Jump to content

Chromium: Difference between revisions

From Official NixOS Wiki
← Older edit
Ardenet (talk | contribs)
2,453 edits
VisualWikitext
imported>Pogobanane
mention new way to enable wayland
Ardenet (talk | contribs)
2,453 edits
Marked this version for translation
 
(28 intermediate revisions by 14 users not shown)
Line 1: Line 1:
'''Note''': Firefox requires the Google Hangouts Video plugin but Chromium (37+) doesn't require any plugin to use Google Hangouts.
<languages/>
<translate>
== Installation == <!--T:1-->


== Per User ==
=== NixOS === <!--T:2-->


It is possible to configure certain features in nixpkgs by creating <code>~/.nixpkgs/config.nix</code> and setting the options. See below for details on how to set the equivalent options for the system profile when running NixOS.
<!--T:3-->
Add <tvar name="chromium_package">{{nixos:package|chromium}}</tvar> to <tvar name="systemPackages">{{NixOS Manual|name=systemPackages|anchor=#sec-package-management}}</tvar>.


To install Firefox and Chromium for a user profile you need to create <code>~/.nixpkgs/config.nix</code> and add the following options:
== Updating browser policies == <!--T:4-->


~/.nixpkgs/config.nix:
<!--T:5-->
<syntaxhighlight lang="nix">
In Chromium, policy settings are accessible via <tvar name="chrome_policy_link">{{Ic|chrome://policy}}</tvar>. They allow the user to change enterprise policies affecting things like
{
    allowUnfree = true;


    firefox = {
<!--T:6-->
    enableGoogleTalkPlugin = true;
* Creating webapps when the browser is installed
    };
* Finding and downloading browser extensions automatically
* Enabling or disabling the dinosaur game when the device is offline
* Disable screenshots to be taken with browser extensions
* Block all downloads from the browser (if you want to do that for some reason)
* and more!


    chromium = {
<!--T:7-->
    enablePepperFlash = true; # Chromium's non-NSAPI alternative to Adobe Flash
A full list of policies can be found at [<tvar name=1>https://chromeenterprise.google/policies/</tvar> Chrome Enterprise Policy List & Management].
    };


}
=== Natively Supported Policies === <!--T:8-->
</syntaxhighlight>


After these options have been set you need to install the "Wrapper" versions of Firefox:
<!--T:9-->
By default NixOS provides a few policies that can be enabled directly, a simple example is given below to understand how these are implemented
</translate>


<syntaxhighlight lang="console">
<syntaxhighlight lang="nixos" line="1"> programs.chromium = {
$ nix-env -i firefox-with-plugins chromium
    enable = true;
</syntaxhighlight>
    homepageLocation = "https://www.startpage.com/";
    extensions = [
      "eimadpbcbfnmbkopoojfekhnkhdbieeh;https://clients2.google.com/service/update2/crx" # dark reader
      "aapbdbdomjkkjkaonfhkkikfgjllcleb;https://clients2.google.com/service/update2/crx" # google translate
    ];
    extraOpts = {
      "WebAppInstallForceList" = [
        {
          "custom_name" = "Youtube";
          "create_desktop_shortcut" = false;
          "default_launch_container" = "window";
          "url" = "https://youtube.com";
        }
      ];
    };
  };</syntaxhighlight>


If you are using a version that does not have a wrapper, you can write one (add to config.nix and install with `nix-env -iA nixpkgs.pkgs.firefox-bin-wrapper` or `nix-env -iA nixos.pkgs.firefox-bin-wrapper`):
<translate>
<syntaxhighlight lang="nix">
<!--T:10-->
  packageOverrides = pkgs: with pkgs; rec {
* <tvar name="homepageLocation">{{Ic|homepageLocation}}</tvar> option allows you to set the site that the homepage will open on
    # FF bin with plugins
* <tvar name="extensions">{{Ic|extensions}}</tvar> allows for the download of extensions directly in the browser through a simple list of the extension ID's that can be obtained from the [<tvar name="1">https://chromewebstore.google.com/</tvar> Chrome Web Store] by opening an extension page and copying the last part of the URL
    firefox-bin-wrapper = wrapFirefox { browser = firefox-bin; };
** In the example however there is another component, the download source from which the extensions will be downloaded
  };
** The URL provided in the list is the link that is used by google for managing, checking and updating extensions
</syntaxhighlight>
** So the method of just placing the extension ID can work like this: <tvar name="ext_id">{{Ic|"fnpbehpgglbfnpimkachnpnecjncndgm"}}</tvar>
** But just in case that method does not automatically function the second method is shown above, where you place <tvar name="symbol">{{Ic|;}}</tvar> and then the URL <tvar name="url">{{Ic|https //clients2.google.com/service/update2/crx}}</tvar> to explicitly tell NixOS where to install the extension from
* There are many more options that are natively supported and you can learn about them through <tvar name="command">{{Ic|man configuration.nix}}</tvar>
* But as shown above there is also an <tvar name="extraOpts">{{Ic|extraOpts}}</tvar> option and that is used for policies that are not supported for direct setup, such as the policy to install web-apps


== For NixOS ==
=== Non-natively Supported Policies === <!--T:11-->


In NixOS you can configure nixpkgs options by adding a nixpkgs.config section to /etc/nixos/configuration.nix. This has no effect on nix-env commands but does apply to packages installed via the environment.systemPackages list. The options are exactly the same as above.
<!--T:12-->
There are hundreds of policies in Chromium based browsers, and not all have direct methods to set them. The <tvar name="extraOpts">{{Ic|extraOpts}}</tvar> option allows for the declaration of all the other policies.


In order to install Firefox with support for plugins, you need to use the "Wrapper" version. For example, in /etc/nixos/configuration.nix environment.systemPackages this would be firefoxWrapper.
<!--T:13-->
There is no single place to find all Chromium policies, but these are some places to look;


To install Firefox and Chromium with Google Talk and Flash in your system profile you can add the following to your configuration.nix file.
<!--T:14-->
* Commonly used policies are present and documented within {{Ic|man configuration.nix}} under {{Ic|programs.chromium}}.
* You can navigate to <tvar name="chrome_policy_link">{{Ic|chrome://policy}}</tvar> and enable "Show policies with no value set" to see all available keys. Clicking a policy name opens its specific definition and usage details.
* The most up to date policies for Chromium are available in the [<tvar name="1">https://source.chromium.org/chromium/chromium/src/+/main:chrome/common/pref_names.h</tvar> source code.]


/etc/nixos/configuration.nix:
== Accelerated video playback == <!--T:15-->
<syntaxhighlight lang="nix">
...


nixpkgs.config = {
<!--T:16-->
Make sure [[<tvar name="1">Special:MyLanguage/Accelerated Video Playback</tvar>|Accelerated Video Playback]] is setup on the system properly. Check <tvar name="chrome_gpu_link">{{ic|chrome://gpu}}</tvar> to see if Chromium has enabled hardware acceleration.


    allowUnfree = true;
<!--T:17-->
If accelerated video playback is not working, check relevant flags at <tvar name="chrome_flags_link">{{ic|chrome://flags}}</tvar>, or enable them using the CLI:
</translate>


     firefox = {
{{file|/etc/nixos/configuration.nix|nix|<nowiki>
    enableGoogleTalkPlugin = true;
{
    enableAdobeFlash = true;
  environment.systemPackages = with pkgs; [
     };
     (chromium.override {
      commandLineArgs = [
        "--enable-features=AcceleratedVideoEncoder"
        "--ignore-gpu-blocklist"
        "--enable-zero-copy"
      ];
     })
  ];
}
</nowiki>}}


    chromium = {
<translate>
    enablePepperFlash = true; # Chromium removed support for Mozilla (NPAPI) plugins so Adobe Flash no longer works
<!--T:18-->
    };
In some cases, <tvar name="chrome_gpu_link">{{ic|chrome://gpu}}</tvar> will show Video Decode as enabled, but Video Acceleration Information as blank, with <tvar name="chrome_media_link">{{ic|chrome://media-internals}}</tvar> using the FFmpeg Video Decoder (software decoding). If this happens, try to enable the following features:
</translate>


   };
{{file|/etc/nixos/configuration.nix|nix|<nowiki>
{
   environment.systemPackages = with pkgs; [
    (chromium.override {
      commandLineArgs = [
        "--enable-features=AcceleratedVideoEncoder,VaapiOnNvidiaGPUs,VaapiIgnoreDriverChecks,Vulkan,DefaultANGLEVulkan,VulkanFromANGLE"
        "--enable-features=VaapiIgnoreDriverChecks,VaapiVideoDecoder,PlatformHEVCDecoderSupport"
        "--enable-features=UseMultiPlaneFormatForHardwareVideo"
        "--ignore-gpu-blocklist"
        "--enable-zero-copy"
      ];
    })
  ];
}
</nowiki>}}


environment.systemPackages = [ pkgs.firefoxWrapper pkgs.chromium ];
<translate>
...
== Enabling native Wayland support == <!--T:19-->
</syntaxhighlight>


then run <pre>nixos-rebuild switch</pre>
<!--T:20-->
You can enable native Wayland support in all Chromium based and most Electron apps by setting the `NIXOS_OZONE_WL` environment variable to `1`.


== Enable GPU accelerated video decoding (VA-API) ==  
== Enabling DRM (Widevine support) == <!--T:21-->


VA-API is enabled by default now in Chromium. Check chrome://gpu if it is working and if VA is detected. You may need to enable Hardware-accelerated video decode in chrome://flags.
<!--T:22-->
By default, <tvar name="chromium_package">{{nixos:package|chromium}}</tvar> does not support playing DRM protected media. However, there is a build time flag to include the proprietary Widevine blob from Nixpkgs:
</translate>


Make sure the required VA-API drivers are installed: [[Accelerated Video Playback]]
{{file|/etc/nixos/configuration.nix|nix|<nowiki>
{
  environment.systemPackages = with pkgs; [
    (chromium.override { enableWideVine = true; })
  ];
}
</nowiki>}}


Make sure your driver works by running: <code>nix-shell -p libva-utils --run vainfo</code>
<translate>
== KeePassXC support in Flatpak == <!--T:23-->


== Gnome Shell extensions ==
<!--T:24-->
To enable browser integration between KeePassXC and Chromium-based browsers when running in Flatpak, configure the following filesystem access:
</translate>


Gnome Shell extensions can be enabled with <code>enableGnomeExtensions = true</code>. It is a mozilla plugin, therefore it does not work currently with Chromium.
<syntaxhighlight lang="toml"># NativeMessagingHost directory (browser-specific)
# Brave Browser
xdg-config/BraveSoftware/Brave-Browser/NativeMessagingHosts:ro
# Chromium
xdg-config/chromium/NativeMessagingHosts:ro
# Google Chrome
xdg-config/google-chrome/NativeMessagingHosts:ro


== Enabling native Wayland support ==
# KeePassXC server socket and Nix store
xdg-run/app/org.keepassxc.KeePassXC/org.keepassxc.KeePassXC.BrowserServer
/nix/store:ro
</syntaxhighlight>


Since Nixos 22.05 you can turn on native wayland support in all chrome and most electron apps by setting an environment variable: <code>environment.sessionVariables.NIXOS_OZONE_WL = "1"</code> ([https://nixos.org/manual/nixos/unstable/release-notes.html#sec-release-22.05-notable-changes see notable changes])
<translate>
== Using libc memory allocator == <!--T:25-->


In earlier versions you can enable wayland support by setting the appropriate command-line flags:
<!--T:26-->
Chromium may not work when an alternative system-wide memory allocator like scudo is used. To use libc on Chromium, the following firejail wrap is required:
</translate>


<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">
nixpkgs.config.chromium.commandLineArgs = "--enable-features=UseOzonePlatform --ozone-platform=wayland";
programs.firejail = {
  enable = true;
  wrappedBinaries = {
    chromium = {
      executable = "${pkgs.chromium}/bin/chromium-browser";
      profile = "${pkgs.firejail}/etc/firejail/chromium-browser.profile";
      extraArgs = [
        "--blacklist=/etc/ld-nix.so.preload"
      ];
    };
  };
};
</syntaxhighlight>
</syntaxhighlight>


== Overriding Chromium ==
<translate>
== Add support for Brave Browser in Profile Sync daemon == <!--T:27-->
 
<!--T:28-->
Adding Brave Browser support to Profile Sync daemon can be automated with an overlay.
</translate>


Note: This section was never properly tested. Please update it accordingly if you notice issues with the examples and feel free to extend it.
<syntaxhighlight lang="nix">
# /etc/nixos/configuration.nix
{
  nixpkgs = {
    overlays = [
      (final: prev: {
        profile-sync-daemon = prev.profile-sync-daemon.overrideAttrs (oldAttrs: {
          installPhase =
            oldAttrs.installPhase
            + ''
              cp $out/share/psd/{contrib,browsers}/brave
            '';
        });
      })
    ];
  };


To create a customized Chromium the following approach can be used:
  # Enable the Profile Sync daemon service.
<pre>
  services.psd.enable = true;
chromium.mkDerivation (base: { name = "my-chromium"; gnFlags = { test_flag = 42; }; })
}
</pre>
</syntaxhighlight>


It should also be possible to override a Chromium attribute using <pre>chromium.browser.overrideAttrs ...</pre>.


[[Category:Configuration]]
[[Category:Applications]]
[[Category:Applications]]
[[Category:Web Browser{{#translation:}}]]

Latest revision as of 15:01, 14 June 2026

Other languages:

Installation

NixOS

Add chromium to systemPackages.

Updating browser policies

In Chromium, policy settings are accessible via chrome://policy. They allow the user to change enterprise policies affecting things like

  • Creating webapps when the browser is installed
  • Finding and downloading browser extensions automatically
  • Enabling or disabling the dinosaur game when the device is offline
  • Disable screenshots to be taken with browser extensions
  • Block all downloads from the browser (if you want to do that for some reason)
  • and more!

A full list of policies can be found at Chrome Enterprise Policy List & Management.

Natively Supported Policies

By default NixOS provides a few policies that can be enabled directly, a simple example is given below to understand how these are implemented 

  programs.chromium = {
    enable = true;
    homepageLocation = "https://www.startpage.com/";
    extensions = [
      "eimadpbcbfnmbkopoojfekhnkhdbieeh;https://clients2.google.com/service/update2/crx" # dark reader
      "aapbdbdomjkkjkaonfhkkikfgjllcleb;https://clients2.google.com/service/update2/crx" # google translate
    ];
    extraOpts = {
      "WebAppInstallForceList" = [
        {
          "custom_name" = "Youtube";
          "create_desktop_shortcut" = false;
          "default_launch_container" = "window";
          "url" = "https://youtube.com";
        }
      ];
    };
  };
  • homepageLocation option allows you to set the site that the homepage will open on
  • extensions allows for the download of extensions directly in the browser through a simple list of the extension ID's that can be obtained from the Chrome Web Store by opening an extension page and copying the last part of the URL
    • In the example however there is another component, the download source from which the extensions will be downloaded
    • The URL provided in the list is the link that is used by google for managing, checking and updating extensions
    • So the method of just placing the extension ID can work like this: "fnpbehpgglbfnpimkachnpnecjncndgm"
    • But just in case that method does not automatically function the second method is shown above, where you place ; and then the URL https //clients2.google.com/service/update2/crx to explicitly tell NixOS where to install the extension from
  • There are many more options that are natively supported and you can learn about them through man configuration.nix
  • But as shown above there is also an extraOpts option and that is used for policies that are not supported for direct setup, such as the policy to install web-apps

Non-natively Supported Policies

There are hundreds of policies in Chromium based browsers, and not all have direct methods to set them. The extraOpts option allows for the declaration of all the other policies.

There is no single place to find all Chromium policies, but these are some places to look;

  • Commonly used policies are present and documented within man configuration.nix under programs.chromium.
  • You can navigate to chrome://policy and enable "Show policies with no value set" to see all available keys. Clicking a policy name opens its specific definition and usage details.
  • The most up to date policies for Chromium are available in the source code.

Accelerated video playback

Make sure Accelerated Video Playback is setup on the system properly. Check chrome://gpu to see if Chromium has enabled hardware acceleration.

If accelerated video playback is not working, check relevant flags at chrome://flags, or enable them using the CLI:

❄︎ /etc/nixos/configuration.nix
{
  environment.systemPackages = with pkgs; [
    (chromium.override {
      commandLineArgs = [
        "--enable-features=AcceleratedVideoEncoder"
        "--ignore-gpu-blocklist"
        "--enable-zero-copy"
      ];
    })
  ];
}

In some cases, chrome://gpu will show Video Decode as enabled, but Video Acceleration Information as blank, with chrome://media-internals using the FFmpeg Video Decoder (software decoding). If this happens, try to enable the following features:

❄︎ /etc/nixos/configuration.nix
{
  environment.systemPackages = with pkgs; [
    (chromium.override {
      commandLineArgs = [
        "--enable-features=AcceleratedVideoEncoder,VaapiOnNvidiaGPUs,VaapiIgnoreDriverChecks,Vulkan,DefaultANGLEVulkan,VulkanFromANGLE"
        "--enable-features=VaapiIgnoreDriverChecks,VaapiVideoDecoder,PlatformHEVCDecoderSupport"
        "--enable-features=UseMultiPlaneFormatForHardwareVideo"
        "--ignore-gpu-blocklist"
        "--enable-zero-copy"
      ];
    })
  ];
}

Enabling native Wayland support

You can enable native Wayland support in all Chromium based and most Electron apps by setting the `NIXOS_OZONE_WL` environment variable to `1`.

Enabling DRM (Widevine support)

By default, chromium does not support playing DRM protected media. However, there is a build time flag to include the proprietary Widevine blob from Nixpkgs:

❄︎ /etc/nixos/configuration.nix
{
  environment.systemPackages = with pkgs; [
    (chromium.override { enableWideVine = true; })
  ];
}

KeePassXC support in Flatpak

To enable browser integration between KeePassXC and Chromium-based browsers when running in Flatpak, configure the following filesystem access: 

# NativeMessagingHost directory (browser-specific)
# Brave Browser
xdg-config/BraveSoftware/Brave-Browser/NativeMessagingHosts:ro
# Chromium
xdg-config/chromium/NativeMessagingHosts:ro
# Google Chrome
xdg-config/google-chrome/NativeMessagingHosts:ro

# KeePassXC server socket and Nix store
xdg-run/app/org.keepassxc.KeePassXC/org.keepassxc.KeePassXC.BrowserServer
/nix/store:ro

Using libc memory allocator

Chromium may not work when an alternative system-wide memory allocator like scudo is used. To use libc on Chromium, the following firejail wrap is required: 

programs.firejail = {
  enable = true;
  wrappedBinaries = {
    chromium = {
      executable = "${pkgs.chromium}/bin/chromium-browser";
      profile = "${pkgs.firejail}/etc/firejail/chromium-browser.profile";
      extraArgs = [
        "--blacklist=/etc/ld-nix.so.preload"
      ];
    };
  };
};

Add support for Brave Browser in Profile Sync daemon

Adding Brave Browser support to Profile Sync daemon can be automated with an overlay. 

# /etc/nixos/configuration.nix
{
  nixpkgs = {
    overlays = [
      (final: prev: {
        profile-sync-daemon = prev.profile-sync-daemon.overrideAttrs (oldAttrs: {
          installPhase =
            oldAttrs.installPhase
            + ''
              cp $out/share/psd/{contrib,browsers}/brave
            '';
        });
      })
    ];
  };

  # Enable the Profile Sync daemon service.
  services.psd.enable = true;
}
Retrieved from "https://wiki.nixos.org/w/index.php?title=Chromium&oldid=32650"