add tor-browser overlay

very broken right now probably
2025-01-25 14:51:54 +01:00 · 2025-01-25 14:51:54 +01:00 · e5391139a3
commit e5391139a3
parent a3fb727454
1 changed files with 54 additions and 0 deletions
--- a/overlays/nixpak/tor-browser.nix
+++ b/overlays/nixpak/tor-browser.nix
@ -0,0 +1,54 @@
+# Refer to firefox.nix in the same directory for more information and a 
+# better version of this. This is barebones on purpose.
+
+{ ... }: final: prev: {
+  tor-browser = let
+    sandboxed-tor-browser = prev.mkNixPak {
+      config = { sloth, ... }: {
+        app.package = prev.tor-browser;
+        app.binPath = "bin/tor-browser";
+        flatpak.appId = "org.torproject.tor-browser";
+
+        dbus.policies = {
+          "org.a11y.Bus" = "talk";
+          "org.gnome.SessionManager" = "talk";
+          "org.freedesktop.ScreenSaver" = "talk";
+          "org.gtk.vfs.*" = "talk";
+          "org.gtk.vfs" = "talk";
+          "org.freedesktop.Notifications" = "talk";
+          "org.freedesktop.portal.FileChooser" = "talk";
+          "org.freedesktop.portal.Settings" = "talk";
+          "org.torproject.tor-browser.*" = "own";
+          "org.freedesktop.DBus" = "talk";
+          "org.freedesktop.DBus.*" = "talk";
+          "org.freedesktop.portal.*" = "talk";
+          "org.freedesktop.NetworkManager" = "talk";
+          "org.freedesktop.FileManager1" = "talk";
+        };
+
+        gpu.enable = true;
+        gpu.provider = "bundle";
+
+        bubblewrap = {
+          bind.dev = [ "/dev/shm" ];
+
+          bind.rw = [
+            [(sloth.mkdir (sloth.concat' sloth.xdgConfigHome "/tor-browser")) (sloth.concat' sloth.homeDir "/.tor project")]
+          ];
+
+          bind.ro = [
+            "/sys/bus/pci"
+            ["${prev.tor-browser}/lib/firefox" "/app/etc/firefox"]
+          ];
+
+          sockets = {
+            x11 = false;
+            wayland = true;
+            pipewire = true;
+          };
+        };
+      };
+    };
+  in
+    sandboxed-tor-browser.config.env;
+}