From a878ccf4d32a1083c18408f6183c905f18023196 Mon Sep 17 00:00:00 2001 From: Minijackson Date: Wed, 1 Feb 2023 18:15:04 +0100 Subject: firefox: fmt --- usecases/desktop/graphical/firefox.nix | 519 ++++++++++++++++----------------- 1 file changed, 257 insertions(+), 262 deletions(-) (limited to 'usecases/desktop/graphical') diff --git a/usecases/desktop/graphical/firefox.nix b/usecases/desktop/graphical/firefox.nix index fe470c3..8b8ad56 100644 --- a/usecases/desktop/graphical/firefox.nix +++ b/usecases/desktop/graphical/firefox.nix @@ -1,295 +1,290 @@ -inputs: - -{ config, lib, pkgs, ... }: - -{ +inputs: { + pkgs, + ... +}: { environment.sessionVariables = { # This is for programs launched via systemd, which may not have a proper # PATH set BROWSER = "/home/minijackson/.nix-profile/bin/firefox"; }; - home-manager.users.minijackson = { ... }: - { - programs.firefox = { - enable = true; - package = pkgs.firefox.override { - cfg.enableBrowserpass = true; - extraPolicies = { - DisableAppUpdate = true; - DisableFirefoxStudies = true; - DisablePocket = true; - DisableTelemetry = true; - FirefoxHome = { - Pocket = false; - Snippets = false; - }; - UserMessaging = { - ExtensionRecommendations = false; - SkipOnboarding = true; - }; - }; + home-manager.users.minijackson.programs.firefox = { + enable = true; + package = pkgs.firefox.override { + cfg.enableBrowserpass = true; + extraPolicies = { + DisableAppUpdate = true; + DisableFirefoxStudies = true; + DisablePocket = true; + DisableTelemetry = true; + FirefoxHome = { + Pocket = false; + Snippets = false; }; + UserMessaging = { + ExtensionRecommendations = false; + SkipOnboarding = true; + }; + }; + }; - extensions = with pkgs.firefox-addons; [ - # Security - browserpass - - # Privacy - canvasblocker - clearurls - decentraleyes - privacy-badger - privacy-redirect - privacy-settings - ublock-origin - ubo-scope - - # Additional features - betterttv - c-c-search-extension - dark-mode-website-switcher - flagfox - musescore-downloader - rust-search-extension - sidebery - stylus - tournesol - violentmonkey - #firenvim - - # Annoyances - buster-captcha-solver - terms-of-service-didnt-read - unpaywall - sponsorblock - - # Langs - french-dictionary - ]; - - profiles.home-manager-default = { - id = 0; - isDefault = true; - - settings = { - # == Performance == - - "gfx.webrender.all" = true; - "gfx.webrender.compositor" = true; - "gfx.webrender.enabled" = true; - "layers.acceleration.force-enabled" = true; - "media.ffmpeg.vaapi.enabled" = true; - - # Newtab page - "browser.aboutHomeSnippets.updateUrl" = ""; - "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false; - "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false; - "browser.newtabpage.activity-stream.default.sites" = ""; - "browser.newtabpage.activity-stream.discoverystream.config" = "{}"; - "browser.newtabpage.activity-stream.discoverystream.enabled" = false; - "browser.newtabpage.activity-stream.discoverystream.endpoints" = ""; - "browser.newtabpage.activity-stream.feeds.section.highlights" = false; - "browser.newtabpage.activity-stream.feeds.section.topstories" = false; - "browser.newtabpage.activity-stream.feeds.section.topstories.options" = "{}"; - "browser.newtabpage.activity-stream.feeds.sections" = false; - "browser.newtabpage.activity-stream.feeds.snippets" = false; - "browser.newtabpage.activity-stream.feeds.system.systemtick" = false; - "browser.newtabpage.activity-stream.feeds.system.telemetry" = false; - "browser.newtabpage.activity-stream.feeds.system.topsites" = false; - "browser.newtabpage.activity-stream.feeds.topsites" = false; - "browser.newtabpage.activity-stream.feeds.system.topstories" = false; - "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false; - "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false; - "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; - "browser.newtabpage.activity-stream.section.highlights.includeVisited" = false; - "browser.newtabpage.activity-stream.showSearch" = false; - "services.sync.prefs.sync.browser.newtabpage.activity-stream.feeds.snippets" = false; - - # == Behavior == - - "browser.bookmarks.showMobileBookmarks" = true; - # Don't try to guess TLDs, I'm using custom ones - "browser.fixup.alternate.enabled" = false; - "browser.fixup.domainsuffixwhitelist.vpn" = true; - "browser.ctrlTab.recentlyUsedOrder" = false; - "browser.startup.page" = 3; # Restore previous session - #"browser.startup.homepage" = "file://${homepage}"; - "browser.tabs.warnOnClose" = false; - - "reader.color_scheme" = "dark"; - - # Syncing - "services.sync.engine.addons" = false; - "services.sync.engine.addresses" = false; - "services.sync.engine.creditcards" = false; - "services.sync.engine.prefs" = false; - - # Enable loading of userChrome - "toolkit.legacyUserProfileCustomizations.stylesheets" = true; - - # == Security == - - "security.pki.sha1_enforcement_level" = 1; # Completely forbid it - "security.ssl.treat_unsafe_negotiation_as_broken" = true; - "network.security.esni.enabled" = true; - - # HTTPS everywhere - "dom.security.https_only_mode" = true; - "dom.security.https_only_mode_ever_enabled" = true; - "dom.security.https_only_mode_ever_enabled_pbm" = true; - - # == General web privacy == - - "beacon.enabled" = false; - - "browser.send_pings" = false; - - "browser.search.countryCode" = "US"; - "browser.search.region" = "US"; - "browser.search.geoip.url" = ""; - "browser.search.geoSpecificDefaults" = false; - - "camera.control.face_detection.enabled" = false; - - "device.sensors.enabled" = false; - - "dom.archivereader.enabled" = false; - "dom.battery.enabled" = false; - "dom.event.clipboardevents.enabled" = false; - "dom.event.contextmenu.enabled" = false; - "dom.gamepad.enabled" = false; - "dom.maxHardwareConcurrency" = 2; - "dom.netinfo.enabled" = false; - "dom.network.enabled" = false; - "dom.telephony.enabled" = false; - "dom.vr.enabled" = false; - "dom.vibrator.enabled" = false; - - # User-Agent already spoofed by 'resistFingerprinting' - # Apparently doesn't work - /* - "general.appversion.override" = "5.0 (Windows)"; - "general.platform.override" = "Win32"; - "general.oscpu.override" = "Windows NT 6.1"; - */ - - "geo.enabled" = false; - "geo.wifi.uri" = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"; - "geo.wifi.logging.enabled" = false; - - "intl.accept_languages" = "en-US, en"; - "intl.locale.matchOS" = false; - - "javascript.use_us_english_locale" = true; - - # Don't leak private IP address with WebRTC - "media.peerconnection.ice.default_address_only" = true; - "media.peerconnection.ice.no_host" = true; - - "media.webspeech.recognition.enable" = false; - - "network.cookie.cookieBehavior" = 1; # Only cookies from the originating server are allowed. - "network.cookie.thirdparty.sessionOnly" = true; # If we decide to enable them temporarily - - "network.dns.disablePrefetch" = true; - "network.dns.disablePrefetchFromHTTPS" = true; - - "network.http.referer.XOriginPolicy" = 2; # Send a referrer only on same-origin - - "network.http.speculative-parallel-limit" = 0; - - "network.IDN_show_punycode" = true; + extensions = with pkgs.firefox-addons; [ + # Security + browserpass + + # Privacy + canvasblocker + clearurls + decentraleyes + privacy-badger + privacy-redirect + privacy-settings + ublock-origin + ubo-scope + + # Additional features + betterttv + c-c-search-extension + dark-mode-website-switcher + flagfox + musescore-downloader + rust-search-extension + sidebery + stylus + tournesol + violentmonkey + #firenvim + + # Annoyances + buster-captcha-solver + terms-of-service-didnt-read + unpaywall + sponsorblock + + # Langs + french-dictionary + ]; + + profiles.home-manager-default = { + id = 0; + isDefault = true; + + settings = { + # == Performance == + + "gfx.webrender.all" = true; + "gfx.webrender.compositor" = true; + "gfx.webrender.enabled" = true; + "layers.acceleration.force-enabled" = true; + "media.ffmpeg.vaapi.enabled" = true; + + # Newtab page + "browser.aboutHomeSnippets.updateUrl" = ""; + "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false; + "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false; + "browser.newtabpage.activity-stream.default.sites" = ""; + "browser.newtabpage.activity-stream.discoverystream.config" = "{}"; + "browser.newtabpage.activity-stream.discoverystream.enabled" = false; + "browser.newtabpage.activity-stream.discoverystream.endpoints" = ""; + "browser.newtabpage.activity-stream.feeds.section.highlights" = false; + "browser.newtabpage.activity-stream.feeds.section.topstories" = false; + "browser.newtabpage.activity-stream.feeds.section.topstories.options" = "{}"; + "browser.newtabpage.activity-stream.feeds.sections" = false; + "browser.newtabpage.activity-stream.feeds.snippets" = false; + "browser.newtabpage.activity-stream.feeds.system.systemtick" = false; + "browser.newtabpage.activity-stream.feeds.system.telemetry" = false; + "browser.newtabpage.activity-stream.feeds.system.topsites" = false; + "browser.newtabpage.activity-stream.feeds.topsites" = false; + "browser.newtabpage.activity-stream.feeds.system.topstories" = false; + "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false; + "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false; + "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; + "browser.newtabpage.activity-stream.section.highlights.includeVisited" = false; + "browser.newtabpage.activity-stream.showSearch" = false; + "services.sync.prefs.sync.browser.newtabpage.activity-stream.feeds.snippets" = false; + + # == Behavior == + + "browser.bookmarks.showMobileBookmarks" = true; + # Don't try to guess TLDs, I'm using custom ones + "browser.fixup.alternate.enabled" = false; + "browser.fixup.domainsuffixwhitelist.vpn" = true; + "browser.ctrlTab.recentlyUsedOrder" = false; + "browser.startup.page" = 3; # Restore previous session + #"browser.startup.homepage" = "file://${homepage}"; + "browser.tabs.warnOnClose" = false; + + "reader.color_scheme" = "dark"; + + # Syncing + "services.sync.engine.addons" = false; + "services.sync.engine.addresses" = false; + "services.sync.engine.creditcards" = false; + "services.sync.engine.prefs" = false; + + # Enable loading of userChrome + "toolkit.legacyUserProfileCustomizations.stylesheets" = true; + + # == Security == + + "security.pki.sha1_enforcement_level" = 1; # Completely forbid it + "security.ssl.treat_unsafe_negotiation_as_broken" = true; + "network.security.esni.enabled" = true; + + # HTTPS everywhere + "dom.security.https_only_mode" = true; + "dom.security.https_only_mode_ever_enabled" = true; + "dom.security.https_only_mode_ever_enabled_pbm" = true; + + # == General web privacy == + + "beacon.enabled" = false; + + "browser.send_pings" = false; + + "browser.search.countryCode" = "US"; + "browser.search.region" = "US"; + "browser.search.geoip.url" = ""; + "browser.search.geoSpecificDefaults" = false; + + "camera.control.face_detection.enabled" = false; + + "device.sensors.enabled" = false; + + "dom.archivereader.enabled" = false; + "dom.battery.enabled" = false; + "dom.event.clipboardevents.enabled" = false; + "dom.event.contextmenu.enabled" = false; + "dom.gamepad.enabled" = false; + "dom.maxHardwareConcurrency" = 2; + "dom.netinfo.enabled" = false; + "dom.network.enabled" = false; + "dom.telephony.enabled" = false; + "dom.vr.enabled" = false; + "dom.vibrator.enabled" = false; + + # User-Agent already spoofed by 'resistFingerprinting' + # Apparently doesn't work + /* + "general.appversion.override" = "5.0 (Windows)"; + "general.platform.override" = "Win32"; + "general.oscpu.override" = "Windows NT 6.1"; + */ + + "geo.enabled" = false; + "geo.wifi.uri" = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"; + "geo.wifi.logging.enabled" = false; + + "intl.accept_languages" = "en-US, en"; + "intl.locale.matchOS" = false; + + "javascript.use_us_english_locale" = true; + + # Don't leak private IP address with WebRTC + "media.peerconnection.ice.default_address_only" = true; + "media.peerconnection.ice.no_host" = true; + + "media.webspeech.recognition.enable" = false; + + "network.cookie.cookieBehavior" = 1; # Only cookies from the originating server are allowed. + "network.cookie.thirdparty.sessionOnly" = true; # If we decide to enable them temporarily + + "network.dns.disablePrefetch" = true; + "network.dns.disablePrefetchFromHTTPS" = true; - "network.manage-offline-status" = false; + "network.http.referer.XOriginPolicy" = 2; # Send a referrer only on same-origin - "network.predictor.enabled" = false; - "network.prefetch-next" = false; + "network.http.speculative-parallel-limit" = 0; - "privacy.donottrackheader.enabled" = true; - "privacy.resistFingerprinting" = true; - "privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts" = false; - "privacy.trackingprotection.enabled" = true; - "privacy.trackingprotection.pbmode.enabled" = true; - # Enable containers - "privacy.userContext.enabled" = true; + "network.IDN_show_punycode" = true; - "security.fileuri.strict_origin_policy" = true; - "security.mixed_content.block_active_content" = true; - "security.mixed_content.block_display_content" = true; + "network.manage-offline-status" = false; - "webgl.min_capability_mode" = true; - "webgl.disable-extensions" = true; - "webgl.disable-fail-if-major-performance-caveat" = true; - "webgl.enable-debug-renderer-info" = false; + "network.predictor.enabled" = false; + "network.prefetch-next" = false; - # == Telemetry :( == + "privacy.donottrackheader.enabled" = true; + "privacy.resistFingerprinting" = true; + "privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts" = false; + "privacy.trackingprotection.enabled" = true; + "privacy.trackingprotection.pbmode.enabled" = true; + # Enable containers + "privacy.userContext.enabled" = true; - "app.normandy.enabled" = false; - "app.normandy.api_url" = ""; - "app.shield.optoutstudies.enabled" = true; + "security.fileuri.strict_origin_policy" = true; + "security.mixed_content.block_active_content" = true; + "security.mixed_content.block_display_content" = true; - "datareporting.healthreport.uploadEnabled" = false; - "datareporting.healthreport.service.enabled" = false; - "datareporting.policy.dataSubmissionEnabled" = false; + "webgl.min_capability_mode" = true; + "webgl.disable-extensions" = true; + "webgl.disable-fail-if-major-performance-caveat" = true; + "webgl.enable-debug-renderer-info" = false; - "extensions.shield-recipe-client.enabled" = false; - "extensions.pocket.enabled" = false; + # == Telemetry :( == - "loop.logDomains" = false; + "app.normandy.enabled" = false; + "app.normandy.api_url" = ""; + "app.shield.optoutstudies.enabled" = true; - "toolkit.telemetry.archive.enabled" = false; - "toolkit.telemetry.enabled" = false; - "toolkit.telemetry.unified" = false; + "datareporting.healthreport.uploadEnabled" = false; + "datareporting.healthreport.service.enabled" = false; + "datareporting.policy.dataSubmissionEnabled" = false; - # == Other Firefox privacy weirdness == + "extensions.shield-recipe-client.enabled" = false; + "extensions.pocket.enabled" = false; - # Crash reporting - "breakpad.reportURL" = ""; + "loop.logDomains" = false; - "browser.casting.enabled" = false; - "browser.crashReports.unsubmittedCheck.enabled" = false; - "browser.discovery.enabled" = false; # Firefox add-on recommendations - "browser.formfill.enable" = false; - "browser.search.update" = false; - "browser.pagethumbnails.capturing_disabled" = true; - "browser.tabs.crashReporting.sendReport" = false; - "browser.uitour.enabled" = true; - "browser.urlbar.filter.javascript" = true; - "browser.urlbar.suggest.searches" = false; - "browser.urlbar.trimURLs" = false; - "browser.urlbar.suggest.quicksuggest.nonsponsored" = false; - "browser.urlbar.suggest.quicksuggest.sponsored" = false; + "toolkit.telemetry.archive.enabled" = false; + "toolkit.telemetry.enabled" = false; + "toolkit.telemetry.unified" = false; - # Discovery of LAN/proximity IoT devices that expose a Web interface - "dom.flyweb.enabled" = false; + # == Other Firefox privacy weirdness == - "experiments.supported" = false; - "experiments.enabled" = false; - "experiments.manifest.uri" = false; + # Crash reporting + "breakpad.reportURL" = ""; - "network.allow-experiments" = false; - "network.captive-portal-service.enabled" = false; + "browser.casting.enabled" = false; + "browser.crashReports.unsubmittedCheck.enabled" = false; + "browser.discovery.enabled" = false; # Firefox add-on recommendations + "browser.formfill.enable" = false; + "browser.search.update" = false; + "browser.pagethumbnails.capturing_disabled" = true; + "browser.tabs.crashReporting.sendReport" = false; + "browser.uitour.enabled" = true; + "browser.urlbar.filter.javascript" = true; + "browser.urlbar.suggest.searches" = false; + "browser.urlbar.trimURLs" = false; + "browser.urlbar.suggest.quicksuggest.nonsponsored" = false; + "browser.urlbar.suggest.quicksuggest.sponsored" = false; - "plugin.state.flash" = 0; - "plugin.state.java" = 0; + # Discovery of LAN/proximity IoT devices that expose a Web interface + "dom.flyweb.enabled" = false; - "signon.rememberSignons" = false; - }; + "experiments.supported" = false; + "experiments.enabled" = false; + "experiments.manifest.uri" = false; - # Hide tab bar - userChrome = '' - #main-window[tabsintitlebar="true"]:not([extradragspace="true"]) #TabsToolbar { - opacity: 0; - pointer-events: none; - } + "network.allow-experiments" = false; + "network.captive-portal-service.enabled" = false; - #main-window:not([tabsintitlebar="true"]) #TabsToolbar { - visibility: collapse !important; - } - ''; + "plugin.state.flash" = 0; + "plugin.state.java" = 0; - }; + "signon.rememberSignons" = false; }; + + # Hide tab bar + userChrome = '' + #main-window[tabsintitlebar="true"]:not([extradragspace="true"]) #TabsToolbar { + opacity: 0; + pointer-events: none; + } + + #main-window:not([tabsintitlebar="true"]) #TabsToolbar { + visibility: collapse !important; + } + ''; }; + }; } -- cgit v1.2.3