be more strict with file systems

2025-04-01 21:00:54 +02:00 · 2025-04-01 21:00:54 +02:00 · 390704ef84
commit 390704ef84
parent 60e298be6b
1 changed files with 19 additions and 12 deletions
--- a/share/flatpak.nix
+++ b/share/flatpak.nix
@ -1,13 +1,23 @@
 # based on https://www.reddit.com/r/NixOS/comments/1hzgxns/fully_declarative_flatpak_management_on_nixos/
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 let
  # all wanted flatpak packages
-  desiredFlatpaks = [
-    "com.vivaldi.Vivaldi"
-    "io.github.ungoogled_software.ungoogled_chromium"
-    "org.mozilla.firefox"
-    "org.signal.Signal"
-  ];
+  desiredFlatpaks = {
+    "com.valvesoftware.Steam" = "--nofilesystem=home --nofilesystem=xdg-pictures --nofilesystem=xdg-music";
+    "com.vivaldi.Vivaldi" = "--nofilesystem=home --nofilesystem=xdg-pictures --nofilesystem=xdg-music";
+    "io.github.ungoogled_software.ungoogled_chromium" = "--nofilesystem=home --nofilesystem=xdg-pictures --nofilesystem=xdg-music";
+    "org.mozilla.firefox" = "--nofilesystem=home --nofilesystem=xdg-pictures --nofilesystem=xdg-music";
+    "org.signal.Signal" = "--nofilesystem=home --nofilesystem=xdg-pictures --nofilesystem=xdg-music";
+  };
+
+  # install helper, will set filesystem overrides
+  install = lib.lists.foldl( str: app:
+      str + pkgs.flatpak + "/bin/flatpak install -y flathub " + app + ";\n"
+          + pkgs.flatpak + "/bin/flatpak override --reset;\n"
+          + pkgs.flatpak + "/bin/flatpak override --reset " + app + ";\n"
+          + pkgs.flatpak + "/bin/flatpak override " + (lib.attrsets.getAttrFromPath [ app ] desiredFlatpaks) + " " + app + ";\n"
+          + pkgs.flatpak + "/bin/flatpak override --show " + app + ";\n"
+  ) "\n";
 in {
  # enable flatpak
  services.flatpak.enable = true;
@ -23,17 +33,14 @@ in {

      # remove any Flatpaks that are NOT in the desired list
      for installed in $installedFlatpaks; do
-        if ! echo ${toString desiredFlatpaks} | ${pkgs.gnugrep}/bin/grep -q $installed; then
+        if ! echo ${toString (builtins.attrNames desiredFlatpaks)} | ${pkgs.gnugrep}/bin/grep -q $installed; then
          echo "Removing $installed because it's not in the desiredFlatpaks list."
          ${pkgs.flatpak}/bin/flatpak uninstall -y --noninteractive $installed
        fi
      done

      # install or re-install the Flatpaks you DO want
-      for app in ${toString desiredFlatpaks}; do
-        echo "Ensuring $app is installed."
-        ${pkgs.flatpak}/bin/flatpak install -y flathub $app
-      done
+      ${install (builtins.attrNames desiredFlatpaks)}

      # remove unused Flatpaks
      ${pkgs.flatpak}/bin/flatpak uninstall --unused -y