Glue to wrap flatpak
, as part of a mischievous scam, tricking xdg-desktop-portal
into letting us have decent declaratively managed containerization on NixOS.
I mean, it wasn't like upstream was gonna stop bikeshedding on stuff like this any time soon.
This package functions as a drop-in replacement for the original flatpak package. The module exposed in this flake automatically inserts this package as a replacement for the upstream pkgs.flatpak
in services.flatpak.package
. It may, in the future, do some kind of other configuration work for better UX.
nixpak
?pkgs.flatpak
file set, transparently updating it with a replacement for the binary, renaming the old binary to flatpak-raw
You can add it to your system flake inputs
like so:
nixpak-flatpak-wrapper = {
url = "github:crabdancing/nixpak-flatpak-wrapper";
# If you don't follow your own nixpkgs,
# you might be accidentally substituting `flatpak` with an older/newer version than in nixpkgs!
inputs.nixpkgs.follows = "nixpkgs";
};
Once you've added the nixosModules.default
to your system modules, configuration can happen like so:
services.flatpak.enable = true;
programs.nixpak-flatpak-wrapper = {
enable = true;
settings = {
enable_logging = true,
perms = [
{
app_id = "org.chromium.Chromium";
bind.rw = [
"~/Downloads"
];
}
{
app_id = "org.mozilla.firefox";
bind.rw = [
"~/Downloads"
];
}
];
};
};
Config is stored at /etc/nixpak-flatpak-wrapper.toml
The schema is as such:
[[perms]]
app_id = "org.chromium.Chromium"
bind.rw = [
"~/Downloads"
]
bind.ro = []
[[perms]]
app_id = "org.mozilla.firefox"
bind.rw = [
"~/Downloads"
]
bind.ro = []
It records what happens in ~/.local/share/nixpak-flatpak-wrapper/nixpak-flatpak-wrapper.log
for ease of debugging. This is because a drop-in wrapper/replacement should not print warning/error messages the original app would not have, in case it breaks someone's parsing.