Build with neoidiosyn flake

This commit is contained in:
Mikael 2024-11-16 17:03:21 +01:00
parent deb6dc6a26
commit 02e2cf7d79
Signed by: mikael
SSH key fingerprint: SHA256:21QyD2Meiot7jOUVitIR5YkGB/XuXdCvLW1hE6dsri0
3 changed files with 189 additions and 48 deletions

View file

@ -1,5 +1,99 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "lf-",
"repo": "flakey-profile",
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github"
},
"original": {
"owner": "lf-",
"repo": "flakey-profile",
"type": "github"
}
},
"lix": {
"flake": false,
"locked": {
"lastModified": 1732112222,
"narHash": "sha256-H7GN4++a4vE49SUNojZx+FSk4mmpb2ifJUtJMJHProI=",
"rev": "66f6dbda32959dd5cf3a9aaba15af72d037ab7ff",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/66f6dbda32959dd5cf3a9aaba15af72d037ab7ff.tar.gz?rev=66f6dbda32959dd5cf3a9aaba15af72d037ab7ff"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz"
}
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils",
"flakey-profile": "flakey-profile",
"lix": [
"neoidiosyn",
"lix"
],
"nixpkgs": [
"neoidiosyn",
"nixpkgs"
]
},
"locked": {
"lastModified": 1731967274,
"narHash": "sha256-n6dPGRlMGdL8X5gviA6ZuRfUdbdD5KiNN/BpABA5YT0=",
"rev": "aa2846680fa9a2032939d720487942567fd9eb63",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/aa2846680fa9a2032939d720487942567fd9eb63.tar.gz?rev=aa2846680fa9a2032939d720487942567fd9eb63"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz"
}
},
"neoidiosyn": {
"inputs": {
"lix": "lix",
"lix-module": "lix-module",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1732362734,
"narHash": "sha256-/iNEdAGmBtO8QjnJ/VkpxM5CX0VuMfNLT9h8/ong54s=",
"ref": "refs/heads/main",
"rev": "b6e75c88bb2ba9e0d5f171f674d2bf0c40da00f4",
"revCount": 1,
"type": "git",
"url": "https://woof.rip/mikael/neoidiosyn.git"
},
"original": {
"type": "git",
"url": "https://woof.rip/mikael/neoidiosyn.git"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1731531548,
@ -18,8 +112,24 @@
},
"root": {
"inputs": {
"neoidiosyn": "neoidiosyn",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",

View file

@ -3,6 +3,10 @@
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
neoidiosyn = {
url = "git+https://woof.rip/mikael/neoidiosyn.git";
inputs.nixpkgs.follows = "nixpkgs";
};
};
nixConfig = {
@ -11,12 +15,10 @@
extra-trusted-public-keys = [ "cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg=" ];
};
outputs = { self, nixpkgs, ... }: let
outputs = { self, nixpkgs, neoidiosyn, ... }: let
inherit (nixpkgs) lib;
in {
packages = lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: let
pkgs = nixpkgs.legacyPackages.${system}.pkgsMusl;
mimalloc = pkgs.mimalloc.override { secureBuild = true; };
packages = lib.mapAttrs (system: pkgs: let
extraWrapper = prevAttrs: {
buildCommand = prevAttrs.buildCommand + ''
sed -i \
@ -26,28 +28,46 @@
"$out/bin/${prevAttrs.meta.mainProgram}"
'';
};
wrapFirefox = pkgs.wrapFirefox.override {
ffmpeg = pkgs.ffmpeg.override {
ffmpegVariant = "headless";
withAlsa = false;
withAom = false;
withCodec2 = true;
withDrm = false;
withGnutls = false;
withSsh = false;
withV4l2 = false;
withNetwork = false;
withBin = false;
withLib = true;
withDocumentation = false;
withStripping = true;
};
};
in {
default = self.packages.${system}.firefox;
firefox = (pkgs.wrapFirefox self.packages.${system}.firefox-unwrapped {
extraPoliciesFiles = [ ./policy.nix ];
extraPoliciesFiles =
import ./policy.nix { inherit lib; firefox = true; }
|> pkgs.writers.writeJSON "policy.json"
|> lib.singleton;
}).overrideAttrs extraWrapper;
firefox-unwrapped = ((pkgs.buildMozillaMach {
pname = "firefox";
inherit (pkgs.firefox-beta-unwrapped)
src version meta tests;
extraConfigureFlags = [
"--enable-default-toolkit=cairo-gtk3-wayland-only"
];
extraBuildInputs = [ mimalloc ];
}).overrideAttrs (prevAttrs: {
env = prevAttrs.env or { } // {
LDFLAGS = lib.toList prevAttrs.env.LDFLAGS or [ ] ++ [ "-lmimalloc" ] |> toString;
};
})).override {
extraConfigureFlags = [ "--enable-default-toolkit=cairo-gtk3-wayland-only" ];
}).overrideAttrs {
autoVarInit = "zero";
boundsCheck = true;
}).override {
alsaSupport = false;
ffmpegSupport = true;
gssSupport = false;
@ -64,12 +84,19 @@
googleAPISupport = false;
};
thunderbird = (pkgs.wrapThunderbird self.packages.${system}.thunderbird-unwrapped { }).overrideAttrs extraWrapper;
thunderbird = (pkgs.wrapThunderbird self.packages.${system}.thunderbird-unwrapped {
extraPoliciesFiles =
import ./policy.nix { inherit lib; thunderbird = true; }
|> pkgs.writers.writeJSON "policy.json"
|> lib.singleton;
}).overrideAttrs extraWrapper;
thunderbird-unwrapped = (pkgs.thunderbird-latest-unwrapped.overrideAttrs (prevAttrs: {
configureFlags = prevAttrs.configureFlags or [ ] ++ [
"--enable-default-toolkit=cairo-gtk3-wayland-only"
];
autoVarInit = "zero";
boundsCheck = true;
configureFlags = prevAttrs.configureFlags or [ ]
++ [ "--enable-default-toolkit=cairo-gtk3-wayland-only" ];
})).override {
alsaSupport = false;
ffmpegSupport = false;
@ -86,9 +113,9 @@
privacySupport = true;
drmSupport = false;
};
});
}) neoidiosyn.legacyPackages;
hydraJobs = self.packages |> lib.foldlAttrs (jobs: system: packages: lib.recursiveUpdate jobs
(lib.mapAttrs (name: package: { ${system} = package; }) packages)) { };
(lib.mapAttrs (name: package: { ${system} = lib.hydraJob package; }) packages)) { };
};
}

View file

@ -1,4 +1,6 @@
{
{ lib, firefox ? false, thunderbird ? false }: let
inherit (lib) optionals optionalAttrs;
in assert (lib.xor firefox thunderbird); {
CaptivePortal = false;
Cookies = {
@ -23,29 +25,27 @@
EncryptedMediaExtensions.Enabled = true;
ExtensionSettings = [
{
"@testpilot-containers" = {
installation_mode = "normal_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/multi-account-containers/latest.xpi";
};
"uBlock0@raymondhill.net" = {
installation_mode = "normal_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
};
ExtensionSettings = {
"uBlock0@raymondhill.net" = {
installation_mode = "normal_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
};
} // optionalAttrs firefox {
"@testpilot-containers" = {
installation_mode = "normal_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/multi-account-containers/latest.xpi";
};
"gdpr@cavi.au.dk" = {
installation_mode = "normal_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/consent-o-matic/latest.xpi";
}
"gdpr@cavi.au.dk" = {
installation_mode = "normal_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/consent-o-matic/latest.xpi";
}
"jid1-BoFifL9Vbdl2zQ@jetpack" = {
installation_mode = "normal_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/decentraleyes/latest.xpi";
};
}
];
"jid1-BoFifL9Vbdl2zQ@jetpack" = {
installation_mode = "normal_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/decentraleyes/latest.xpi";
};
};
FirefoxHome = {
SponsoredTopSites = false;
@ -84,16 +84,16 @@
Value = value;
};
in {
# date and time formats
"intl.date_time.pattern_override.date_short" = default "yyyy-MM-dd";
"intl.date_time.pattern_override.time_short" = default "HH:mm";
# cache
"browser.cache.memory.enable" = default true;
"browser.cache.memory.capacity" = default 262144;
"browser.cache.disk.enable" = default true;
"browser.cache.disk.capacity" = default 16777216;
# hardware acceleration
"gfx.webrender.all" = default true;
"media.ffmpeg.vaapi.enabled" = default true;
# disable WebGL by default
"webgl.disabled" = default true;
@ -136,6 +136,10 @@
# enable ECN
"network.http.http3.ecn" = default true;
} // optionalAttrs firefox {
# hardware acceleration
"gfx.webrender.all" = default true;
"media.ffmpeg.vaapi.enabled" = default true;
};
PromptForDownloadLocation = true;