diff --git a/packages/helium-browser-bwrapped/default.nix b/packages/helium-browser-bwrapped/default.nix new file mode 100644 index 0000000..bc61ecc --- /dev/null +++ b/packages/helium-browser-bwrapped/default.nix @@ -0,0 +1,77 @@ +{ + # lib, + # pkgs, + inputs, + system, + perSystem, + addPkgs ? [], + bwrapperOpts ? {}, + # packageOverrides ? {}, + unfreePkgs ? [], + ... +}: let + pkgs = import inputs.nixpkgs { + config.allowUnfreePredicate = pkg: + builtins.elem (pkgs.lib.getName pkg) unfreePkgs; + + inherit system; + overlays = [inputs.nix-bwrapper.overlays.bwrapper]; + }; +in (pkgs.mkBwrapper (pkgs.lib.attrsets.recursiveUpdate rec { + app = { + inherit addPkgs; + package = perSystem.self.helium-browser; + id = "net.imput.Helium" + "_bwrapped"; + runScript = "helium"; + env = { + GSETTINGS_BACKEND = "dconf"; + }; + }; + + # https://github.com/flathub/io.github.ungoogled_software.ungoogled_chromium/blob/master/io.github.ungoogled_software.ungoogled_chromium.yaml + dbus.system.talks = [ + "org.bluez" + "org.freedesktop.Avahi" + "org.freedesktop.UPower" + ]; + dbus.session.talks = [ + # "org.a11y.Bus" + # "org.gtk.vfs.*" + + "ca.desrt.dconf" + "com.canonical.AppMenu.Registrar" + "org.cinnamon.ScreenSaver" + "org.freedesktop.FileManager1" + "org.freedesktop.Notifications" + "org.freedesktop.ScreenSaver" + "org.freedesktop.secrets" + "org.gnome.Mutter.IdleMonitor.*" + "org.gnome.ScreenSaver" + "org.gnome.SessionManager" + "org.kde.StatusNotifierWatcher" + "org.kde.kwalletd5" + "org.kde.kwalletd6" + "org.xfce.ScreenSaver" + ]; + dbus.session.owns = [ + "org.mpris.MediaPlayer2.chromium.*" + ]; + mounts.readWrite = [ + # - --filesystem=/run/.heim_org.h5l.kcm-socket + # - --filesystem=host-etc + # "$XDG_RUNTIME_DIR/app/${app.id}" + # "$XDG_RUNTIME_DIR/speech-dispatcher:ro" + "$XDG_RUNTIME_DIR/pipewire-0" + + # For GNOME proxy resolution + "$XDG_RUNTIME_DIR/dconf" + + # To install a PWA application + "~/.local/share/applications" + "~/.local/share/icons" + ]; + mounts.read = [ + "$HOME/.config/dconf" + ]; + } + bwrapperOpts)) diff --git a/packages/helium-browser-bwrapped/helium.nix b/packages/helium-browser-bwrapped/helium.nix new file mode 100644 index 0000000..882a20e --- /dev/null +++ b/packages/helium-browser-bwrapped/helium.nix @@ -0,0 +1,61 @@ +{ + pkgs, + perSystem, + ... +}: +pkgs.mkBwrapper rec { + app = { + package = perSystem.helium-browser.helium; #.override packageOverrides; + id = "net.imput.Helium" + "_bwrapped"; + runScript = "helium"; + env = { + GSETTINGS_BACKEND = "dconf"; + }; + }; + + # https://github.com/flathub/io.github.ungoogled_software.ungoogled_chromium/blob/master/io.github.ungoogled_software.ungoogled_chromium.yaml + dbus.system.talks = [ + "org.bluez" + "org.freedesktop.Avahi" + "org.freedesktop.UPower" + ]; + dbus.session.talks = [ + # "org.a11y.Bus" + # "org.gtk.vfs.*" + + "ca.desrt.dconf" + "com.canonical.AppMenu.Registrar" + "org.cinnamon.ScreenSaver" + "org.freedesktop.FileManager1" + "org.freedesktop.Notifications" + "org.freedesktop.ScreenSaver" + "org.freedesktop.secrets" + "org.gnome.Mutter.IdleMonitor.*" + "org.gnome.ScreenSaver" + "org.gnome.SessionManager" + "org.kde.StatusNotifierWatcher" + "org.kde.kwalletd5" + "org.kde.kwalletd6" + "org.xfce.ScreenSaver" + ]; + dbus.session.owns = [ + "org.mpris.MediaPlayer2.chromium.*" + ]; + mounts.readWrite = [ + # - --filesystem=/run/.heim_org.h5l.kcm-socket + # - --filesystem=host-etc + "$XDG_RUNTIME_DIR/app/${app.id}" + # "$XDG_RUNTIME_DIR/speech-dispatcher:ro" + # "$XDG_RUNTIME_DIR/pipewire-0" + "$XDG_DOCUMENTS_DIR" + "$XDG_DOWNLOAD_DIR" + "$XDG_MUSIC_DIR" + "$XDG_VIDEOS_DIR" + "$XDG_PICTURES_DIR" + # For GNOME proxy resolution + "$XDG_RUNTIME_DIR/dconf" + ]; + mounts.read = [ + "$HOME/.config/dconf" + ]; +} diff --git a/packages/helium-browser/default.nix b/packages/helium-browser/default.nix new file mode 100644 index 0000000..e3d9d2a --- /dev/null +++ b/packages/helium-browser/default.nix @@ -0,0 +1,175 @@ +{ + system, + inputs, + ... +}: let + pkgs = import inputs.nixpkgs { + inherit system; + config.allowUnfree = true; + }; + + version = "0.7.7.1"; + + srcs = { + x86_64-linux = { + url = "https://github.com/imputnet/helium-linux/releases/download/${version}/helium-${version}-x86_64_linux.tar.xz"; + hash = "sha256-aY9GwIDPTcskm55NluSyxkCHC6drd6BdBaNYZhrzlRE="; + }; + aarch64-linux = { + url = "https://github.com/imputnet/helium-linux/releases/download/${version}/helium-${version}-arm64_linux.tar.xz"; + hash = "sha256-76hJ19/bHzdE1//keGF9imYkMHOy6VHpA56bxEkgwgA="; + }; + x86_64-darwin = { + url = "https://github.com/imputnet/helium-macos/releases/download/${version}/helium_${version}_x86_64-macos.dmg"; + hash = "sha256-LtxzeBkECRML+q+qtcTljuFoPefuZdk1PIcdDqSGl0Y="; + }; + aarch64-darwin = { + url = "https://github.com/imputnet/helium-macos/releases/download/${version}/helium_${version}_arm64-macos.dmg"; + hash = "sha256-iFE2OigeG+sDfGKmuqqb6LKUyxhZ2Jcti+jLzeHMLYM="; + }; + }; +in + pkgs.stdenv.mkDerivation { + pname = "helium"; + inherit version; + + src = pkgs.fetchurl (srcs.${system} or (throw "Unsupported system: ${system}")); + + nativeBuildInputs = with pkgs; + [ + makeWrapper + ] + ++ pkgs.lib.optionals stdenv.isLinux [ + autoPatchelfHook + copyDesktopItems + ] + ++ pkgs.lib.optionals stdenv.isDarwin [ + _7zz + ]; + + unpackCmd = pkgs.lib.optionalString pkgs.stdenv.isDarwin '' + 7zz x $src + ''; + + buildInputs = with pkgs; + pkgs.lib.optionals stdenv.isLinux [ + alsa-lib + at-spi2-atk + at-spi2-core + atk + cairo + cups + dbus + expat + fontconfig + freetype + gdk-pixbuf + glib + gtk3 + libGL + xorg.libX11 + xorg.libXScrnSaver + xorg.libXcomposite + xorg.libXcursor + xorg.libXdamage + xorg.libXext + xorg.libXfixes + xorg.libXi + xorg.libXrandr + xorg.libXrender + xorg.libXtst + libdrm + libgbm + libpulseaudio + xorg.libxcb + libxkbcommon + mesa + nspr + nss + pango + pipewire + systemd + vulkan-loader + wayland + libxshmfence + libuuid + kdePackages.qtbase + ]; + + autoPatchelfIgnoreMissingDeps = pkgs.lib.optionals pkgs.stdenv.isLinux [ + "libQt6Core.so.6" + "libQt6Gui.so.6" + "libQt6Widgets.so.6" + "libQt5Core.so.5" + "libQt5Gui.so.5" + "libQt5Widgets.so.5" + ]; + + dontWrapQtApps = pkgs.stdenv.isLinux; + + installPhase = + if pkgs.stdenv.isDarwin + then '' + runHook preInstall + + mkdir -p $out/Applications/Helium.app + cp -r . $out/Applications/Helium.app + + mkdir -p $out/bin + makeWrapper $out/Applications/Helium.app/Contents/MacOS/Helium $out/bin/helium \ + --add-flags "--disable-component-update" \ + --add-flags "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" \ + --add-flags "--check-for-update-interval=0" \ + --add-flags "--disable-background-networking" + + runHook postInstall + '' + else '' + runHook preInstall + + mkdir -p $out/bin $out/opt/helium + cp -r * $out/opt/helium + + # The binary is named 'chrome' in the tarball + makeWrapper $out/opt/helium/chrome $out/bin/helium \ + --prefix LD_LIBRARY_PATH : "${pkgs.lib.makeLibraryPath (with pkgs; [ + libGL + libvdpau + libva + pipewire + ])}" \ + --add-flags "--ozone-platform-hint=auto" \ + --add-flags "--enable-features=WaylandWindowDecorations" \ + --add-flags "--disable-component-update" \ + --add-flags "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" \ + --add-flags "--check-for-update-interval=0" \ + --add-flags "--disable-background-networking" + + # Install icon + mkdir -p $out/share/icons/hicolor/256x256/apps + cp $out/opt/helium/product_logo_256.png $out/share/icons/hicolor/256x256/apps/helium.png + + runHook postInstall + ''; + + desktopItems = pkgs.lib.optionals pkgs.stdenv.isLinux [ + (pkgs.makeDesktopItem { + name = "helium"; + exec = "helium %U"; + icon = "helium"; + desktopName = "Helium"; + genericName = "Web Browser"; + categories = ["Network" "WebBrowser"]; + terminal = false; + mimeTypes = ["text/html" "text/xml" "application/xhtml+xml" "x-scheme-handler/http" "x-scheme-handler/https"]; + }) + ]; + + meta = with pkgs.lib; { + description = "Private, fast, and honest web browser based on ungoogled-chromium"; + homepage = "https://helium.computer/"; + license = licenses.gpl3Only; + platforms = ["x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin"]; + mainProgram = "helium"; + }; + } diff --git a/packages/legcord-bwrapped/default.nix b/packages/legcord-bwrapped/default.nix new file mode 100644 index 0000000..8dd1741 --- /dev/null +++ b/packages/legcord-bwrapped/default.nix @@ -0,0 +1,51 @@ +{ + # lib, + # pkgs, + inputs, + system, + # perSystem, + addPkgs ? [], + bwrapperOpts ? {}, + packageOverrides ? {}, + unfreePkgs ? [], + ... +}: let + pkgs = import inputs.nixpkgs { + config.allowUnfreePredicate = pkg: + builtins.elem (pkgs.lib.getName pkg) unfreePkgs; + + inherit system; + overlays = [inputs.nix-bwrapper.overlays.bwrapper]; + }; +in (pkgs.mkBwrapper (pkgs.lib.attrsets.recursiveUpdate { + app = { + inherit addPkgs; + package = pkgs.legcord.override packageOverrides; + runScript = "legcord"; + # TODO: figure out the right id + id = "dev.pzurek.Legcord" + "_bwrapped"; + execArgs = "--disable-gpu-memory-buffer-video-frames"; + env = { + ELECTRON_TRASH = "gio"; + }; + }; + mounts.readWrite = [ + "$XDG_RUNTIME_DIR/app/com.discordapp.Discord" + "$XDG_RUNTIME_DIR/speech-dispatcher" + # "$HOME/Downloads" + ]; + dbus.session.talks = [ + "org.freedesktop.ScreenSaver" + "org.kde.StatusNotifierWatcher" + "com.canonical.AppMenu.Registrar" + "com.canonical.indicator.application" + "com.canonical.Unity" + ]; + dbus.system.talks = [ + "org.freedesktop.UPower" + ]; + dbus.session.owns = [ + "com.discordapp.Discord" + ]; + } + bwrapperOpts)) diff --git a/packages/prismlauncher-bwrapped/default.nix b/packages/prismlauncher-bwrapped/default.nix new file mode 100644 index 0000000..f0b133a --- /dev/null +++ b/packages/prismlauncher-bwrapped/default.nix @@ -0,0 +1,45 @@ +{ + # lib, + # pkgs, + inputs, + system, + unfreePkgs ? [], + addPkgs ? [], + packageOverrides ? {}, + bwrapperOpts ? {}, + ... +}: let + pkgs = import inputs.nixpkgs { + config.allowUnfreePredicate = pkg: + builtins.elem (pkgs.lib.getName pkg) unfreePkgs; + + inherit system; + overlays = [inputs.nix-bwrapper.overlays.bwrapper]; + }; +in (pkgs.mkBwrapper (pkgs.lib.attrsets.recursiveUpdate rec { + app = { + inherit addPkgs; + # addPkgs = with pkgs; [mangohud gamemode gamescope glfw3-minecraft]; + package = pkgs.prismlauncher.override ( + pkgs.lib.attrsets.recursiveUpdate + { + additionalPrograms = app.addPkgs; + } + packageOverrides + ); + id = "org.prismlauncher.PrismLauncher" + "_bwrapped"; + runScript = "prismlauncher"; + }; + mounts.read = [ + "/sys/kernel/mm/hugepages" + "/sys/kernel/mm/transparent_hugepage" + ]; + dbus.session.talks = [ + "org.a11y.Bus" + "org.gtk.vfs.*" + ]; + dbus.system.talks = [ + "org.freedesktop.UDisks2" + ]; + } + bwrapperOpts)) diff --git a/packages/steam-bwrapped/default.nix b/packages/steam-bwrapped/default.nix new file mode 100644 index 0000000..ead4ac8 --- /dev/null +++ b/packages/steam-bwrapped/default.nix @@ -0,0 +1,58 @@ +{ + # lib, + # pkgs, + inputs, + system, + addPkgs ? [], + bwrapperOpts ? {}, + packageOverrides ? {}, + unfreePkgs ? [], + ... +}: let + pkgs = import inputs.nixpkgs { + config.allowUnfreePredicate = pkg: + builtins.elem (pkgs.lib.getName pkg) unfreePkgs; + + inherit system; + overlays = [inputs.nix-bwrapper.overlays.bwrapper]; + }; +in + pkgs.mkBwrapper (pkgs.lib.attrsets.recursiveUpdate { + app = rec { + inherit addPkgs; + # addPkgs = with pkgs; [mangohud gamemode gamescope]; + package = pkgs.steam.override (pkgs.lib.attrsets.recursiveUpdate { + extraPkgs = pkgs: addPkgs; + } + packageOverrides); + id = "com.valvesoftware.Steam" + "_bwrapped"; + runScript = "steam"; + isFhsenv = true; + }; + # mounts.readWrite = [ + # "/storage/games/steam" + # # "/sys/kernel/mm/transparent_hugepage" + # ]; + mounts.sandbox = [ + { + name = "dot-steam"; + path = "$HOME/.steam"; + } + ]; + dbus.session.talks = [ + "org.a11y.Bus" + "org.gtk.vfs.*" + "org.gnome.SettingsDaemon.MediaKeys" + "org.freedesktop.ScreenSaver" + "org.freedesktop.PowerManagement" + "org.freedesktop.Notifications" + ]; + dbus.session.owns = [ + "com.steampowered.*" + ]; + dbus.system.talks = [ + "org.freedesktop.UDisks2" + "org.freedesktop.UPower" + ]; + } + bwrapperOpts) diff --git a/packages/zen-browser-bwrapped/default.nix b/packages/zen-browser-bwrapped/default.nix new file mode 100644 index 0000000..c6b8757 --- /dev/null +++ b/packages/zen-browser-bwrapped/default.nix @@ -0,0 +1,58 @@ +{ + # lib, + # pkgs, + inputs, + system, + perSystem, + addPkgs ? [], + bwrapperOpts ? {}, + packageOverrides ? {}, + unfreePkgs ? [], + ... +}: let + pkgs = import inputs.nixpkgs { + config.allowUnfreePredicate = pkg: + builtins.elem (pkgs.lib.getName pkg) unfreePkgs; + + inherit system; + overlays = [inputs.nix-bwrapper.overlays.bwrapper]; + }; +in (pkgs.mkBwrapper (pkgs.lib.attrsets.recursiveUpdate rec { + # fhsenv.skipExtraInstallCmds = true; + + fhsenv.extraInstallCmds = '' + mv $out/bin/zen-browser $out/bin/zen + ''; + app = { + inherit addPkgs; + package = perSystem.zen-browser.zen-browser.override packageOverrides; + id = "app.zen_browser.zen" + "_bwrapped"; + runScript = "zen"; + # isFhsenv = true; + }; + mounts.readWrite = [ + # "$XDG_RUNTIME_DIR/doc/by-app" + "$XDG_RUNTIME_DIR/app/${app.id}" + "$XDG_RUNTIME_DIR/speech-dispatcher:ro" + # "$HOME/downloads" + ]; + mounts.sandbox = [ + { + name = "config/zen"; + path = "$HOME/.zen"; + } + ]; + dbus.session.talks = [ + "org.a11y.Bus" + "org.gtk.vfs.*" + ]; + dbus.system.talks = [ + "org.freedesktop.NetworkManager" + "org.freedesktop.UPower" + ]; + dbus.session.owns = [ + "org.mozilla.zen.*" + "org.mpris.MediaPlayer2.firefox.*" + ]; + } + bwrapperOpts))