firefox: init

author: Minijackson <minijackson@riseup.net> 2021-06-15 17:36:43 +0200
committer: Minijackson <minijackson@riseup.net> 2021-06-15 17:36:43 +0200
commit: 9eef958cd0df0c2d87910d70e1e8344dff988070 (patch)
tree: e104b24e79c2bb5203342b5a0fd9f24a1d6ce8b7
parent: 27d5fed11dca4b42b629921f1c14ca8bff16143b (diff)
download: nixos-config-reborn-9eef958cd0df0c2d87910d70e1e8344dff988070.tar.gz
nixos-config-reborn-9eef958cd0df0c2d87910d70e1e8344dff988070.zip
5 files changed, 291 insertions, 2 deletions
diff --git a/common/default.nix b/common/default.nix
index 2d3b33c..c2caaaf 100644
--- a/common/default.nix
+++ b/common/default.nix
@@ -18,5 +18,6 @@ inputs:
    (final: prev: {
      unstable = inputs.nixpkgs-unstable.legacyPackages.${config.nixpkgs.system};
    })
+    inputs.nur.overlay
  ];
 }
diff --git a/flake.lock b/flake.lock
index 1f5c90d..b84717b 100644
--- a/flake.lock
+++ b/flake.lock
@@ -106,13 +106,29 @@
        "type": "github"
      }
    },
+    "nur": {
+      "locked": {
+        "lastModified": 1623766295,
+        "narHash": "sha256-vhUc/wQPsNrGz6nTRX6JhW/HMICQxtb+tSazduOoF9o=",
+        "owner": "nix-community",
+        "repo": "NUR",
+        "rev": "14e2122b8b1a82c149b93a97fcbb7a68bdd052ba",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "NUR",
+        "type": "github"
+      }
+    },
    "root": {
      "inputs": {
        "flake-utils": "flake-utils",
        "home-manager": "home-manager",
        "neovim-master": "neovim-master",
        "nixpkgs": "nixpkgs",
-        "nixpkgs-unstable": "nixpkgs-unstable"
+        "nixpkgs-unstable": "nixpkgs-unstable",
+        "nur": "nur"
      }
    }
  },
diff --git a/flake.nix b/flake.nix
index 704883d..f05befc 100644
--- a/flake.nix
+++ b/flake.nix
@@ -12,6 +12,7 @@
    url = "github:neovim/neovim?dir=contrib";
    inputs.nixpkgs.follows = "nixpkgs-unstable";
  };
+  inputs.nur.url = "github:nix-community/NUR";
  outputs = inputs @ { self, nixpkgs, home-manager, ... }: {
@@ -135,7 +136,7 @@
              (modulesPath + "/virtualisation/qemu-vm.nix")
            ];
-            virtualisation.memorySize = 1024;
+            virtualisation.memorySize = 2048;
            virtualisation.qemu.options = [ "-vga none -device virtio-gpu-pci" ];
          })
        ];
diff --git a/usecases/desktop/graphical.nix b/usecases/desktop/graphical.nix
index 0483024..258f603 100644
--- a/usecases/desktop/graphical.nix
+++ b/usecases/desktop/graphical.nix
@@ -5,6 +5,7 @@ inputs:
 {
  imports = [
    (import ./graphical/alacritty.nix inputs)
+    (import ./graphical/firefox.nix inputs)
    (import ./graphical/mpv.nix inputs)
    (import ./graphical/rofi.nix inputs)
    (import ./graphical/sway.nix inputs)
diff --git a/usecases/desktop/graphical/firefox.nix b/usecases/desktop/graphical/firefox.nix
new file mode 100644
index 0000000..3539963
--- /dev/null
+++ b/usecases/desktop/graphical/firefox.nix
@@ -0,0 +1,270 @@
+inputs:
+{ config, lib, pkgs, ... }:
+{
+  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+    "betterttv"
+  ];
+  home-manager.users.minijackson = { ... }:
+    {
+      programs.firefox = {
+        enable = true;
+        package = pkgs.firefox-wayland;
+        extensions = with pkgs.nur.repos.rycee.firefox-addons; [
+          # Security
+          https-everywhere
+          # Privacy
+          canvasblocker
+          clearurls
+          decentraleyes
+          google-search-link-fix
+          privacy-badger
+          ublock-origin
+          umatrix
+          # Additional features
+          betterttv
+          sidebery
+          stylus
+          #firenvim
+          # Annoyances
+          buster-captcha-solver
+          terms-of-service-didnt-read
+          unpaywall
+          bypass-paywalls
+          sponsorblock
+          # Missing
+          # Dark Website Forcer
+          # uBO-Scope
+          # Conex?
+          # Flagfox
+          # Privacy Settings
+          # Rust Search Extension
+          # French dictionary
+        ];
+        profiles.home-manager-default = {
+          id = 0;
+          isDefault = true;
+          settings = {
+            # == Performance ==
+            "gfx.webrender.all" = true;
+            "gfx.webrender.compositor" = true;
+            "gfx.webrender.enabled" = true;
+            "layers.acceleration.force-enabled" = true;
+            "media.ffmpeg.vaapi.enabled" = true;
+            # Newtab page
+            "browser.aboutHomeSnippets.updateUrl" = "";
+            "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false;
+            "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false;
+            "browser.newtabpage.activity-stream.default.sites" = "";
+            "browser.newtabpage.activity-stream.discoverystream.config" = "{}";
+            "browser.newtabpage.activity-stream.discoverystream.enabled" = false;
+            "browser.newtabpage.activity-stream.discoverystream.endpoints" = "";
+            "browser.newtabpage.activity-stream.feeds.section.highlights" = false;
+            "browser.newtabpage.activity-stream.feeds.section.topstories" = false;
+            "browser.newtabpage.activity-stream.feeds.section.topstories.options" = "{}";
+            "browser.newtabpage.activity-stream.feeds.sections" = false;
+            "browser.newtabpage.activity-stream.feeds.snippets" = false;
+            "browser.newtabpage.activity-stream.feeds.system.systemtick" = false;
+            "browser.newtabpage.activity-stream.feeds.system.telemetry" = false;
+            "browser.newtabpage.activity-stream.feeds.system.topsites" = false;
+            "browser.newtabpage.activity-stream.feeds.topsites" = false;
+            "browser.newtabpage.activity-stream.feeds.system.topstories" = false;
+            "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false;
+            "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false;
+            "browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
+            "browser.newtabpage.activity-stream.section.highlights.includeVisited" = false;
+            "browser.newtabpage.activity-stream.showSearch" = false;
+            "services.sync.prefs.sync.browser.newtabpage.activity-stream.feeds.snippets" = false;
+            # == Behavior ==
+            "browser.bookmarks.showMobileBookmarks" = true;
+            # Don't try to guess TLDs, I'm using custom ones
+            "browser.fixup.alternate.enabled" = false;
+            "browser.fixup.domainsuffixwhitelist.vpn" = true;
+            "browser.ctrlTab.recentlyUsedOrder" = false;
+            "browser.startup.page" = 3; # Restore previous session
+            #"browser.startup.homepage" = "file://${homepage}";
+            "browser.tabs.warnOnClose" = false;
+            "reader.color_scheme" = "dark";
+            # Syncing
+            "services.sync.engine.addons" = false;
+            "services.sync.engine.addresses" = false;
+            "services.sync.engine.creditcards" = false;
+            "services.sync.engine.prefs" = false;
+            # Enable loading of userChrome
+            "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
+            # == Security ==
+            "security.pki.sha1_enforcement_level" = 1; # Completely forbid it
+            "security.ssl.treat_unsafe_negotiation_as_broken" = true;
+            "network.security.esni.enabled" = true;
+            # == General web privacy ==
+            "beacon.enabled" = false;
+            "browser.send_pings" = false;
+            "browser.search.countryCode" = "US";
+            "browser.search.region" = "US";
+            "browser.search.geoip.url" = "";
+            "browser.search.geoSpecificDefaults" = false;
+            "camera.control.face_detection.enabled" = false;
+            "device.sensors.enabled" = false;
+            "dom.archivereader.enabled" = false;
+            "dom.battery.enabled" = false;
+            "dom.event.clipboardevents.enabled" = false;
+            "dom.event.contextmenu.enabled" = false;
+            "dom.gamepad.enabled" = false;
+            "dom.maxHardwareConcurrency" = 2;
+            "dom.netinfo.enabled" = false;
+            "dom.network.enabled" = false;
+            "dom.telephony.enabled" = false;
+            "dom.vr.enabled" = false;
+            "dom.vibrator.enabled" = false;
+            # User-Agent already spoofed by 'resistFingerprinting'
+            # Apparently doesn't work
+            /*
+              "general.appversion.override" = "5.0 (Windows)";
+              "general.platform.override" = "Win32";
+              "general.oscpu.override" = "Windows NT 6.1";
+            */
+            "geo.enabled" = false;
+            "geo.wifi.uri" = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
+            "geo.wifi.logging.enabled" = false;
+            "intl.accept_languages" = "en-US, en";
+            "intl.locale.matchOS" = false;
+            "javascript.use_us_english_locale" = true;
+            # Don't leak private IP address with WebRTC
+            "media.peerconnection.ice.default_address_only" = true;
+            "media.peerconnection.ice.no_host" = true;
+            "media.webspeech.recognition.enable" = false;
+            "network.cookie.cookieBehavior" = 1; # Only cookies from the originating server are allowed.
+            "network.cookie.thirdparty.sessionOnly" = true; # If we decide to enable them temporarily
+            "network.dns.disablePrefetch" = true;
+            "network.dns.disablePrefetchFromHTTPS" = true;
+            "network.http.referer.XOriginPolicy" = 2; # Send a referrer only on same-origin
+            "network.http.speculative-parallel-limit" = 0;
+            "network.IDN_show_punycode" = true;
+            "network.manage-offline-status" = false;
+            "network.predictor.enabled" = false;
+            "network.prefetch-next" = false;
+            "privacy.donottrackheader.enabled" = true;
+            "privacy.resistFingerprinting" = true;
+            "privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts" = false;
+            "privacy.trackingprotection.enabled" = true;
+            "privacy.trackingprotection.pbmode.enabled" = true;
+            # Enable containers
+            "privacy.userContext.enabled" = true;
+            "security.fileuri.strict_origin_policy" = true;
+            "security.mixed_content.block_active_content" = true;
+            "security.mixed_content.block_display_content" = true;
+            "webgl.min_capability_mode" = true;
+            "webgl.disable-extensions" = true;
+            "webgl.disable-fail-if-major-performance-caveat" = true;
+            "webgl.enable-debug-renderer-info" = false;
+            # == Telemetry :( ==
+            "app.normandy.enabled" = false;
+            "app.normandy.api_url" = "";
+            "app.shield.optoutstudies.enabled" = true;
+            "datareporting.healthreport.uploadEnabled" = false;
+            "datareporting.healthreport.service.enabled" = false;
+            "datareporting.policy.dataSubmissionEnabled" = false;
+            "extensions.shield-recipe-client.enabled" = false;
+            "extensions.pocket.enabled" = false;
+            "loop.logDomains" = false;
+            "toolkit.telemetry.archive.enabled" = false;
+            "toolkit.telemetry.enabled" = false;
+            "toolkit.telemetry.unified" = false;
+            # == Other Firefox privacy weirdness ==
+            # Crash reporting
+            "breakpad.reportURL" = "";
+            "browser.casting.enabled" = false;
+            "browser.crashReports.unsubmittedCheck.enabled" = false;
+            "browser.discovery.enabled" = false; # Firefox add-on recommendations
+            "browser.formfill.enable" = false;
+            "browser.search.update" = false;
+            "browser.pagethumbnails.capturing_disabled" = true;
+            "browser.tabs.crashReporting.sendReport" = false;
+            "browser.uitour.enabled" = true;
+            "browser.urlbar.filter.javascript" = true;
+            "browser.urlbar.suggest.searches" = false;
+            "browser.urlbar.trimURLs" = false;
+            # Discovery of LAN/proximity IoT devices that expose a Web interface
+            "dom.flyweb.enabled" = false;
+            "experiments.supported" = false;
+            "experiments.enabled" = false;
+            "experiments.manifest.uri" = false;
+            "network.allow-experiments" = false;
+            "network.captive-portal-service.enabled" = false;
+            "plugin.state.flash" = 0;
+            "plugin.state.java" = 0;
+            "signon.rememberSignons" = false;
+          };
+          # Hide tab bar
+          userChrome = ''
+            #main-window[tabsintitlebar="true"]:not([extradragspace="true"]) #TabsToolbar {
+              opacity: 0;
+              pointer-events: none;
+            }
+            #main-window:not([tabsintitlebar="true"]) #TabsToolbar {
+                visibility: collapse !important;
+            }
+          '';
+        };
+      };
+    };
+}
author	Minijackson <minijackson@riseup.net>	2021-06-15 17:36:43 +0200
committer	Minijackson <minijackson@riseup.net>	2021-06-15 17:36:43 +0200
commit	9eef958cd0df0c2d87910d70e1e8344dff988070 (patch)
tree	e104b24e79c2bb5203342b5a0fd9f24a1d6ce8b7
parent	27d5fed11dca4b42b629921f1c14ca8bff16143b (diff)
download	nixos-config-reborn-9eef958cd0df0c2d87910d70e1e8344dff988070.tar.gz nixos-config-reborn-9eef958cd0df0c2d87910d70e1e8344dff988070.zip

diff --git a/common/default.nix b/common/default.nix index 2d3b33c..c2caaaf 100644 --- a/common/default.nix +++ b/common/default.nix
@@ -18,5 +18,6 @@ inputs:
18	(final: prev: {	18	(final: prev: {
19	unstable = inputs.nixpkgs-unstable.legacyPackages.${config.nixpkgs.system};	19	unstable = inputs.nixpkgs-unstable.legacyPackages.${config.nixpkgs.system};
20	})	20	})
		21	inputs.nur.overlay
21	];	22	];
22	}	23	}


diff --git a/flake.lock b/flake.lock index 1f5c90d..b84717b 100644 --- a/flake.lock +++ b/flake.lock
@@ -106,13 +106,29 @@
106	"type": "github"	106	"type": "github"
107	}	107	}
108	},	108	},
		109	"nur": {
		110	"locked": {
		111	"lastModified": 1623766295,
		112	"narHash": "sha256-vhUc/wQPsNrGz6nTRX6JhW/HMICQxtb+tSazduOoF9o=",
		113	"owner": "nix-community",
		114	"repo": "NUR",
		115	"rev": "14e2122b8b1a82c149b93a97fcbb7a68bdd052ba",
		116	"type": "github"
		117	},
		118	"original": {
		119	"owner": "nix-community",
		120	"repo": "NUR",
		121	"type": "github"
		122	}
		123	},
109	"root": {	124	"root": {
110	"inputs": {	125	"inputs": {
111	"flake-utils": "flake-utils",	126	"flake-utils": "flake-utils",
112	"home-manager": "home-manager",	127	"home-manager": "home-manager",
113	"neovim-master": "neovim-master",	128	"neovim-master": "neovim-master",
114	"nixpkgs": "nixpkgs",	129	"nixpkgs": "nixpkgs",
115	"nixpkgs-unstable": "nixpkgs-unstable"	130	"nixpkgs-unstable": "nixpkgs-unstable",
		131	"nur": "nur"
116	}	132	}
117	}	133	}
118	},	134	},


diff --git a/flake.nix b/flake.nix index 704883d..f05befc 100644 --- a/flake.nix +++ b/flake.nix
@@ -12,6 +12,7 @@
12	url = "github:neovim/neovim?dir=contrib";	12	url = "github:neovim/neovim?dir=contrib";
13	inputs.nixpkgs.follows = "nixpkgs-unstable";	13	inputs.nixpkgs.follows = "nixpkgs-unstable";
14	};	14	};
		15	inputs.nur.url = "github:nix-community/NUR";
15		16
16	outputs = inputs @ { self, nixpkgs, home-manager, ... }: {	17	outputs = inputs @ { self, nixpkgs, home-manager, ... }: {
17		18
@@ -135,7 +136,7 @@
135	(modulesPath + "/virtualisation/qemu-vm.nix")	136	(modulesPath + "/virtualisation/qemu-vm.nix")
136	];	137	];
137		138
138	virtualisation.memorySize = 1024;	139	virtualisation.memorySize = 2048;
139	virtualisation.qemu.options = [ "-vga none -device virtio-gpu-pci" ];	140	virtualisation.qemu.options = [ "-vga none -device virtio-gpu-pci" ];
140	})	141	})
141	];	142	];


diff --git a/usecases/desktop/graphical.nix b/usecases/desktop/graphical.nix index 0483024..258f603 100644 --- a/usecases/desktop/graphical.nix +++ b/usecases/desktop/graphical.nix
@@ -5,6 +5,7 @@ inputs:
5	{	5	{
6	imports = [	6	imports = [
7	(import ./graphical/alacritty.nix inputs)	7	(import ./graphical/alacritty.nix inputs)
		8	(import ./graphical/firefox.nix inputs)
8	(import ./graphical/mpv.nix inputs)	9	(import ./graphical/mpv.nix inputs)
9	(import ./graphical/rofi.nix inputs)	10	(import ./graphical/rofi.nix inputs)
10	(import ./graphical/sway.nix inputs)	11	(import ./graphical/sway.nix inputs)


diff --git a/usecases/desktop/graphical/firefox.nix b/usecases/desktop/graphical/firefox.nix new file mode 100644 index 0000000..3539963 --- /dev/null +++ b/usecases/desktop/graphical/firefox.nix
@@ -0,0 +1,270 @@
		1	inputs:
		2
		3	{ config, lib, pkgs, ... }:
		4
		5	{
		6	nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
		7	"betterttv"
		8	];
		9
		10	home-manager.users.minijackson = { ... }:
		11	{
		12	programs.firefox = {
		13	enable = true;
		14	package = pkgs.firefox-wayland;
		15
		16	extensions = with pkgs.nur.repos.rycee.firefox-addons; [
		17	# Security
		18	https-everywhere
		19
		20	# Privacy
		21	canvasblocker
		22	clearurls
		23	decentraleyes
		24	google-search-link-fix
		25	privacy-badger
		26	ublock-origin
		27	umatrix
		28
		29	# Additional features
		30	betterttv
		31	sidebery
		32	stylus
		33	#firenvim
		34
		35	# Annoyances
		36	buster-captcha-solver
		37	terms-of-service-didnt-read
		38	unpaywall
		39	bypass-paywalls
		40	sponsorblock
		41
		42	# Missing
		43
		44	# Dark Website Forcer
		45	# uBO-Scope
		46	# Conex?
		47	# Flagfox
		48	# Privacy Settings
		49	# Rust Search Extension
		50	# French dictionary
		51	];
		52
		53	profiles.home-manager-default = {
		54	id = 0;
		55	isDefault = true;
		56
		57	settings = {
		58	# == Performance ==
		59
		60	"gfx.webrender.all" = true;
		61	"gfx.webrender.compositor" = true;
		62	"gfx.webrender.enabled" = true;
		63	"layers.acceleration.force-enabled" = true;
		64	"media.ffmpeg.vaapi.enabled" = true;
		65
		66	# Newtab page
		67	"browser.aboutHomeSnippets.updateUrl" = "";
		68	"browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false;
		69	"browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false;
		70	"browser.newtabpage.activity-stream.default.sites" = "";
		71	"browser.newtabpage.activity-stream.discoverystream.config" = "{}";
		72	"browser.newtabpage.activity-stream.discoverystream.enabled" = false;
		73	"browser.newtabpage.activity-stream.discoverystream.endpoints" = "";
		74	"browser.newtabpage.activity-stream.feeds.section.highlights" = false;
		75	"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
		76	"browser.newtabpage.activity-stream.feeds.section.topstories.options" = "{}";
		77	"browser.newtabpage.activity-stream.feeds.sections" = false;
		78	"browser.newtabpage.activity-stream.feeds.snippets" = false;
		79	"browser.newtabpage.activity-stream.feeds.system.systemtick" = false;
		80	"browser.newtabpage.activity-stream.feeds.system.telemetry" = false;
		81	"browser.newtabpage.activity-stream.feeds.system.topsites" = false;
		82	"browser.newtabpage.activity-stream.feeds.topsites" = false;
		83	"browser.newtabpage.activity-stream.feeds.system.topstories" = false;
		84	"browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false;
		85	"browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false;
		86	"browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
		87	"browser.newtabpage.activity-stream.section.highlights.includeVisited" = false;
		88	"browser.newtabpage.activity-stream.showSearch" = false;
		89	"services.sync.prefs.sync.browser.newtabpage.activity-stream.feeds.snippets" = false;
		90
		91	# == Behavior ==
		92
		93	"browser.bookmarks.showMobileBookmarks" = true;
		94	# Don't try to guess TLDs, I'm using custom ones
		95	"browser.fixup.alternate.enabled" = false;
		96	"browser.fixup.domainsuffixwhitelist.vpn" = true;
		97	"browser.ctrlTab.recentlyUsedOrder" = false;
		98	"browser.startup.page" = 3; # Restore previous session
		99	#"browser.startup.homepage" = "file://${homepage}";
		100	"browser.tabs.warnOnClose" = false;
		101
		102	"reader.color_scheme" = "dark";
		103
		104	# Syncing
		105	"services.sync.engine.addons" = false;
		106	"services.sync.engine.addresses" = false;
		107	"services.sync.engine.creditcards" = false;
		108	"services.sync.engine.prefs" = false;
		109
		110	# Enable loading of userChrome
		111	"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
		112
		113	# == Security ==
		114
		115	"security.pki.sha1_enforcement_level" = 1; # Completely forbid it
		116	"security.ssl.treat_unsafe_negotiation_as_broken" = true;
		117	"network.security.esni.enabled" = true;
		118
		119	# == General web privacy ==
		120
		121	"beacon.enabled" = false;
		122
		123	"browser.send_pings" = false;
		124
		125	"browser.search.countryCode" = "US";
		126	"browser.search.region" = "US";
		127	"browser.search.geoip.url" = "";
		128	"browser.search.geoSpecificDefaults" = false;
		129
		130	"camera.control.face_detection.enabled" = false;
		131
		132	"device.sensors.enabled" = false;
		133
		134	"dom.archivereader.enabled" = false;
		135	"dom.battery.enabled" = false;
		136	"dom.event.clipboardevents.enabled" = false;
		137	"dom.event.contextmenu.enabled" = false;
		138	"dom.gamepad.enabled" = false;
		139	"dom.maxHardwareConcurrency" = 2;
		140	"dom.netinfo.enabled" = false;
		141	"dom.network.enabled" = false;
		142	"dom.telephony.enabled" = false;
		143	"dom.vr.enabled" = false;
		144	"dom.vibrator.enabled" = false;
		145
		146	# User-Agent already spoofed by 'resistFingerprinting'
		147	# Apparently doesn't work
		148	/*
		149	"general.appversion.override" = "5.0 (Windows)";
		150	"general.platform.override" = "Win32";
		151	"general.oscpu.override" = "Windows NT 6.1";
		152	*/
		153
		154	"geo.enabled" = false;
		155	"geo.wifi.uri" = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
		156	"geo.wifi.logging.enabled" = false;
		157
		158	"intl.accept_languages" = "en-US, en";
		159	"intl.locale.matchOS" = false;
		160
		161	"javascript.use_us_english_locale" = true;
		162
		163	# Don't leak private IP address with WebRTC
		164	"media.peerconnection.ice.default_address_only" = true;
		165	"media.peerconnection.ice.no_host" = true;
		166
		167	"media.webspeech.recognition.enable" = false;
		168
		169	"network.cookie.cookieBehavior" = 1; # Only cookies from the originating server are allowed.
		170	"network.cookie.thirdparty.sessionOnly" = true; # If we decide to enable them temporarily
		171
		172	"network.dns.disablePrefetch" = true;
		173	"network.dns.disablePrefetchFromHTTPS" = true;
		174
		175	"network.http.referer.XOriginPolicy" = 2; # Send a referrer only on same-origin
		176
		177	"network.http.speculative-parallel-limit" = 0;
		178
		179	"network.IDN_show_punycode" = true;
		180
		181	"network.manage-offline-status" = false;
		182
		183	"network.predictor.enabled" = false;
		184	"network.prefetch-next" = false;
		185
		186	"privacy.donottrackheader.enabled" = true;
		187	"privacy.resistFingerprinting" = true;
		188	"privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts" = false;
		189	"privacy.trackingprotection.enabled" = true;
		190	"privacy.trackingprotection.pbmode.enabled" = true;
		191	# Enable containers
		192	"privacy.userContext.enabled" = true;
		193
		194	"security.fileuri.strict_origin_policy" = true;
		195	"security.mixed_content.block_active_content" = true;
		196	"security.mixed_content.block_display_content" = true;
		197
		198	"webgl.min_capability_mode" = true;
		199	"webgl.disable-extensions" = true;
		200	"webgl.disable-fail-if-major-performance-caveat" = true;
		201	"webgl.enable-debug-renderer-info" = false;
		202
		203	# == Telemetry :( ==
		204
		205	"app.normandy.enabled" = false;
		206	"app.normandy.api_url" = "";
		207	"app.shield.optoutstudies.enabled" = true;
		208
		209	"datareporting.healthreport.uploadEnabled" = false;
		210	"datareporting.healthreport.service.enabled" = false;
		211	"datareporting.policy.dataSubmissionEnabled" = false;
		212
		213	"extensions.shield-recipe-client.enabled" = false;
		214	"extensions.pocket.enabled" = false;
		215
		216	"loop.logDomains" = false;
		217
		218	"toolkit.telemetry.archive.enabled" = false;
		219	"toolkit.telemetry.enabled" = false;
		220	"toolkit.telemetry.unified" = false;
		221
		222	# == Other Firefox privacy weirdness ==
		223
		224	# Crash reporting
		225	"breakpad.reportURL" = "";
		226
		227	"browser.casting.enabled" = false;
		228	"browser.crashReports.unsubmittedCheck.enabled" = false;
		229	"browser.discovery.enabled" = false; # Firefox add-on recommendations
		230	"browser.formfill.enable" = false;
		231	"browser.search.update" = false;
		232	"browser.pagethumbnails.capturing_disabled" = true;
		233	"browser.tabs.crashReporting.sendReport" = false;
		234	"browser.uitour.enabled" = true;
		235	"browser.urlbar.filter.javascript" = true;
		236	"browser.urlbar.suggest.searches" = false;
		237	"browser.urlbar.trimURLs" = false;
		238
		239	# Discovery of LAN/proximity IoT devices that expose a Web interface
		240	"dom.flyweb.enabled" = false;
		241
		242	"experiments.supported" = false;
		243	"experiments.enabled" = false;
		244	"experiments.manifest.uri" = false;
		245
		246	"network.allow-experiments" = false;
		247	"network.captive-portal-service.enabled" = false;
		248
		249	"plugin.state.flash" = 0;
		250	"plugin.state.java" = 0;
		251
		252	"signon.rememberSignons" = false;
		253	};
		254
		255	# Hide tab bar
		256	userChrome = ''
		257	#main-window[tabsintitlebar="true"]:not([extradragspace="true"]) #TabsToolbar {
		258	opacity: 0;
		259	pointer-events: none;
		260	}
		261
		262	#main-window:not([tabsintitlebar="true"]) #TabsToolbar {
		263	visibility: collapse !important;
		264	}
		265	'';
		266
		267	};
		268	};
		269	};
		270	}