6 files changed, 400 insertions, 0 deletions

diff --git a/modules/desktop/firefox/default.nix b/modules/desktop/firefox/default.nix
new file mode 100644
index 0000000..e7720b2
--- /dev/null
+++ b/modules/desktop/firefox/default.nix
@@ -0,0 +1,39 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  extraPrefs = import ./extraPrefs.nix;
+  userChrome = import ./userChrome.nix;
+  my-firefox = pkgs.firefox.override {
+    extraPrefs = extraPrefs;
+  };
+
+  inherit (lib) mkIf;
+  cfg = config.desktop;
+in {
+  config = mkIf cfg.firefox {
+    default.browser = lib.mkDefault "firefox";
+
+    home-manager.users.${config.user} = {
+      programs.firefox = {
+        enable = true;
+        package = my-firefox;
+
+        # import configuration
+        policies = import ./policy.nix;
+
+        # create profile for me :3
+        profiles.${config.user} = {
+          search = {
+            force = true;
+            default = "ddg";
+          };
+
+          userChrome = userChrome;
+        };
+      };
+    };
+  };
+}
diff --git a/modules/desktop/firefox/extraPrefs.nix b/modules/desktop/firefox/extraPrefs.nix
new file mode 100644
index 0000000..74db984
--- /dev/null
+++ b/modules/desktop/firefox/extraPrefs.nix
@@ -0,0 +1,21 @@
+# extra preferences that cannot be
+# set normally but have to instead
+# set in mosilla.cfg
+''  //
+
+  // Automatically click cookiebanners although uBlock Origin might block them
+  lockPref("cookiebanners.bannerClicking.enabled", true);
+  lockPref("cookiebanners.service.mode", 2);
+  lockPref("cookiebanners.service.mode.privateBrowsing", 2);
+
+  // DNT although PrivacyBadger from policy handles this
+  lockPref("privacy.donottrackheader.enabled", true);
+  lockPref("privacy.donottrackheader.value", 1);
+
+  // New sidebar
+  lockPref("sidebar.revamp", true);
+  lockPref("sidebar.verticalTabs", true);
+  lockPref("sidebar.visibility", "always-show");
+  lockPref("sidebar.main.tools", "history,bookmarks");
+
+  //''
diff --git a/modules/desktop/firefox/policy.nix b/modules/desktop/firefox/policy.nix
new file mode 100644
index 0000000..e222553
--- /dev/null
+++ b/modules/desktop/firefox/policy.nix
@@ -0,0 +1,127 @@
+{
+  # policies to be set in firefox
+  # see: https://mozilla.github.io/policy-templates/
+
+  ExtensionSettings = import ./policyExtensions.nix;
+  Preferences = import ./policyPrefs.nix;
+
+  EnableTrackingProtection = {
+    Value = true;
+    Locked = true;
+    Cryptomining = true;
+    Fingerprinting = true;
+    EmailTracking = true;
+  };
+
+  # Certificates
+  Certificates = {
+    ImportEnterpriseRoots = true;
+  };
+
+  # Cookies
+  Cookies = {
+    Behavior = "reject-foreign";
+    BehaviorPrivateBrowsing = "reject-foreign";
+    Locked = true;
+  };
+
+  # DNS
+  DNSOverHTTPS = {
+    Enabled = false;
+    Locked = true;
+  };
+
+  # Disable Bad
+  DisableAppUpdate = true;
+  DisableAccounts = true;
+  DisableFirefoxAccounts = true;
+  DisableFirefoxScreenshots = true;
+  DisableFirefoxStudies = true;
+  DisablePocket = true;
+  DisableTelemetry = true;
+  AutofillAddressEnabled = false;
+  AutofillCreditCardEnabled = false;
+
+  # Disable Certain Messages
+  UserMessaging = {
+    WhatsNew = false;
+    ExtensionRecommendations = false;
+    FeatureRecommendations = false;
+    UrlbarInterventions = false;
+    SkipOnboarding = true;
+    MoreFromMozilla = false;
+    Labs = false;
+    Locked = true;
+  };
+
+  # Disable Password Manager
+  DisableMasterPasswordCreation = true;
+  PasswordManagerEnabled = false;
+  PrimaryPassword = false;
+  OfferToSaveLogins = false;
+
+  # Remove Special Pages
+  OverrideFirstRunPage = "";
+  OverridePostUpdatePage = "";
+
+  # Start Page
+  Homepage = {
+    StartPage = "previous-session";
+    Locked = true;
+  };
+
+  # Home Page
+  FirefoxHome = {
+    Search = true;
+    TopSites = false;
+    SponsoredTopSites = false;
+    Highlights = false;
+    Pocket = false;
+    SponsoredPocket = false;
+    Snippets = false;
+    Locked = true;
+  };
+
+  # Search Suggestions
+  SearchSuggestEnabled = true;
+  FirefoxSuggest = {
+    WebSuggestions = false;
+    SponsoredSuggestions = false;
+    ImproveSuggest = false;
+    Locked = true;
+  };
+
+  # Save All on Shutdown
+  SanitizeOnShutdown = false;
+
+  # Popups
+  PopupBlocking = {
+    Default = true;
+    Locked = true;
+  };
+
+  # Allow Bypasses
+  DisableSecurityBypass = {
+    InvalidCertificate = false;
+    SafeBrowsing = false;
+  };
+
+  # PictureInPicure
+  PictureInPicture = {
+    Enabled = true;
+    Locked = true;
+  };
+
+  # Topbar
+  SearchBar = "unified";
+  DisplayMenuBar = "default-off";
+  DisplayBookmarksToolbar = "newtab";
+  NoDefaultBookmarks = true;
+
+  # Miscellaneous
+  HttpsOnlyMode = "force_enabled";
+  HardwareAcceleration = true;
+  DontCheckDefaultBrowser = true;
+  PromptForDownloadLocation = false;
+  PrivateBrowsingModeAvailability = 0;
+}
diff --git a/modules/desktop/firefox/policyExtensions.nix b/modules/desktop/firefox/policyExtensions.nix
new file mode 100644
index 0000000..51d7e9d
--- /dev/null
+++ b/modules/desktop/firefox/policyExtensions.nix
@@ -0,0 +1,62 @@
+{
+  # extensions to be auto downloaded into
+  # firefox
+
+  # dont allow extensions to be installed though
+  # firefox, they must be described here!
+  "*".installation_mode = "blocked";
+
+  # uBlock Origin
+  "uBlock0@raymondhill.net" = {
+    install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
+    installation_mode = "force_installed";
+  };
+
+  # Bitwarden
+  "{446900e4-71c2-419f-a6a7-df9c091e268b}" = {
+    install_url = "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi";
+    installation_mode = "force_installed";
+  };
+
+  # User Agent Switcher
+  "user-agent-switcher@ninetailed.ninja" = {
+    install_url = "https://addons.mozilla.org/firefox/downloads/latest/uaswitcher/latest.xpi";
+    installation_mode = "force_installed";
+  };
+
+  # SponsorBlock
+  "sponsorBlocker@ajay.app" = {
+    install_url = "https://addons.mozilla.org/firefox/downloads/latest/sponsorblock/latest.xpi";
+    installation_mode = "force_installed";
+  };
+
+  # Privacy Badger
+  "jid1-MnnxcxisBPnSXQ@jetpack" = {
+    install_url = "https://addons.mozilla.org/firefox/downloads/latest/privacy-badger17/latest.xpi";
+    installation_mode = "force_installed";
+  };
+
+  # FoxyProxy
+  "foxyproxy@eric.h.jung" = {
+    install_url = "https://addons.mozilla.org/firefox/downloads/latest/foxyproxy-standard/latest.xpi";
+    installation_mode = "force_installed";
+  };
+
+  # Redirector
+  "redirector@einaregilsson.com" = {
+    install_url = "https://addons.mozilla.org/firefox/downloads/latest/redirector/latest.xpi";
+    installation_mode = "force_installed";
+  };
+
+  # linkding
+  "{61a05c39-ad45-4086-946f-32adb0a40a9d}" = {
+    install_url = "https://addons.mozilla.org/firefox/downloads/latest/linkding-extension/latest.xpi";
+    installation_mode = "force_installed";
+  };
+
+  # Bypass Paywalls Clean
+  "magnolia@12.34" = {
+    install_url = "https://f.freya.cat/xpi/bypass_paywalls_clean-4.1.4.0.xpi";
+    installation_mode = "force_installed";
+  };
+}
diff --git a/modules/desktop/firefox/policyPrefs.nix b/modules/desktop/firefox/policyPrefs.nix
new file mode 100644
index 0000000..73d2781
--- /dev/null
+++ b/modules/desktop/firefox/policyPrefs.nix
@@ -0,0 +1,128 @@
+let
+  # quick variables to specify
+  # locked true/false
+  lock-false = {
+    Value = false;
+    Status = "locked";
+  };
+  lock-true = {
+    Value = true;
+    Status = "locked";
+  };
+in {
+  # about:config Preferences
+  # ... set policies that cannot be set using policies.json directly
+
+  # allow userChrom.css
+  "toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true;
+
+  # dark theme
+  "extensions.activeThemeID" = {
+    Value = "firefox-compact-dark@mozilla.org";
+    Status = "locked";
+  };
+  "layout.css.prefers-color-scheme.content-override" = {
+    Value = 0;
+    Status = "locked";
+  };
+
+  # homepage
+  "browser.startup.homepage" = {
+    Value = "about:home";
+    Status = "locked";
+  };
+  "browser.newtabpage.enabed" = lock-true;
+  "browser.newtabpage.url" = {
+    Value = "about:home";
+    Status = "locked";
+  };
+
+  # autofill
+  "browser.autofill.enabled" = lock-false;
+  "browser.formfill.enable" = lock-false;
+
+  # search enable
+  "browser.urlbar.suggest.recentsearches" = lock-true;
+  "browser.urlbar.suggest.bookmark" = lock-true;
+  "browser.urlbar.suggest.clipboard" = lock-true;
+  "browser.urlbar.suggest.history" = lock-true;
+
+  # search disable
+  "browser.urlbar.suggest.addons" = lock-false;
+  "browser.urlbar.suggest.calculator" = lock-false;
+  "browser.urlbar.suggest.engines" = lock-false;
+  "browser.urlbar.suggest.fakespot" = lock-false;
+  "browser.urlbar.suggest.mdn" = lock-false;
+  "browser.urlbar.suggest.openpage" = lock-false;
+  "browser.urlbar.suggest.pocket" = lock-false;
+  "browser.urlbar.suggest.remotetab" = lock-false;
+  "browser.urlbar.suggest.topsites" = lock-false;
+  "browser.urlbar.suggest.trending" = lock-false;
+  "browser.urlbar.suggest.weather" = lock-false;
+  "browser.urlbar.suggest.yelp" = lock-false;
+
+  # privacy
+  "privacy.globalprivacycontrol.enabled" = lock-true;
+
+  # security
+  "security.OCSP.enabled" = {
+    Value = 0;
+    Status = "locked";
+  };
+  "browser.contentblocking.category" = {
+    Value = "strict";
+    Status = "locked";
+  };
+  "xpinstall.whitelist.required" = lock-true;
+  "signon.management.page.breach-alerts.enabled" = lock-false;
+
+  # graphics
+  "dom.webgpu.enabled" = lock-true;
+  "media.eme.enabled" = lock-true;
+
+  # user messaging
+  # ... disable shit that is annoying
+  "browser.newtabpage.activity-stream.feeds.section.topstories" = lock-false;
+  "browser.newtabpage.activity-stream.feeds.snippets" = lock-false;
+  "browser.newtabpage.activity-stream.section.highlights.includePocket" = lock-false;
+  "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = lock-false;
+  "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = lock-false;
+  "browser.newtabpage.activity-stream.section.highlights.includeVisited" = lock-false;
+  "browser.newtabpage.activity-stream.showSponsored" = lock-false;
+  "browser.newtabpage.activity-stream.system.showSponsored" = lock-false;
+  "browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false;
+  "browser.newtabpage.activity-stream.showWeather" = lock-false;
+  "browser.newtabpage.activity-stream.newtabWallpapers.enabled" = lock-false;
+  "browser.newtabpage.activity-stream.newtabWallpapers.v2.enabled" = lock-false;
+  "browser.newtabpage.activity-stream.default.sites" = {
+    Value = "";
+    Status = "locked";
+  };
+
+  # safebrowsing
+  "browser.safebrowsing.malware.enabled" = lock-true;
+  "browser.safebrowsing.phishing.enabled" = lock-true;
+  "browser.safebrowsing.downloads.enabled" = lock-true;
+  "browser.safebrowsing.downloads.remote.block_uncommon" = lock-false;
+  "browser.safebrowsing.downloads.remote.block_potentially_unwanted" = lock-false;
+
+  # sidebar
+  "browser.tabs.inTitlebar" = {
+    Value = 0;
+    Status = "locked";
+  };
+  "browser.tabs.warnOnClose" = lock-true;
+  "browser.tabs.firefox-view" = lock-false;
+  "browser.tabs.closeTabByDblclick" = lock-true;
+  "ui.key.menuAccessKeyFocuses" = lock-false;
+
+  # general settings
+  "general.autoScroll" = lock-false;
+  "general.smoothScroll" = lock-true;
+  "widget.gtk.overlay-scrollbars.enabled" = lock-false;
+  "accessibility.browsewithcaret" = lock-false;
+  "accessibility.typeaheadfind" = lock-false;
+  "media.hardwaremediakeys.enabled" = lock-true;
+  "browser.crashReports.unsubmittedCheck.autoSubmit2" = lock-false;
+  "browser.aboutConfig.showWarning" = lock-false;
+}
diff --git a/modules/desktop/firefox/userChrome.nix b/modules/desktop/firefox/userChrome.nix
new file mode 100644
index 0000000..ab93747
--- /dev/null
+++ b/modules/desktop/firefox/userChrome.nix
@@ -0,0 +1,23 @@
+''
+  /* sidebar hack to flip contents the way i want them (arrows on the left) */
+  #nav-bar-customization-target {
+    flex-direction: row-reverse;
+  }
+
+  /* remove broken padding from sidebar hack */
+  #unified-extensions-button {
+    padding-left: 0 !important;
+  }
+
+  /* remove padding beside search bar */
+  toolbarspring {
+    display: none !important;
+  }
+
+  /* remove overflow menu and everything in it */
+  #nav-bar-overflow-button,
+  #firefox-view-button,
+  #alltabs-button {
+    visibility: collapse;
+  }
+''