firefox: init

author: Minijackson <minijackson@riseup.net> 2021-06-15 17:36:43 +0200
committer: Minijackson <minijackson@riseup.net> 2021-06-15 17:36:43 +0200
commit: 9eef958cd0df0c2d87910d70e1e8344dff988070 (patch)
tree: e104b24e79c2bb5203342b5a0fd9f24a1d6ce8b7 /usecases/desktop/graphical/firefox.nix
parent: 27d5fed11dca4b42b629921f1c14ca8bff16143b (diff)
download: nixos-config-reborn-9eef958cd0df0c2d87910d70e1e8344dff988070.tar.gz
nixos-config-reborn-9eef958cd0df0c2d87910d70e1e8344dff988070.zip
1 files changed, 270 insertions, 0 deletions
diff --git a/usecases/desktop/graphical/firefox.nix b/usecases/desktop/graphical/firefox.nix
new file mode 100644
index 0000000..3539963
--- /dev/null
+++ b/usecases/desktop/graphical/firefox.nix
@@ -0,0 +1,270 @@
+inputs:
+{ config, lib, pkgs, ... }:
+{
+  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+    "betterttv"
+  ];
+  home-manager.users.minijackson = { ... }:
+    {
+      programs.firefox = {
+        enable = true;
+        package = pkgs.firefox-wayland;
+        extensions = with pkgs.nur.repos.rycee.firefox-addons; [
+          # Security
+          https-everywhere
+          # Privacy
+          canvasblocker
+          clearurls
+          decentraleyes
+          google-search-link-fix
+          privacy-badger
+          ublock-origin
+          umatrix
+          # Additional features
+          betterttv
+          sidebery
+          stylus
+          #firenvim
+          # Annoyances
+          buster-captcha-solver
+          terms-of-service-didnt-read
+          unpaywall
+          bypass-paywalls
+          sponsorblock
+          # Missing
+          # Dark Website Forcer
+          # uBO-Scope
+          # Conex?
+          # Flagfox
+          # Privacy Settings
+          # Rust Search Extension
+          # French dictionary
+        ];
+        profiles.home-manager-default = {
+          id = 0;
+          isDefault = true;
+          settings = {
+            # == Performance ==
+            "gfx.webrender.all" = true;
+            "gfx.webrender.compositor" = true;
+            "gfx.webrender.enabled" = true;
+            "layers.acceleration.force-enabled" = true;
+            "media.ffmpeg.vaapi.enabled" = true;
+            # Newtab page
+            "browser.aboutHomeSnippets.updateUrl" = "";
+            "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false;
+            "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false;
+            "browser.newtabpage.activity-stream.default.sites" = "";
+            "browser.newtabpage.activity-stream.discoverystream.config" = "{}";
+            "browser.newtabpage.activity-stream.discoverystream.enabled" = false;
+            "browser.newtabpage.activity-stream.discoverystream.endpoints" = "";
+            "browser.newtabpage.activity-stream.feeds.section.highlights" = false;
+            "browser.newtabpage.activity-stream.feeds.section.topstories" = false;
+            "browser.newtabpage.activity-stream.feeds.section.topstories.options" = "{}";
+            "browser.newtabpage.activity-stream.feeds.sections" = false;
+            "browser.newtabpage.activity-stream.feeds.snippets" = false;
+            "browser.newtabpage.activity-stream.feeds.system.systemtick" = false;
+            "browser.newtabpage.activity-stream.feeds.system.telemetry" = false;
+            "browser.newtabpage.activity-stream.feeds.system.topsites" = false;
+            "browser.newtabpage.activity-stream.feeds.topsites" = false;
+            "browser.newtabpage.activity-stream.feeds.system.topstories" = false;
+            "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false;
+            "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false;
+            "browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
+            "browser.newtabpage.activity-stream.section.highlights.includeVisited" = false;
+            "browser.newtabpage.activity-stream.showSearch" = false;
+            "services.sync.prefs.sync.browser.newtabpage.activity-stream.feeds.snippets" = false;
+            # == Behavior ==
+            "browser.bookmarks.showMobileBookmarks" = true;
+            # Don't try to guess TLDs, I'm using custom ones
+            "browser.fixup.alternate.enabled" = false;
+            "browser.fixup.domainsuffixwhitelist.vpn" = true;
+            "browser.ctrlTab.recentlyUsedOrder" = false;
+            "browser.startup.page" = 3; # Restore previous session
+            #"browser.startup.homepage" = "file://${homepage}";
+            "browser.tabs.warnOnClose" = false;
+            "reader.color_scheme" = "dark";
+            # Syncing
+            "services.sync.engine.addons" = false;
+            "services.sync.engine.addresses" = false;
+            "services.sync.engine.creditcards" = false;
+            "services.sync.engine.prefs" = false;
+            # Enable loading of userChrome
+            "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
+            # == Security ==
+            "security.pki.sha1_enforcement_level" = 1; # Completely forbid it
+            "security.ssl.treat_unsafe_negotiation_as_broken" = true;
+            "network.security.esni.enabled" = true;
+            # == General web privacy ==
+            "beacon.enabled" = false;
+            "browser.send_pings" = false;
+            "browser.search.countryCode" = "US";
+            "browser.search.region" = "US";
+            "browser.search.geoip.url" = "";
+            "browser.search.geoSpecificDefaults" = false;
+            "camera.control.face_detection.enabled" = false;
+            "device.sensors.enabled" = false;
+            "dom.archivereader.enabled" = false;
+            "dom.battery.enabled" = false;
+            "dom.event.clipboardevents.enabled" = false;
+            "dom.event.contextmenu.enabled" = false;
+            "dom.gamepad.enabled" = false;
+            "dom.maxHardwareConcurrency" = 2;
+            "dom.netinfo.enabled" = false;
+            "dom.network.enabled" = false;
+            "dom.telephony.enabled" = false;
+            "dom.vr.enabled" = false;
+            "dom.vibrator.enabled" = false;
+            # User-Agent already spoofed by 'resistFingerprinting'
+            # Apparently doesn't work
+            /*
+              "general.appversion.override" = "5.0 (Windows)";
+              "general.platform.override" = "Win32";
+              "general.oscpu.override" = "Windows NT 6.1";
+            */
+            "geo.enabled" = false;
+            "geo.wifi.uri" = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
+            "geo.wifi.logging.enabled" = false;
+            "intl.accept_languages" = "en-US, en";
+            "intl.locale.matchOS" = false;
+            "javascript.use_us_english_locale" = true;
+            # Don't leak private IP address with WebRTC
+            "media.peerconnection.ice.default_address_only" = true;
+            "media.peerconnection.ice.no_host" = true;
+            "media.webspeech.recognition.enable" = false;
+            "network.cookie.cookieBehavior" = 1; # Only cookies from the originating server are allowed.
+            "network.cookie.thirdparty.sessionOnly" = true; # If we decide to enable them temporarily
+            "network.dns.disablePrefetch" = true;
+            "network.dns.disablePrefetchFromHTTPS" = true;
+            "network.http.referer.XOriginPolicy" = 2; # Send a referrer only on same-origin
+            "network.http.speculative-parallel-limit" = 0;
+            "network.IDN_show_punycode" = true;
+            "network.manage-offline-status" = false;
+            "network.predictor.enabled" = false;
+            "network.prefetch-next" = false;
+            "privacy.donottrackheader.enabled" = true;
+            "privacy.resistFingerprinting" = true;
+            "privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts" = false;
+            "privacy.trackingprotection.enabled" = true;
+            "privacy.trackingprotection.pbmode.enabled" = true;
+            # Enable containers
+            "privacy.userContext.enabled" = true;
+            "security.fileuri.strict_origin_policy" = true;
+            "security.mixed_content.block_active_content" = true;
+            "security.mixed_content.block_display_content" = true;
+            "webgl.min_capability_mode" = true;
+            "webgl.disable-extensions" = true;
+            "webgl.disable-fail-if-major-performance-caveat" = true;
+            "webgl.enable-debug-renderer-info" = false;
+            # == Telemetry :( ==
+            "app.normandy.enabled" = false;
+            "app.normandy.api_url" = "";
+            "app.shield.optoutstudies.enabled" = true;
+            "datareporting.healthreport.uploadEnabled" = false;
+            "datareporting.healthreport.service.enabled" = false;
+            "datareporting.policy.dataSubmissionEnabled" = false;
+            "extensions.shield-recipe-client.enabled" = false;
+            "extensions.pocket.enabled" = false;
+            "loop.logDomains" = false;
+            "toolkit.telemetry.archive.enabled" = false;
+            "toolkit.telemetry.enabled" = false;
+            "toolkit.telemetry.unified" = false;
+            # == Other Firefox privacy weirdness ==
+            # Crash reporting
+            "breakpad.reportURL" = "";
+            "browser.casting.enabled" = false;
+            "browser.crashReports.unsubmittedCheck.enabled" = false;
+            "browser.discovery.enabled" = false; # Firefox add-on recommendations
+            "browser.formfill.enable" = false;
+            "browser.search.update" = false;
+            "browser.pagethumbnails.capturing_disabled" = true;
+            "browser.tabs.crashReporting.sendReport" = false;
+            "browser.uitour.enabled" = true;
+            "browser.urlbar.filter.javascript" = true;
+            "browser.urlbar.suggest.searches" = false;
+            "browser.urlbar.trimURLs" = false;
+            # Discovery of LAN/proximity IoT devices that expose a Web interface
+            "dom.flyweb.enabled" = false;
+            "experiments.supported" = false;
+            "experiments.enabled" = false;
+            "experiments.manifest.uri" = false;
+            "network.allow-experiments" = false;
+            "network.captive-portal-service.enabled" = false;
+            "plugin.state.flash" = 0;
+            "plugin.state.java" = 0;
+            "signon.rememberSignons" = false;
+          };
+          # Hide tab bar
+          userChrome = ''
+            #main-window[tabsintitlebar="true"]:not([extradragspace="true"]) #TabsToolbar {
+              opacity: 0;
+              pointer-events: none;
+            }
+            #main-window:not([tabsintitlebar="true"]) #TabsToolbar {
+                visibility: collapse !important;
+            }
+          '';
+        };
+      };
+    };
+}
author	Minijackson <minijackson@riseup.net>	2021-06-15 17:36:43 +0200
committer	Minijackson <minijackson@riseup.net>	2021-06-15 17:36:43 +0200
commit	9eef958cd0df0c2d87910d70e1e8344dff988070 (patch)
tree	e104b24e79c2bb5203342b5a0fd9f24a1d6ce8b7 /usecases/desktop/graphical/firefox.nix
parent	27d5fed11dca4b42b629921f1c14ca8bff16143b (diff)
download	nixos-config-reborn-9eef958cd0df0c2d87910d70e1e8344dff988070.tar.gz nixos-config-reborn-9eef958cd0df0c2d87910d70e1e8344dff988070.zip

diff --git a/usecases/desktop/graphical/firefox.nix b/usecases/desktop/graphical/firefox.nix new file mode 100644 index 0000000..3539963 --- /dev/null +++ b/usecases/desktop/graphical/firefox.nix
@@ -0,0 +1,270 @@
	1	inputs:
	2
	3	{ config, lib, pkgs, ... }:
	4
	5	{
	6	nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
	7	"betterttv"
	8	];
	9
	10	home-manager.users.minijackson = { ... }:
	11	{
	12	programs.firefox = {
	13	enable = true;
	14	package = pkgs.firefox-wayland;
	15
	16	extensions = with pkgs.nur.repos.rycee.firefox-addons; [
	17	# Security
	18	https-everywhere
	19
	20	# Privacy
	21	canvasblocker
	22	clearurls
	23	decentraleyes
	24	google-search-link-fix
	25	privacy-badger
	26	ublock-origin
	27	umatrix
	28
	29	# Additional features
	30	betterttv
	31	sidebery
	32	stylus
	33	#firenvim
	34
	35	# Annoyances
	36	buster-captcha-solver
	37	terms-of-service-didnt-read
	38	unpaywall
	39	bypass-paywalls
	40	sponsorblock
	41
	42	# Missing
	43
	44	# Dark Website Forcer
	45	# uBO-Scope
	46	# Conex?
	47	# Flagfox
	48	# Privacy Settings
	49	# Rust Search Extension
	50	# French dictionary
	51	];
	52
	53	profiles.home-manager-default = {
	54	id = 0;
	55	isDefault = true;
	56
	57	settings = {
	58	# == Performance ==
	59
	60	"gfx.webrender.all" = true;
	61	"gfx.webrender.compositor" = true;
	62	"gfx.webrender.enabled" = true;
	63	"layers.acceleration.force-enabled" = true;
	64	"media.ffmpeg.vaapi.enabled" = true;
	65
	66	# Newtab page
	67	"browser.aboutHomeSnippets.updateUrl" = "";
	68	"browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false;
	69	"browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false;
	70	"browser.newtabpage.activity-stream.default.sites" = "";
	71	"browser.newtabpage.activity-stream.discoverystream.config" = "{}";
	72	"browser.newtabpage.activity-stream.discoverystream.enabled" = false;
	73	"browser.newtabpage.activity-stream.discoverystream.endpoints" = "";
	74	"browser.newtabpage.activity-stream.feeds.section.highlights" = false;
	75	"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
	76	"browser.newtabpage.activity-stream.feeds.section.topstories.options" = "{}";
	77	"browser.newtabpage.activity-stream.feeds.sections" = false;
	78	"browser.newtabpage.activity-stream.feeds.snippets" = false;
	79	"browser.newtabpage.activity-stream.feeds.system.systemtick" = false;
	80	"browser.newtabpage.activity-stream.feeds.system.telemetry" = false;
	81	"browser.newtabpage.activity-stream.feeds.system.topsites" = false;
	82	"browser.newtabpage.activity-stream.feeds.topsites" = false;
	83	"browser.newtabpage.activity-stream.feeds.system.topstories" = false;
	84	"browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false;
	85	"browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false;
	86	"browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
	87	"browser.newtabpage.activity-stream.section.highlights.includeVisited" = false;
	88	"browser.newtabpage.activity-stream.showSearch" = false;
	89	"services.sync.prefs.sync.browser.newtabpage.activity-stream.feeds.snippets" = false;
	90
	91	# == Behavior ==
	92
	93	"browser.bookmarks.showMobileBookmarks" = true;
	94	# Don't try to guess TLDs, I'm using custom ones
	95	"browser.fixup.alternate.enabled" = false;
	96	"browser.fixup.domainsuffixwhitelist.vpn" = true;
	97	"browser.ctrlTab.recentlyUsedOrder" = false;
	98	"browser.startup.page" = 3; # Restore previous session
	99	#"browser.startup.homepage" = "file://${homepage}";
	100	"browser.tabs.warnOnClose" = false;
	101
	102	"reader.color_scheme" = "dark";
	103
	104	# Syncing
	105	"services.sync.engine.addons" = false;
	106	"services.sync.engine.addresses" = false;
	107	"services.sync.engine.creditcards" = false;
	108	"services.sync.engine.prefs" = false;
	109
	110	# Enable loading of userChrome
	111	"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
	112
	113	# == Security ==
	114
	115	"security.pki.sha1_enforcement_level" = 1; # Completely forbid it
	116	"security.ssl.treat_unsafe_negotiation_as_broken" = true;
	117	"network.security.esni.enabled" = true;
	118
	119	# == General web privacy ==
	120
	121	"beacon.enabled" = false;
	122
	123	"browser.send_pings" = false;
	124
	125	"browser.search.countryCode" = "US";
	126	"browser.search.region" = "US";
	127	"browser.search.geoip.url" = "";
	128	"browser.search.geoSpecificDefaults" = false;
	129
	130	"camera.control.face_detection.enabled" = false;
	131
	132	"device.sensors.enabled" = false;
	133
	134	"dom.archivereader.enabled" = false;
	135	"dom.battery.enabled" = false;
	136	"dom.event.clipboardevents.enabled" = false;
	137	"dom.event.contextmenu.enabled" = false;
	138	"dom.gamepad.enabled" = false;
	139	"dom.maxHardwareConcurrency" = 2;
	140	"dom.netinfo.enabled" = false;
	141	"dom.network.enabled" = false;
	142	"dom.telephony.enabled" = false;
	143	"dom.vr.enabled" = false;
	144	"dom.vibrator.enabled" = false;
	145
	146	# User-Agent already spoofed by 'resistFingerprinting'
	147	# Apparently doesn't work
	148	/*
	149	"general.appversion.override" = "5.0 (Windows)";
	150	"general.platform.override" = "Win32";
	151	"general.oscpu.override" = "Windows NT 6.1";
	152	*/
	153
	154	"geo.enabled" = false;
	155	"geo.wifi.uri" = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
	156	"geo.wifi.logging.enabled" = false;
	157
	158	"intl.accept_languages" = "en-US, en";
	159	"intl.locale.matchOS" = false;
	160
	161	"javascript.use_us_english_locale" = true;
	162
	163	# Don't leak private IP address with WebRTC
	164	"media.peerconnection.ice.default_address_only" = true;
	165	"media.peerconnection.ice.no_host" = true;
	166
	167	"media.webspeech.recognition.enable" = false;
	168
	169	"network.cookie.cookieBehavior" = 1; # Only cookies from the originating server are allowed.
	170	"network.cookie.thirdparty.sessionOnly" = true; # If we decide to enable them temporarily
	171
	172	"network.dns.disablePrefetch" = true;
	173	"network.dns.disablePrefetchFromHTTPS" = true;
	174
	175	"network.http.referer.XOriginPolicy" = 2; # Send a referrer only on same-origin
	176
	177	"network.http.speculative-parallel-limit" = 0;
	178
	179	"network.IDN_show_punycode" = true;
	180
	181	"network.manage-offline-status" = false;
	182
	183	"network.predictor.enabled" = false;
	184	"network.prefetch-next" = false;
	185
	186	"privacy.donottrackheader.enabled" = true;
	187	"privacy.resistFingerprinting" = true;
	188	"privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts" = false;
	189	"privacy.trackingprotection.enabled" = true;
	190	"privacy.trackingprotection.pbmode.enabled" = true;
	191	# Enable containers
	192	"privacy.userContext.enabled" = true;
	193
	194	"security.fileuri.strict_origin_policy" = true;
	195	"security.mixed_content.block_active_content" = true;
	196	"security.mixed_content.block_display_content" = true;
	197
	198	"webgl.min_capability_mode" = true;
	199	"webgl.disable-extensions" = true;
	200	"webgl.disable-fail-if-major-performance-caveat" = true;
	201	"webgl.enable-debug-renderer-info" = false;
	202
	203	# == Telemetry :( ==
	204
	205	"app.normandy.enabled" = false;
	206	"app.normandy.api_url" = "";
	207	"app.shield.optoutstudies.enabled" = true;
	208
	209	"datareporting.healthreport.uploadEnabled" = false;
	210	"datareporting.healthreport.service.enabled" = false;
	211	"datareporting.policy.dataSubmissionEnabled" = false;
	212
	213	"extensions.shield-recipe-client.enabled" = false;
	214	"extensions.pocket.enabled" = false;
	215
	216	"loop.logDomains" = false;
	217
	218	"toolkit.telemetry.archive.enabled" = false;
	219	"toolkit.telemetry.enabled" = false;
	220	"toolkit.telemetry.unified" = false;
	221
	222	# == Other Firefox privacy weirdness ==
	223
	224	# Crash reporting
	225	"breakpad.reportURL" = "";
	226
	227	"browser.casting.enabled" = false;
	228	"browser.crashReports.unsubmittedCheck.enabled" = false;
	229	"browser.discovery.enabled" = false; # Firefox add-on recommendations
	230	"browser.formfill.enable" = false;
	231	"browser.search.update" = false;
	232	"browser.pagethumbnails.capturing_disabled" = true;
	233	"browser.tabs.crashReporting.sendReport" = false;
	234	"browser.uitour.enabled" = true;
	235	"browser.urlbar.filter.javascript" = true;
	236	"browser.urlbar.suggest.searches" = false;
	237	"browser.urlbar.trimURLs" = false;
	238
	239	# Discovery of LAN/proximity IoT devices that expose a Web interface
	240	"dom.flyweb.enabled" = false;
	241
	242	"experiments.supported" = false;
	243	"experiments.enabled" = false;
	244	"experiments.manifest.uri" = false;
	245
	246	"network.allow-experiments" = false;
	247	"network.captive-portal-service.enabled" = false;
	248
	249	"plugin.state.flash" = 0;
	250	"plugin.state.java" = 0;
	251
	252	"signon.rememberSignons" = false;
	253	};
	254
	255	# Hide tab bar
	256	userChrome = ''
	257	#main-window[tabsintitlebar="true"]:not([extradragspace="true"]) #TabsToolbar {
	258	opacity: 0;
	259	pointer-events: none;
	260	}
	261
	262	#main-window:not([tabsintitlebar="true"]) #TabsToolbar {
	263	visibility: collapse !important;
	264	}
	265	'';
	266
	267	};
	268	};
	269	};
	270	}