e52e09
commit e4305c15ac
6 changed files with 103 additions and 67 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -744,11 +744,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1766543224,
+        "lastModified": 1769035606,
-        "narHash": "sha256-96PBoNqh3sPU9t+IXxcB1OjjuQ8HOv42OOh9UtwFHbU=",
+        "narHash": "sha256-I9pKhfhAz3JsGBLIqr9MNycTEQn0Bc3jzf0mKeWLlsE=",
        "owner": "celenityy",
        "repo": "Phoenix",
-        "rev": "f09568c8a71af4fe42dd43c6f711c67daf605f1e",
+        "rev": "07d9be8cbf938962f9847b0970274b885ff48792",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -63,6 +63,7 @@
    stylix,
    ...
  }: let
    phoenix' = (import ./modules/nixos/phoenix.nix) {inherit phoenix;};
    nix-zulip' = (import "${nix-zulip}/nix/default.nix" {}).output;
    machines = import ./machines.nix;
    configuration = machine: modules:
@@ -80,7 +81,7 @@
            impermanence.nixosModules.impermanence
            nixos-mailserver.nixosModule
            noshell.nixosModules.default
-            phoenix.nixosModules.default
+            phoenix'.phoenixModule
            nix-zulip'.nixosModules.zulip
            {
              nixpkgs.overlays = [
--- a/machines.nix
+++ b/machines.nix
@@ -20,7 +20,7 @@
      ./modules/nixos/laptop.nix
      # vpn
-      ./modules/nixos/openvpn-client.nix
+      # ./modules/nixos/openvpn-client.nix
      # ly display manager
      ./modules/nixos/ly.nix
--- a/modules/nixos/phoenix.nix
+++ b/modules/nixos/phoenix.nix
@@ -0,0 +1,61 @@
 {phoenix, ...}: rec {
  phoenixOverlay = final: prev: {
    phoenix = (final.callPackage (import "${phoenix}/nix/package.nix")
      {
      }).overrideAttrs {
      patches = [
        ../../patches/0001-autoDisableScopes-unlocked.patch
      ];
    };
    withPhoenix = firefoxPackage:
      firefoxPackage.override {
        extraPoliciesFiles = ["${final.phoenix}/policies.json"];
        extraPrefsFiles = ["${final.phoenix}/phoenix.cfg"];
      };
  };
  phoenixModule = {
    pkgs,
    config,
    lib,
    ...
  }: {
    options.programs.firefox.phoenix = {
      enable =
        lib.mkEnableOption "Enable privacy & security hardening of Firefox using the Phoenix configs"
        // {
          default = true;
        };
      firefoxPackages = lib.mkOption {
        type = lib.types.listOf lib.types.str;
        default = ["firefox"];
        description = "The name of Firefox packages of current pkgs to patch with phoenix config and policy.";
      };
    };
    config = let
      cfg = config.programs.firefox.phoenix;
    in
      lib.mkIf cfg.enable {
        assertions = [
          {
            assertion = !pkgs.stdenv.isDarwin;
            message = "Phoenix module has not been ported to nix-darwin yet. Contributions welcomed.";
          }
        ];
        environment.etc."firefox/defaults/pref/phoenix-desktop.js".source = "${pkgs.phoenix}/pref/phoenix-desktop.js";
        environment.etc."firefox/phoenix/userjs".source = "${pkgs.phoenix}/userjs";
        environment.etc."firefox/phoenix/configs".source = "${pkgs.phoenix}/configs";
        environment.etc."firefox/phoenix/assets".source = "${pkgs.phoenix}/assets";
        programs.firefox.policies =
          (builtins.fromJSON (builtins.readFile "${pkgs.phoenix}/policies.json")).policies;
        nixpkgs.overlays = [
          phoenixOverlay
          (
            final: prev:
              builtins.listToAttrs (
                map (p: lib.nameValuePair p (final.withPhoenix prev.${p})) cfg.firefoxPackages
              )
          )
        ];
      };
  };
 }
--- a/patches/0001-autoDisableScopes-unlocked.patch
+++ b/patches/0001-autoDisableScopes-unlocked.patch
@@ -0,0 +1,25 @@
 From 1eeab7cf3b5d41e3e10959ef2ff5298eac86c9fa Mon Sep 17 00:00:00 2001
 From: andromeda <andromeda@lenovo>
 Date: Sun, 25 Jan 2026 10:41:03 +0100
 Subject: [PATCH] autoDisableScopes unlocked
 ---
 build/phoenix-unified.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/build/phoenix-unified.js b/build/phoenix-unified.js
 index e183890e..fd58b176 100644
 --- a/build/phoenix-unified.js
 +++ b/build/phoenix-unified.js
@@ -2204,7 +2204,7 @@ pref("xpinstall.whitelist.add.NoScript.PBM", "https://noscript.net^privateBrowsi
 // https://archive.is/DYjAM
 // https://support.mozilla.org/kb/deploying-firefox-with-extensions
 // https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/extensions/internal/AddonSettings.sys.mjs#125
 -pref("extensions.autoDisableScopes", 15, locked); // [DEFAULT - non-Thunderbird] Defense in depth, ensures sideloaded extensions are always disabled by default...
 +pref("extensions.autoDisableScopes", 15); // [DEFAULT - non-Thunderbird] Defense in depth, ensures sideloaded extensions are always disabled by default...
 pref("extensions.enabledScopes", 5); // [HIDDEN]
 pref("extensions.installDistroAddons", false); // [HIDDEN - non-Android] [DEFAULT - Android]
 pref("extensions.sideloadScopes", 0); // [HIDDEN]
 -- 
 2.52.0
--- a/users/andromeda/home.nix
+++ b/users/andromeda/home.nix
@@ -98,69 +98,18 @@ in {
        cfg.enableTridactylNative = true;
      };
      profiles.${config.home.username} = {
-        extensions.packages = [
+        extensions = {
-          pkgs.nur.repos.rycee.firefox-addons.tridactyl
+          force = true;
-        ];
+          packages = [
-        search = {
+            pkgs.nur.repos.rycee.firefox-addons.tridactyl
-          default = "ddghtml";
+          ];
-          privateDefault = "ddghtml";
+        };
-          order = [
+        search = {
-            "wiki"
+          default = "DuckDuckGo (HTML)";
-            "options"
+          privateDefault = "DuckDuckGo (HTML)";
-            "packages"
+          order = [
-            "repos"
+            "DuckDuckGo (HTML)"
          ];
          engines = {
            "packages" = {
              urls = [
                {
                  template = "https://search.nixos.org/packages";
                  params = [
                    {
                      name = "channel";
                      value = "unstable";
                    }
                    {
                      name = "query";
                      value = "{searchTerms}";
                    }
                  ];
                }
              ];
            };
            "options" = {
              urls = [
                {
                  template = "https://search.nixos.org/options";
                  params = [
                    {
                      name = "channel";
                      value = "unstable";
                    }
                    {
                      name = "query";
                      value = "{searchTerms}";
                    }
                  ];
                }
              ];
            };
            "wiki" = {
              urls = [
                {
                  template = "https://wiki.nixos.org/w/index.php";
                  params = [
                    {
                      name = "search";
                      value = "{searchTerms}";
                    }
                  ];
                }
              ];
            };
          };
        };
        settings = {
          "extensions.autoDisableScopes" = 0;