commit 867b6f3017a626a791d1c8f4f4dbae15fdd87a4f Author: unexplrd Date: Wed Dec 31 20:05:41 2025 +0200 initial diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..12731de --- /dev/null +++ b/.gitignore @@ -0,0 +1,6 @@ +# direnv +.direnv/ + +# nix +result +result-* diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..45e9630 --- /dev/null +++ b/flake.lock @@ -0,0 +1,211 @@ +{ + "nodes": { + "blueprint": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1763308703, + "narHash": "sha256-O9Y+Wer8wOh+N+4kcCK5p/VLrXyX+ktk0/s3HdZvJzk=", + "owner": "numtide", + "repo": "blueprint", + "rev": "5a9bba070f801d63e2af3c9ef00b86b212429f4f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "blueprint", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "ixx": { + "inputs": { + "flake-utils": [ + "nix-bwrapper", + "nuschtosSearch", + "flake-utils" + ], + "nixpkgs": [ + "nix-bwrapper", + "nuschtosSearch", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754860581, + "narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=", + "owner": "NuschtOS", + "repo": "ixx", + "rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "ref": "v0.1.1", + "repo": "ixx", + "type": "github" + } + }, + "nix-bwrapper": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "nuschtosSearch": "nuschtosSearch", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1766319780, + "narHash": "sha256-Uh5180wjvBtSgtJ9zccZ7hu7bd7nvrnb6ff0nDwT2Rw=", + "owner": "Naxdy", + "repo": "nix-bwrapper", + "rev": "3b0d58d4d3e8da89147369d803926998798443e4", + "type": "github" + }, + "original": { + "owner": "Naxdy", + "repo": "nix-bwrapper", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1766651565, + "narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nuschtosSearch": { + "inputs": { + "flake-utils": "flake-utils", + "ixx": "ixx", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758662783, + "narHash": "sha256-igrxT+/MnmcftPOHEb+XDwAMq3Xg1Xy7kVYQaHhPlAg=", + "owner": "NuschtOS", + "repo": "search", + "rev": "7d4c0fc4ffe3bd64e5630417162e9e04e64b27a4", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "repo": "search", + "type": "github" + } + }, + "root": { + "inputs": { + "blueprint": "blueprint", + "nix-bwrapper": "nix-bwrapper", + "nixpkgs": "nixpkgs", + "zen-browser": "zen-browser" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758728421, + "narHash": "sha256-ySNJ008muQAds2JemiyrWYbwbG+V7S5wg3ZVKGHSFu8=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "5eda4ee8121f97b218f7cc73f5172098d458f1d1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "zen-browser": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1766377218, + "narHash": "sha256-y3g3OqPB0tmRjbHJNnJKivSQRtAJR+/9S1xbxBWEatg=", + "owner": "youwen5", + "repo": "zen-browser-flake", + "rev": "2f61341b32dd69c07e147188e67e09ba2bb99c33", + "type": "github" + }, + "original": { + "owner": "youwen5", + "repo": "zen-browser-flake", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..7b79a2f --- /dev/null +++ b/flake.nix @@ -0,0 +1,21 @@ +{ + description = "unexplrd's flake for bwrapped (and maybe other) packages"; + + # Add all your dependencies here + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs?ref=nixos-unstable"; + blueprint.url = "github:numtide/blueprint"; + blueprint.inputs.nixpkgs.follows = "nixpkgs"; + + nix-bwrapper.url = "github:Naxdy/nix-bwrapper"; + nix-bwrapper.inputs.nixpkgs.follows = "nixpkgs"; + nix-bwrapper.inputs.nuschtosSearch.inputs.nixpkgs.follows = "nixpkgs"; + nix-bwrapper.inputs.treefmt-nix.inputs.nixpkgs.follows = "nixpkgs"; + + zen-browser.url = "github:youwen5/zen-browser-flake"; + zen-browser.inputs.nixpkgs.follows = "nixpkgs"; + }; + + # Load the blueprint + outputs = inputs: inputs.blueprint {inherit inputs;}; +} diff --git a/packages/helium-browser-bwrapped/default.nix b/packages/helium-browser-bwrapped/default.nix new file mode 100644 index 0000000..e9f5a31 --- /dev/null +++ b/packages/helium-browser-bwrapped/default.nix @@ -0,0 +1,78 @@ +{ + # lib, + # pkgs, + inputs, + system, + perSystem, + addPkgs ? [], + bwrapperOpts ? {}, + # packageOverrides ? {}, + unfreePkgs ? [], + ... +}: let + pkgs = import inputs.nixpkgs { + inherit system; + overlays = [inputs.nix-bwrapper.overlays.bwrapper]; + + config.allowUnfreePredicate = pkg: + builtins.elem (pkgs.lib.getName pkg) unfreePkgs; + }; +in (pkgs.mkBwrapper (pkgs.lib.attrsets.recursiveUpdate rec { + app = { + inherit addPkgs; + package = perSystem.self.helium-browser; + id = "net.imput.Helium" + "_bwrapped"; + # runScript = "helium"; + env = { + GSETTINGS_BACKEND = "dconf"; + }; + }; + fhsenv.opts.dieWithParent = false; + + # https://github.com/flathub/io.github.ungoogled_software.ungoogled_chromium/blob/master/io.github.ungoogled_software.ungoogled_chromium.yaml + dbus.system.talks = [ + "org.bluez" + "org.freedesktop.Avahi" + "org.freedesktop.UPower" + ]; + dbus.session.talks = [ + # "org.a11y.Bus" + # "org.gtk.vfs.*" + + "ca.desrt.dconf" + "com.canonical.AppMenu.Registrar" + "org.cinnamon.ScreenSaver" + "org.freedesktop.FileManager1" + "org.freedesktop.Notifications" + "org.freedesktop.ScreenSaver" + "org.freedesktop.secrets" + "org.gnome.Mutter.IdleMonitor.*" + "org.gnome.ScreenSaver" + "org.gnome.SessionManager" + "org.kde.StatusNotifierWatcher" + "org.kde.kwalletd5" + "org.kde.kwalletd6" + "org.xfce.ScreenSaver" + ]; + dbus.session.owns = [ + "org.mpris.MediaPlayer2.chromium.*" + ]; + mounts.readWrite = [ + # - --filesystem=/run/.heim_org.h5l.kcm-socket + # - --filesystem=host-etc + # "$XDG_RUNTIME_DIR/app/${app.id}" + # "$XDG_RUNTIME_DIR/speech-dispatcher:ro" + "$XDG_RUNTIME_DIR/pipewire-0" + + # For GNOME proxy resolution + "$XDG_RUNTIME_DIR/dconf" + + # To install a PWA application + "$HOME/.local/share/applications" + "$HOME/.local/share/icons" + ]; + mounts.read = [ + "$HOME/.config/dconf" + ]; + } + bwrapperOpts)) diff --git a/packages/helium-browser/default.nix b/packages/helium-browser/default.nix new file mode 100644 index 0000000..73909e2 --- /dev/null +++ b/packages/helium-browser/default.nix @@ -0,0 +1,175 @@ +{ + system, + inputs, + ... +}: let + pkgs = import inputs.nixpkgs { + inherit system; + # config.allowUnfree = true; + }; + + version = "0.7.7.1"; + + srcs = { + x86_64-linux = { + url = "https://github.com/imputnet/helium-linux/releases/download/${version}/helium-${version}-x86_64_linux.tar.xz"; + hash = "sha256-aY9GwIDPTcskm55NluSyxkCHC6drd6BdBaNYZhrzlRE="; + }; + aarch64-linux = { + url = "https://github.com/imputnet/helium-linux/releases/download/${version}/helium-${version}-arm64_linux.tar.xz"; + hash = "sha256-76hJ19/bHzdE1//keGF9imYkMHOy6VHpA56bxEkgwgA="; + }; + x86_64-darwin = { + url = "https://github.com/imputnet/helium-macos/releases/download/${version}/helium_${version}_x86_64-macos.dmg"; + hash = "sha256-LtxzeBkECRML+q+qtcTljuFoPefuZdk1PIcdDqSGl0Y="; + }; + aarch64-darwin = { + url = "https://github.com/imputnet/helium-macos/releases/download/${version}/helium_${version}_arm64-macos.dmg"; + hash = "sha256-iFE2OigeG+sDfGKmuqqb6LKUyxhZ2Jcti+jLzeHMLYM="; + }; + }; +in + pkgs.stdenv.mkDerivation { + pname = "helium"; + inherit version; + + src = pkgs.fetchurl (srcs.${system} or (throw "Unsupported system: ${system}")); + + nativeBuildInputs = with pkgs; + [ + makeWrapper + ] + ++ pkgs.lib.optionals stdenv.isLinux [ + autoPatchelfHook + copyDesktopItems + ] + ++ pkgs.lib.optionals stdenv.isDarwin [ + _7zz + ]; + + unpackCmd = pkgs.lib.optionalString pkgs.stdenv.isDarwin '' + 7zz x $src + ''; + + buildInputs = with pkgs; + pkgs.lib.optionals stdenv.isLinux [ + alsa-lib + at-spi2-atk + at-spi2-core + atk + cairo + cups + dbus + expat + fontconfig + freetype + gdk-pixbuf + glib + gtk3 + libGL + xorg.libX11 + xorg.libXScrnSaver + xorg.libXcomposite + xorg.libXcursor + xorg.libXdamage + xorg.libXext + xorg.libXfixes + xorg.libXi + xorg.libXrandr + xorg.libXrender + xorg.libXtst + libdrm + libgbm + libpulseaudio + xorg.libxcb + libxkbcommon + mesa + nspr + nss + pango + pipewire + systemd + vulkan-loader + wayland + libxshmfence + libuuid + kdePackages.qtbase + ]; + + autoPatchelfIgnoreMissingDeps = pkgs.lib.optionals pkgs.stdenv.isLinux [ + "libQt6Core.so.6" + "libQt6Gui.so.6" + "libQt6Widgets.so.6" + "libQt5Core.so.5" + "libQt5Gui.so.5" + "libQt5Widgets.so.5" + ]; + + dontWrapQtApps = pkgs.stdenv.isLinux; + + installPhase = + if pkgs.stdenv.isDarwin + then '' + runHook preInstall + + mkdir -p $out/Applications/Helium.app + cp -r . $out/Applications/Helium.app + + mkdir -p $out/bin + makeWrapper $out/Applications/Helium.app/Contents/MacOS/Helium $out/bin/helium \ + --add-flags "--disable-component-update" \ + --add-flags "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" \ + --add-flags "--check-for-update-interval=0" \ + --add-flags "--disable-background-networking" + + runHook postInstall + '' + else '' + runHook preInstall + + mkdir -p $out/bin $out/opt/helium + cp -r * $out/opt/helium + + # The binary is named 'chrome' in the tarball + makeWrapper $out/opt/helium/chrome $out/bin/helium \ + --prefix LD_LIBRARY_PATH : "${pkgs.lib.makeLibraryPath (with pkgs; [ + libGL + libvdpau + libva + pipewire + ])}" \ + --add-flags "--ozone-platform-hint=auto" \ + --add-flags "--enable-features=WaylandWindowDecorations" \ + --add-flags "--disable-component-update" \ + --add-flags "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" \ + --add-flags "--check-for-update-interval=0" \ + --add-flags "--disable-background-networking" + + # Install icon + mkdir -p $out/share/icons/hicolor/256x256/apps + cp $out/opt/helium/product_logo_256.png $out/share/icons/hicolor/256x256/apps/helium.png + + runHook postInstall + ''; + + desktopItems = pkgs.lib.optionals pkgs.stdenv.isLinux [ + (pkgs.makeDesktopItem { + name = "helium"; + exec = "helium %U"; + icon = "helium"; + desktopName = "Helium"; + genericName = "Web Browser"; + categories = ["Network" "WebBrowser"]; + terminal = false; + mimeTypes = ["text/html" "text/xml" "application/xhtml+xml" "x-scheme-handler/http" "x-scheme-handler/https"]; + }) + ]; + + meta = with pkgs.lib; { + description = "Private, fast, and honest web browser based on ungoogled-chromium"; + homepage = "https://helium.computer/"; + license = licenses.gpl3Only; + platforms = ["x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin"]; + mainProgram = "helium"; + }; + } diff --git a/packages/legcord-bwrapped/default.nix b/packages/legcord-bwrapped/default.nix new file mode 100644 index 0000000..8dd1741 --- /dev/null +++ b/packages/legcord-bwrapped/default.nix @@ -0,0 +1,51 @@ +{ + # lib, + # pkgs, + inputs, + system, + # perSystem, + addPkgs ? [], + bwrapperOpts ? {}, + packageOverrides ? {}, + unfreePkgs ? [], + ... +}: let + pkgs = import inputs.nixpkgs { + config.allowUnfreePredicate = pkg: + builtins.elem (pkgs.lib.getName pkg) unfreePkgs; + + inherit system; + overlays = [inputs.nix-bwrapper.overlays.bwrapper]; + }; +in (pkgs.mkBwrapper (pkgs.lib.attrsets.recursiveUpdate { + app = { + inherit addPkgs; + package = pkgs.legcord.override packageOverrides; + runScript = "legcord"; + # TODO: figure out the right id + id = "dev.pzurek.Legcord" + "_bwrapped"; + execArgs = "--disable-gpu-memory-buffer-video-frames"; + env = { + ELECTRON_TRASH = "gio"; + }; + }; + mounts.readWrite = [ + "$XDG_RUNTIME_DIR/app/com.discordapp.Discord" + "$XDG_RUNTIME_DIR/speech-dispatcher" + # "$HOME/Downloads" + ]; + dbus.session.talks = [ + "org.freedesktop.ScreenSaver" + "org.kde.StatusNotifierWatcher" + "com.canonical.AppMenu.Registrar" + "com.canonical.indicator.application" + "com.canonical.Unity" + ]; + dbus.system.talks = [ + "org.freedesktop.UPower" + ]; + dbus.session.owns = [ + "com.discordapp.Discord" + ]; + } + bwrapperOpts)) diff --git a/packages/materialgram-bwrapped/default.nix b/packages/materialgram-bwrapped/default.nix new file mode 100644 index 0000000..74233bf --- /dev/null +++ b/packages/materialgram-bwrapped/default.nix @@ -0,0 +1,43 @@ +{ + # lib, + # pkgs, + inputs, + system, + unfreePkgs ? [], + addPkgs ? [], + packageOverrides ? {}, + bwrapperOpts ? {}, + ... +}: let + pkgs = import inputs.nixpkgs { + config.allowUnfreePredicate = pkg: + builtins.elem (pkgs.lib.getName pkg) unfreePkgs; + + inherit system; + overlays = [inputs.nix-bwrapper.overlays.bwrapper]; + }; +in (pkgs.mkBwrapper (pkgs.lib.attrsets.recursiveUpdate rec { + app = { + inherit addPkgs; + package = pkgs.materialgram.override packageOverrides; + id = "io.github.kukuruzka165.materialgram" + "_bwrapped"; + }; + mounts.read = [ + ]; + dbus.session.talks = [ + "org.freedesktop.Notifications" + "org.gnome.Mutter.IdleMonitor" + "org.kde.StatusNotifierWatcher" + "com.canonical.AppMenu.Registrar" + "com.canonical.indicator.application" + "org.ayatana.indicator.application" + "org.sigxcpu.Feedback" + # "org.a11y.Bus" + "org.gtk.vfs.*" + "org.freedesktop.portal.FileChooser" + ]; + # dbus.system.talks = [ + # "org.freedesktop.UDisks2" + # ]; + } + bwrapperOpts)) diff --git a/packages/obsidian-bwrapped/default.nix b/packages/obsidian-bwrapped/default.nix new file mode 100644 index 0000000..82d477d --- /dev/null +++ b/packages/obsidian-bwrapped/default.nix @@ -0,0 +1,49 @@ +{ + # lib, + # pkgs, + inputs, + system, + addPkgs ? [], + bwrapperOpts ? {}, + isCli ? false, + packageOverrides ? {}, + unfreePkgs ? ["obsidian"], + ... +}: let + pkgs = import inputs.nixpkgs { + config.allowUnfreePredicate = pkg: + builtins.elem (pkgs.lib.getName pkg) unfreePkgs; + + inherit system; + overlays = [inputs.nix-bwrapper.overlays.bwrapper]; + }; +in + pkgs.mkBwrapper (pkgs.lib.attrsets.recursiveUpdate rec { + app = { + inherit addPkgs; + package = pkgs.obsidian.override packageOverrides; + id = "md.obsidian.Obsidian" + "_bwrapped"; + }; + # app.overwriteExec = !isCli; + # isFhsenv = true; + app.env = { + XDG_DATA_DIRS = "$XDG_DATA_DIRS"; + }; + fhsenv.opts.dieWithParent = false; + + fhsenv.skipExtraInstallCmds = isCli; + sockets = { + x11 = !isCli; + wayland = !isCli; + pulseaudio = !isCli; + pipewire = !isCli; + }; + mounts.readWrite = [ + "$XDG_RUNTIME_DIR/app/${app.id}" + ]; + mounts.read = [ + # "$HOME/.local/share/applications" + # "$HOME/.config/mimeapps.list" + ]; + } + bwrapperOpts) diff --git a/packages/opencode-bwrapped/default.nix b/packages/opencode-bwrapped/default.nix new file mode 100644 index 0000000..fe522fc --- /dev/null +++ b/packages/opencode-bwrapped/default.nix @@ -0,0 +1,42 @@ +{ + # lib, + # pkgs, + inputs, + system, + addPkgs ? [], + bwrapperOpts ? {}, + isCli ? true, + packageOverrides ? {}, + unfreePkgs ? [], + ... +}: let + pkgs = import inputs.nixpkgs { + config.allowUnfreePredicate = pkg: + builtins.elem (pkgs.lib.getName pkg) unfreePkgs; + + inherit system; + overlays = [inputs.nix-bwrapper.overlays.bwrapper]; + }; +in + pkgs.mkBwrapper (pkgs.lib.attrsets.recursiveUpdate { + app = { + inherit addPkgs; + package = pkgs.opencode.override packageOverrides; + # runScript = "opencode"; + }; + # app.overwriteExec = !isCli; + # isFhsenv = true; + + fhsenv.skipExtraInstallCmds = isCli; + sockets = { + x11 = !isCli; + wayland = !isCli; + pulseaudio = !isCli; + pipewire = !isCli; + }; + mounts.readWrite = [ + "$PWD" + # "$HOME/.local/share/opencode" + ]; + } + bwrapperOpts) diff --git a/packages/prismlauncher-bwrapped/default.nix b/packages/prismlauncher-bwrapped/default.nix new file mode 100644 index 0000000..f0b133a --- /dev/null +++ b/packages/prismlauncher-bwrapped/default.nix @@ -0,0 +1,45 @@ +{ + # lib, + # pkgs, + inputs, + system, + unfreePkgs ? [], + addPkgs ? [], + packageOverrides ? {}, + bwrapperOpts ? {}, + ... +}: let + pkgs = import inputs.nixpkgs { + config.allowUnfreePredicate = pkg: + builtins.elem (pkgs.lib.getName pkg) unfreePkgs; + + inherit system; + overlays = [inputs.nix-bwrapper.overlays.bwrapper]; + }; +in (pkgs.mkBwrapper (pkgs.lib.attrsets.recursiveUpdate rec { + app = { + inherit addPkgs; + # addPkgs = with pkgs; [mangohud gamemode gamescope glfw3-minecraft]; + package = pkgs.prismlauncher.override ( + pkgs.lib.attrsets.recursiveUpdate + { + additionalPrograms = app.addPkgs; + } + packageOverrides + ); + id = "org.prismlauncher.PrismLauncher" + "_bwrapped"; + runScript = "prismlauncher"; + }; + mounts.read = [ + "/sys/kernel/mm/hugepages" + "/sys/kernel/mm/transparent_hugepage" + ]; + dbus.session.talks = [ + "org.a11y.Bus" + "org.gtk.vfs.*" + ]; + dbus.system.talks = [ + "org.freedesktop.UDisks2" + ]; + } + bwrapperOpts)) diff --git a/packages/steam-bwrapped/default.nix b/packages/steam-bwrapped/default.nix new file mode 100644 index 0000000..21dab7a --- /dev/null +++ b/packages/steam-bwrapped/default.nix @@ -0,0 +1,60 @@ +{ + # lib, + # pkgs, + inputs, + system, + addPkgs ? [], + bwrapperOpts ? {}, + packageOverrides ? {}, + unfreePkgs ? [], + ... +}: let + pkgs = import inputs.nixpkgs { + config.allowUnfreePredicate = pkg: + builtins.elem (pkgs.lib.getName pkg) unfreePkgs; + + inherit system; + overlays = [inputs.nix-bwrapper.overlays.bwrapper]; + }; +in + pkgs.mkBwrapper (pkgs.lib.attrsets.recursiveUpdate { + app = rec { + inherit addPkgs; + # addPkgs = with pkgs; [mangohud gamemode gamescope]; + # TODO: why is it working under `~/.bwrapper/bash-interactive`? + package = pkgs.steam.override (pkgs.lib.attrsets.recursiveUpdate { + extraPkgs = pkgs: addPkgs; + } + packageOverrides); + id = "com.valvesoftware.Steam" + "_bwrapped"; + runScript = "steam"; + isFhsenv = true; + }; + fhsenv.opts.dieWithParent = false; + # mounts.readWrite = [ + # "/storage/games/steam" + # # "/sys/kernel/mm/transparent_hugepage" + # ]; + mounts.sandbox = [ + { + name = "dot-steam"; + path = "$HOME/.steam"; + } + ]; + dbus.session.talks = [ + "org.a11y.Bus" + "org.gtk.vfs.*" + "org.gnome.SettingsDaemon.MediaKeys" + "org.freedesktop.ScreenSaver" + "org.freedesktop.PowerManagement" + "org.freedesktop.Notifications" + ]; + dbus.session.owns = [ + "com.steampowered.*" + ]; + dbus.system.talks = [ + "org.freedesktop.UDisks2" + "org.freedesktop.UPower" + ]; + } + bwrapperOpts) diff --git a/packages/telegram-desktop-bwrapped/default.nix b/packages/telegram-desktop-bwrapped/default.nix new file mode 100644 index 0000000..1671cc6 --- /dev/null +++ b/packages/telegram-desktop-bwrapped/default.nix @@ -0,0 +1,43 @@ +{ + # lib, + # pkgs, + inputs, + system, + unfreePkgs ? [], + addPkgs ? [], + packageOverrides ? {}, + bwrapperOpts ? {}, + ... +}: let + pkgs = import inputs.nixpkgs { + config.allowUnfreePredicate = pkg: + builtins.elem (pkgs.lib.getName pkg) unfreePkgs; + + inherit system; + overlays = [inputs.nix-bwrapper.overlays.bwrapper]; + }; +in (pkgs.mkBwrapper (pkgs.lib.attrsets.recursiveUpdate rec { + app = { + inherit addPkgs; + package = pkgs.telegram-desktop.override packageOverrides; + id = "org.telegram.desktop" + "_bwrapped"; + }; + mounts.read = [ + ]; + dbus.session.talks = [ + "org.freedesktop.Notifications" + "org.gnome.Mutter.IdleMonitor" + "org.kde.StatusNotifierWatcher" + "com.canonical.AppMenu.Registrar" + "com.canonical.indicator.application" + "org.ayatana.indicator.application" + "org.sigxcpu.Feedback" + # "org.a11y.Bus" + "org.gtk.vfs.*" + "org.freedesktop.portal.FileChooser" + ]; + # dbus.system.talks = [ + # "org.freedesktop.UDisks2" + # ]; + } + bwrapperOpts)) diff --git a/packages/zen-browser-bwrapped/default.nix b/packages/zen-browser-bwrapped/default.nix new file mode 100644 index 0000000..c6b8757 --- /dev/null +++ b/packages/zen-browser-bwrapped/default.nix @@ -0,0 +1,58 @@ +{ + # lib, + # pkgs, + inputs, + system, + perSystem, + addPkgs ? [], + bwrapperOpts ? {}, + packageOverrides ? {}, + unfreePkgs ? [], + ... +}: let + pkgs = import inputs.nixpkgs { + config.allowUnfreePredicate = pkg: + builtins.elem (pkgs.lib.getName pkg) unfreePkgs; + + inherit system; + overlays = [inputs.nix-bwrapper.overlays.bwrapper]; + }; +in (pkgs.mkBwrapper (pkgs.lib.attrsets.recursiveUpdate rec { + # fhsenv.skipExtraInstallCmds = true; + + fhsenv.extraInstallCmds = '' + mv $out/bin/zen-browser $out/bin/zen + ''; + app = { + inherit addPkgs; + package = perSystem.zen-browser.zen-browser.override packageOverrides; + id = "app.zen_browser.zen" + "_bwrapped"; + runScript = "zen"; + # isFhsenv = true; + }; + mounts.readWrite = [ + # "$XDG_RUNTIME_DIR/doc/by-app" + "$XDG_RUNTIME_DIR/app/${app.id}" + "$XDG_RUNTIME_DIR/speech-dispatcher:ro" + # "$HOME/downloads" + ]; + mounts.sandbox = [ + { + name = "config/zen"; + path = "$HOME/.zen"; + } + ]; + dbus.session.talks = [ + "org.a11y.Bus" + "org.gtk.vfs.*" + ]; + dbus.system.talks = [ + "org.freedesktop.NetworkManager" + "org.freedesktop.UPower" + ]; + dbus.session.owns = [ + "org.mozilla.zen.*" + "org.mpris.MediaPlayer2.firefox.*" + ]; + } + bwrapperOpts))