l browsers: use firefox directly, RIP xjails

2023-02-21 07:35:27 +01:00 · 2023-02-21 07:35:27 +01:00 · 0ea0723933
commit 0ea0723933
parent 92cfeace54
7 changed files with 18 additions and 302 deletions
--- a/lass/1systems/aergia/config.nix
+++ b/lass/1systems/aergia/config.nix
@ -48,11 +48,6 @@
  };
  hardware.pulseaudio.package = pkgs.pulseaudioFull;

-  lass.browser.config = {
-    fy = { browser = "chromium";  groups = [ "audio" "video" ]; hidden = true; };
-    qt = { browser = "qutebrowser";  groups = [ "audio" "video" ]; hidden = true; };
-  };
-
  nix.trustedUsers = [ "root" "lass" ];

  # nix.extraOptions = ''
--- a/lass/1systems/coaxmetal/config.nix
+++ b/lass/1systems/coaxmetal/config.nix
@ -54,12 +54,6 @@
  };
  hardware.pulseaudio.package = pkgs.pulseaudioFull;

-  lass.browser.config = {
-    dc = { browser = "chromium";  groups = [ "audio" "video" ]; hidden = true; };
-    ff = { browser = "firefox";  groups = [ "audio" "video" ]; hidden = true; };
-    fy = { browser = "chromium";  groups = [ "audio" "video" ]; hidden = true; };
-  };
-
  nix.trustedUsers = [ "root" "lass" ];

  services.tor = {
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@ -1,12 +1,8 @@
 { config, lib, pkgs, ... }:
 {
-  lass.browser.config = {
-    cr = { groups = [ "audio" "video" ]; precedence = 9; };
-  };
-  programs.chromium = {
-    enable = true;
-    extensions = [
-      "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
-    ];
-  };
+  programs.firefox.nativeMessagingHosts.tridactyl = true;
+  environment.variables.BROWSER = "${pkgs.firefox}/bin/firefox";
+  environment.systemPackages = [
+    pkgs.firefox
+  ];
 }
--- a/lass/2configs/xdg-open.nix
+++ b/lass/2configs/xdg-open.nix
@ -1,12 +1,13 @@
 { config, pkgs, lib, ... }: with import <stockholm/lib>; let

  xdg-open-wrapper = pkgs.writeDashBin "xdg-open" ''
-    /run/wrappers/bin/sudo -u lass ${xdg-open} "$@"
+     exec ${xdg-open}/bin/xdg-open "$@" >> /tmp/xdg-debug.log 2>&1
  '';

-  xdg-open = pkgs.writeBash "xdg-open" ''
-    set -e
+  xdg-open = pkgs.writeBashBin "xdg-open" ''
+    set -xe
    FILE="$1"
+    PATH=/run/current-system/sw/bin
    mime=

    case "$FILE" in
@ -35,15 +36,13 @@

    case "$mime" in
      special/mailaddress)
-        urxvtc --execute vim "$FILE" ;;
-      ${optionalString (hasAttr "browser" config.lass) ''
+        alacritty --execute vim "$FILE" ;;
      text/html)
-        ${config.lass.browser.select}/bin/browser-select "$FILE" ;;
+        firefox "$FILE" ;;
      text/xml)
-        ${config.lass.browser.select}/bin/browser-select "$FILE" ;;
-      ''}
+        firefox "$FILE" ;;
      text/*)
-        urxvtc --execute vim "$FILE" ;;
+        alacritty --execute vim "$FILE" ;;
      image/*)
        sxiv "$FILE" ;;
      application/x-bittorrent)
@ -51,17 +50,18 @@
      application/pdf)
        zathura "$FILE" ;;
      inode/directory)
-        sudo -u lass -i urxvtc --execute mc "$FILE" ;;
+        alacritty --execute mc "$FILE" ;;
      *)
        # open dmenu and ask for program to open with
-        $(dmenu_path | dmenu) "$FILE";;
+        runner=$(print -rC1 -- ''${(ko)commands} | dmenu)
+        exec $runner "$FILE";;
    esac
  '';
 in {
  environment.systemPackages = [ xdg-open-wrapper ];

  security.sudo.extraConfig = ''
-    cr ALL=(lass) NOPASSWD: ${xdg-open} *
-    ff ALL=(lass) NOPASSWD: ${xdg-open} *
+    cr ALL=(lass) NOPASSWD: ${xdg-open}/bin/xdg-open *
+    ff ALL=(lass) NOPASSWD: ${xdg-open}/bin/xdg-open *
  '';
 }
--- a/lass/3modules/browsers.nix
+++ b/lass/3modules/browsers.nix
@ -1,94 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-let
-
-  cfg = config.lass.browser;
-
-  browserScripts = {
-    brave = "${pkgs.brave}/bin/brave";
-    chrome = "${pkgs.google-chrome}/bin/chrome";
-    chromium = "${pkgs.ungoogled-chromium}/bin/chromium";
-    firefox = "${pkgs.firefox.override {
-        extraNativeMessagingHosts = [ pkgs.tridactyl-native ];
-      }}/bin/firefox";
-    qutebrowser = "${pkgs.qutebrowser}/bin/qutebrowser";
-  };
-
-  browser-select = let
-    sortedPaths = sort (a: b: a.value.precedence > b.value.precedence)
-                       (filter (x: ! x.value.hidden)
-                       (mapAttrsToList (name: value: { inherit name value; })
-                                       cfg.config));
-  in if (lib.length sortedPaths) > 1 then
-    pkgs.writeScriptBin "browser-select" ''
-      BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu)
-      case $BROWSER in
-      ${concatMapStringsSep "\n" (n: ''
-        ${n.name})
-          export BIN=${config.lass.xjail-bins.${n.name}}/bin/${n.name}
-          ;;
-      '') (sortedPaths)}
-      esac
-      $BIN "$@"
-    ''
-  else
-    let
-      name = (lib.head sortedPaths).name;
-    in pkgs.writeScriptBin "browser-select" ''
-      ${config.lass.xjail-bins.${name}}/bin/${name} "$@"
-    ''
-  ;
-
-in {
-  options.lass.browser = {
-    select = mkOption {
-      type = types.path;
-    };
-    config = mkOption {
-      type = types.attrsOf (types.submodule ({ config, ... }: {
-        options = {
-          name = mkOption {
-            type = types.str;
-            default = config._module.args.name;
-          };
-          hidden = mkOption {
-            type = types.bool;
-            default = false;
-          };
-          precedence = mkOption {
-            type = types.int;
-            default = 0;
-          };
-          user = mkOption {
-            type = types.str;
-            default = config._module.args.name;
-          };
-          browser = mkOption {
-            type = types.enum (attrNames browserScripts);
-            default = "brave";
-          };
-          groups = mkOption {
-            type = types.listOf types.str;
-            default = [];
-          };
-        };
-      }));
-      default = {};
-    };
-  };
-
-  config = (mkIf (cfg.config != {}) {
-    lass.xjail = mapAttrs' (name: browser:
-      nameValuePair name {
-        script = browserScripts.${browser.browser};
-        groups = browser.groups;
-      }
-    ) cfg.config;
-    environment.systemPackages = (map (browser:
-      config.lass.xjail-bins.${browser.name}
-    ) (attrValues cfg.config))  ++ [
-      browser-select
-    ];
-    lass.browser.select = browser-select;
-  });
-}
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@ -12,8 +12,6 @@ _:
    ./pyload.nix
    ./screenlock.nix
    ./usershadow.nix
-    ./xjail.nix
    ./autowifi.nix
-    ./browsers.nix
  ];
 }
--- a/lass/3modules/xjail.nix
+++ b/lass/3modules/xjail.nix
@ -1,173 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-with import <stockholm/lib>;
-{
-  options.lass.xjail = mkOption {
-    type = types.attrsOf (types.submodule ({ config, ...}: {
-      options = {
-        name = mkOption {
-          type = types.str;
-          default = config._module.args.name;
-        };
-        user = mkOption {
-          type = types.str;
-          default = config.name;
-        };
-        groups = mkOption {
-          type = types.listOf types.str;
-          default = [];
-        };
-        from = mkOption {
-          type = types.str;
-          default = "lass";
-        };
-        display = mkOption {
-          type = types.str;
-          default = toString (genid_uint31 config._module.args.name);
-        };
-        dpi = mkOption {
-          type = types.int;
-          default = 90;
-        };
-        extraXephyrArgs = mkOption {
-          type = types.str;
-          default = "";
-        };
-        extraVglrunArgs = mkOption {
-          type = types.str;
-          default = "";
-        };
-        script = mkOption {
-          type = types.path;
-          default = pkgs.writeScript "echo_lol" "echo lol";
-        };
-        wm = mkOption {
-          #TODO find type
-          type = types.str;
-          defaultText = "‹script›";
-          default = "${pkgs.writeHaskellPackage "xephyrify-xmonad" {
-            executables.xmonad = {
-              extra-depends = [
-                "containers"
-                "unix"
-                "xmonad"
-              ];
-              text = /* haskell */ ''
-                module Main where
-                import XMonad
-                import Data.Monoid
-                import System.Posix.Process (executeFile)
-                import qualified Data.Map as Map
-
-                main :: IO ()
-                main = do
-                  xmonad def
-                    { workspaces = [ "1" ]
-                    , layoutHook = myLayoutHook
-                    , keys = myKeys
-                    , normalBorderColor  = "#000000"
-                    , focusedBorderColor = "#000000"
-                    , handleEventHook = myEventHook
-                    }
-
-                myEventHook :: Event -> X All
-
-                myEventHook (ConfigureEvent { ev_event_type = 22 }) = do
-                  spawn "${pkgs.xorg.xrandr}/bin/xrandr >/dev/null 2>&1"
-                  return (All True)
-
-                myEventHook _ = do
-                  return (All True)
-
-                myLayoutHook = Full
-                myKeys _ = Map.fromList []
-              '';
-            };
-          }}/bin/xmonad";
-        };
-      };
-    }));
-    default = {};
-  };
-
-  options.lass.xjail-bins = mkOption {
-    type = types.attrsOf types.path;
-  };
-
-  # implementation
-  config = let
-    scripts = mapAttrs' (name: cfg:
-      let
-        newOrExisting = pkgs.writeDash "${cfg.name}-existing" ''
-          DISPLAY=:${cfg.display} ${pkgs.xorg.xrandr}/bin/xrandr
-          if test $? -eq 0; then
-            echo using existing xephyr
-            ${sudo_} "$@"
-          else
-            echo starting new xephyr
-            ${xephyr_} "$@"
-          fi
-        '';
-        xephyr_ = pkgs.writeDash "${cfg.name}-xephyr" ''
-          ${pkgs.xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable -nolisten local -dpi ${toString cfg.dpi} ${cfg.extraXephyrArgs} :${cfg.display} &
-          XEPHYR_PID=$!
-          DISPLAY=:${cfg.display} ${cfg.wm} &
-          WM_PID=$!
-          ${sudo_} "$@"
-          ${pkgs.coreutils}/bin/kill $WM_PID
-          ${pkgs.coreutils}/bin/kill $XEPHYR_PID
-        '';
-        # TODO fix xephyr which doesn't honor resizes anymore
-        sudo_ = pkgs.writeDash "${cfg.name}-sudo" ''
-          #/var/run/wrappers/bin/sudo -u ${cfg.name} -i env DISPLAY=:${cfg.display} ${cfg.script} "$@"
-          ${pkgs.systemd}/bin/machinectl shell -E DISPLAY=:0 --uid=${cfg.name} .host ${cfg.script} "$@"
-        '';
-      in nameValuePair name {
-        existing = newOrExisting;
-        xephyr = xephyr_;
-        sudo = sudo_;
-      }
-    ) config.lass.xjail;
-  in {
-
-    users.users = mapAttrs' (_: cfg:
-      nameValuePair cfg.name {
-        uid = genid_uint31 cfg.name;
-        home = "/home/${cfg.name}";
-        useDefaultShell = true;
-        createHome = true;
-        extraGroups = cfg.groups;
-        isNormalUser = true;
-      }
-    ) config.lass.xjail;
-
-    users.groups = mapAttrs' (_: cfg:
-      nameValuePair cfg.name {
-        members = [
-          cfg.name
-          cfg.from
-        ];
-      }
-    ) config.lass.xjail;
-
-    security.polkit.extraConfig = (concatStringsSep "\n" (mapAttrsToList (_: cfg: ''
-    polkit.addRule(function(action, subject) {
-      if (
-        subject.user == "${cfg.from}" &&
-        action.id == "org.freedesktop.machine1.host-shell" &&
-        action.lookup("user") == "${cfg.user}" &&
-        action.lookup("program") == "${cfg.script}" &&
-        true
-      ) {
-        return polkit.Result.YES;
-      }
-    });
-    '') config.lass.xjail));
-
-    lass.xjail-bins = mapAttrs' (name: cfg:
-      nameValuePair name (pkgs.writeScriptBin cfg.name ''
-        ${scripts.${name}.sudo} "$@"
-      '')
-    ) config.lass.xjail;
-  };
-}