Skip to content

Make tools and firefox optional#121

Open
nlewo wants to merge 2 commits into
cloud-gouv:mainfrom
nlewo:optional-tools
Open

Make tools and firefox optional#121
nlewo wants to merge 2 commits into
cloud-gouv:mainfrom
nlewo:optional-tools

Conversation

@nlewo

@nlewo nlewo commented Apr 8, 2026

Copy link
Copy Markdown
Contributor

Dans certains cas, les utilisateurs souhaitent ne pas devoir embarquer la liste complete de logiciels inclus par Securix, pour des raisons de sécurité et de stockage.

Étant donné que ces logiciels sont ajoutés à la liste systemPackages, il n'est pas possible de les enlever, sans purger completement cette liste, qui est aussi utilisée par d'autres modules NixOS.

Les valeurs de ces options étant définies à true par défaut, il n'y a aucun breaking change.

Tom-Hubrecht
Tom-Hubrecht reviewed Apr 8, 2026
View reviewed changes
Comment thread modules/tools/default.nix Outdated
@nlewo nlewo force-pushed the optional-tools branch 3 times, most recently from 4aec158 to 4f72717 Compare April 8, 2026 15:13
@nlewo

nlewo commented Apr 10, 2026

Copy link
Copy Markdown
Contributor Author

L'échec de la CI ne semble pas relatif à ma MR car le test passe localement:

nix-build -A tests.anssi-minimal
/nix/store/wxkj89s8ankzfhkf3lb83rjpkmmawyhp-vm-test-run-anssi-minimal

nlewo added 2 commits April 16, 2026 08:36
@nlewo
Add option securix.tools.enable
6b124f3 
This is enable by default but this allows users to avoid adding all
these packages in their environement.

Since these packages are added to the systemPackages list, it was not
possible to remove all these packages without purging the whole list,
which can be filled by some others NixOS modules as well.
@nlewo
Add option securix.firefox.enable
a2b9f62 
Default to true.
rlahfa-dinum
rlahfa-dinum requested changes Apr 20, 2026
View reviewed changes

@rlahfa-dinum rlahfa-dinum left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would go further and remove all these tools, make firefox optional and move the tools into contrib/ directory as an example of tools you can install.

@nlewo

nlewo commented May 12, 2026

Copy link
Copy Markdown
Contributor Author

I would go further and remove all these tools, make firefox optional and move the tools into contrib/ directory as an example of tools you can install.

What about adding the option securix.self.user.packages? This would allow to add packages specifically for the user, instead of providing them system-wide.
This option could also provide an example, which would be easier to maintain than a file containing dead code in the contrib directory.

@Pamplemousse

Pamplemousse commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

Both ideas are nice, however, in the current state, users have no way to not get all the current packages...

Could we get this merged as a good "in between" that doesn't break compatibility, and work towards a more robust/elegant solution in a separate PR?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rlahfa-dinum rlahfa-dinum rlahfa-dinum requested changes

+1 more reviewer

@Tom-Hubrecht Tom-Hubrecht Tom-Hubrecht left review comments

Reviewers whose approvals may not affect merge requirements

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@nlewo @Pamplemousse @Tom-Hubrecht @rlahfa-dinum