From 24bb6df7642ba7dfefb5a8bccead847885bd50e8 Mon Sep 17 00:00:00 2001 From: Christoph Cullmann Date: Mon, 31 Mar 2025 23:55:28 +0200 Subject: [PATCH] use sandboxed flatpak for browsers --- share/common.nix | 6 ++++++ share/flatpak.nix | 44 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+) create mode 100644 share/flatpak.nix diff --git a/share/common.nix b/share/common.nix index 4664ff1..e418a3f 100644 --- a/share/common.nix +++ b/share/common.nix @@ -20,6 +20,9 @@ in # our users "/data/nixos/share/users.nix" + + # flatpak configuration + "/data/nixos/share/flatpak.nix" ]; # install release @@ -220,6 +223,9 @@ in # NetworkManager connections "/etc/NetworkManager" "/var/lib/NetworkManager" + + # flatpak storage + "/var/lib/flatpak" ]; }; diff --git a/share/flatpak.nix b/share/flatpak.nix new file mode 100644 index 0000000..1af67bc --- /dev/null +++ b/share/flatpak.nix @@ -0,0 +1,44 @@ +# based on https://www.reddit.com/r/NixOS/comments/1hzgxns/fully_declarative_flatpak_management_on_nixos/ +{ config, pkgs, ... }: +let + # all wanted flatpak packages + desiredFlatpaks = [ + "com.vivaldi.Vivaldi" + "io.github.ungoogled_software.ungoogled_chromium" + "org.mozilla.firefox" + ]; +in { + # enable flatpak + services.flatpak.enable = true; + + # update stuff on rebuild and boot + system.activationScripts.flatpakManagement = { + text = '' + # ensure the Flathub repo is added + ${pkgs.flatpak}/bin/flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo + + # get currently installed Flatpaks + installedFlatpaks=$(${pkgs.flatpak}/bin/flatpak list --app --columns=application) + + # remove any Flatpaks that are NOT in the desired list + for installed in $installedFlatpaks; do + if ! echo ${toString desiredFlatpaks} | ${pkgs.gnugrep}/bin/grep -q $installed; then + echo "Removing $installed because it's not in the desiredFlatpaks list." + ${pkgs.flatpak}/bin/flatpak uninstall -y --noninteractive $installed + fi + done + + # install or re-install the Flatpaks you DO want + for app in ${toString desiredFlatpaks}; do + echo "Ensuring $app is installed." + ${pkgs.flatpak}/bin/flatpak install -y flathub $app + done + + # remove unused Flatpaks + ${pkgs.flatpak}/bin/flatpak uninstall --unused -y + + # update all installed Flatpaks + ${pkgs.flatpak}/bin/flatpak update -y + ''; + }; +}