From 2e4c4298cf84f94d68387e8076fd430e9968ce6c Mon Sep 17 00:00:00 2001 From: Freya Murphy Date: Fri, 27 Jun 2025 16:39:14 -0400 Subject: refactor --- modules/browsers/firefox/default.nix | 39 ++++++++ modules/browsers/firefox/extraPrefs.nix | 21 +++++ modules/browsers/firefox/policy.nix | 127 +++++++++++++++++++++++++ modules/browsers/firefox/policyExtensions.nix | 38 ++++++++ modules/browsers/firefox/policyPrefs.nix | 128 ++++++++++++++++++++++++++ modules/browsers/firefox/userChrome.nix | 23 +++++ 6 files changed, 376 insertions(+) create mode 100644 modules/browsers/firefox/default.nix create mode 100644 modules/browsers/firefox/extraPrefs.nix create mode 100644 modules/browsers/firefox/policy.nix create mode 100644 modules/browsers/firefox/policyExtensions.nix create mode 100644 modules/browsers/firefox/policyPrefs.nix create mode 100644 modules/browsers/firefox/userChrome.nix (limited to 'modules/browsers/firefox') diff --git a/modules/browsers/firefox/default.nix b/modules/browsers/firefox/default.nix new file mode 100644 index 0000000..51f9000 --- /dev/null +++ b/modules/browsers/firefox/default.nix @@ -0,0 +1,39 @@ +{ + config, + lib, + pkgs, + ... +}: let + extraPrefs = import ./extraPrefs.nix; + userChrome = import ./userChrome.nix; + my-firefox = pkgs.firefox.override { + extraPrefs = extraPrefs; + }; + + inherit (lib) mkIf; + cfg = config.browsers; +in { + config = mkIf cfg.firefox { + default.browser = lib.mkDefault "firefox"; + + home-manager.users.${config.user} = { + programs.firefox = { + enable = true; + package = my-firefox; + + # import configuration + policies = import ./policy.nix; + + # create profile for me :3 + profiles.${config.user} = { + search = { + force = true; + default = "ddg"; + }; + + userChrome = userChrome; + }; + }; + }; + }; +} diff --git a/modules/browsers/firefox/extraPrefs.nix b/modules/browsers/firefox/extraPrefs.nix new file mode 100644 index 0000000..74db984 --- /dev/null +++ b/modules/browsers/firefox/extraPrefs.nix @@ -0,0 +1,21 @@ +# extra preferences that cannot be +# set normally but have to instead +# set in mosilla.cfg +'' // + + // Automatically click cookiebanners although uBlock Origin might block them + lockPref("cookiebanners.bannerClicking.enabled", true); + lockPref("cookiebanners.service.mode", 2); + lockPref("cookiebanners.service.mode.privateBrowsing", 2); + + // DNT although PrivacyBadger from policy handles this + lockPref("privacy.donottrackheader.enabled", true); + lockPref("privacy.donottrackheader.value", 1); + + // New sidebar + lockPref("sidebar.revamp", true); + lockPref("sidebar.verticalTabs", true); + lockPref("sidebar.visibility", "always-show"); + lockPref("sidebar.main.tools", "history,bookmarks"); + + //'' diff --git a/modules/browsers/firefox/policy.nix b/modules/browsers/firefox/policy.nix new file mode 100644 index 0000000..e222553 --- /dev/null +++ b/modules/browsers/firefox/policy.nix @@ -0,0 +1,127 @@ +{ + # policies to be set in firefox + # see: https://mozilla.github.io/policy-templates/ + + ExtensionSettings = import ./policyExtensions.nix; + Preferences = import ./policyPrefs.nix; + + EnableTrackingProtection = { + Value = true; + Locked = true; + Cryptomining = true; + Fingerprinting = true; + EmailTracking = true; + }; + + # Certificates + Certificates = { + ImportEnterpriseRoots = true; + }; + + # Cookies + Cookies = { + Behavior = "reject-foreign"; + BehaviorPrivateBrowsing = "reject-foreign"; + Locked = true; + }; + + # DNS + DNSOverHTTPS = { + Enabled = false; + Locked = true; + }; + + # Disable Bad + DisableAppUpdate = true; + DisableAccounts = true; + DisableFirefoxAccounts = true; + DisableFirefoxScreenshots = true; + DisableFirefoxStudies = true; + DisablePocket = true; + DisableTelemetry = true; + AutofillAddressEnabled = false; + AutofillCreditCardEnabled = false; + + # Disable Certain Messages + UserMessaging = { + WhatsNew = false; + ExtensionRecommendations = false; + FeatureRecommendations = false; + UrlbarInterventions = false; + SkipOnboarding = true; + MoreFromMozilla = false; + Labs = false; + Locked = true; + }; + + # Disable Password Manager + DisableMasterPasswordCreation = true; + PasswordManagerEnabled = false; + PrimaryPassword = false; + OfferToSaveLogins = false; + + # Remove Special Pages + OverrideFirstRunPage = ""; + OverridePostUpdatePage = ""; + + # Start Page + Homepage = { + StartPage = "previous-session"; + Locked = true; + }; + + # Home Page + FirefoxHome = { + Search = true; + TopSites = false; + SponsoredTopSites = false; + Highlights = false; + Pocket = false; + SponsoredPocket = false; + Snippets = false; + Locked = true; + }; + + # Search Suggestions + SearchSuggestEnabled = true; + FirefoxSuggest = { + WebSuggestions = false; + SponsoredSuggestions = false; + ImproveSuggest = false; + Locked = true; + }; + + # Save All on Shutdown + SanitizeOnShutdown = false; + + # Popups + PopupBlocking = { + Default = true; + Locked = true; + }; + + # Allow Bypasses + DisableSecurityBypass = { + InvalidCertificate = false; + SafeBrowsing = false; + }; + + # PictureInPicure + PictureInPicture = { + Enabled = true; + Locked = true; + }; + + # Topbar + SearchBar = "unified"; + DisplayMenuBar = "default-off"; + DisplayBookmarksToolbar = "newtab"; + NoDefaultBookmarks = true; + + # Miscellaneous + HttpsOnlyMode = "force_enabled"; + HardwareAcceleration = true; + DontCheckDefaultBrowser = true; + PromptForDownloadLocation = false; + PrivateBrowsingModeAvailability = 0; +} diff --git a/modules/browsers/firefox/policyExtensions.nix b/modules/browsers/firefox/policyExtensions.nix new file mode 100644 index 0000000..f3dcd09 --- /dev/null +++ b/modules/browsers/firefox/policyExtensions.nix @@ -0,0 +1,38 @@ +{ + # extensions to be auto downloaded into + # firefox + + # dont allow extensions to be installed though + # firefox, they must be described here! + "*".installation_mode = "blocked"; + + # uBlock Origin + "uBlock0@raymondhill.net" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"; + installation_mode = "force_installed"; + }; + + # Bitwarden + "{446900e4-71c2-419f-a6a7-df9c091e268b}" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi"; + installation_mode = "force_installed"; + }; + + # SponsorBlock + "sponsorBlocker@ajay.app" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/sponsorblock/latest.xpi"; + installation_mode = "force_installed"; + }; + + # Privacy Badger + "jid1-MnnxcxisBPnSXQ@jetpack" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/privacy-badger17/latest.xpi"; + installation_mode = "force_installed"; + }; + + # Redirector + "redirector@einaregilsson.com" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/redirector/latest.xpi"; + installation_mode = "force_installed"; + }; +} diff --git a/modules/browsers/firefox/policyPrefs.nix b/modules/browsers/firefox/policyPrefs.nix new file mode 100644 index 0000000..73d2781 --- /dev/null +++ b/modules/browsers/firefox/policyPrefs.nix @@ -0,0 +1,128 @@ +let + # quick variables to specify + # locked true/false + lock-false = { + Value = false; + Status = "locked"; + }; + lock-true = { + Value = true; + Status = "locked"; + }; +in { + # about:config Preferences + # ... set policies that cannot be set using policies.json directly + + # allow userChrom.css + "toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true; + + # dark theme + "extensions.activeThemeID" = { + Value = "firefox-compact-dark@mozilla.org"; + Status = "locked"; + }; + "layout.css.prefers-color-scheme.content-override" = { + Value = 0; + Status = "locked"; + }; + + # homepage + "browser.startup.homepage" = { + Value = "about:home"; + Status = "locked"; + }; + "browser.newtabpage.enabed" = lock-true; + "browser.newtabpage.url" = { + Value = "about:home"; + Status = "locked"; + }; + + # autofill + "browser.autofill.enabled" = lock-false; + "browser.formfill.enable" = lock-false; + + # search enable + "browser.urlbar.suggest.recentsearches" = lock-true; + "browser.urlbar.suggest.bookmark" = lock-true; + "browser.urlbar.suggest.clipboard" = lock-true; + "browser.urlbar.suggest.history" = lock-true; + + # search disable + "browser.urlbar.suggest.addons" = lock-false; + "browser.urlbar.suggest.calculator" = lock-false; + "browser.urlbar.suggest.engines" = lock-false; + "browser.urlbar.suggest.fakespot" = lock-false; + "browser.urlbar.suggest.mdn" = lock-false; + "browser.urlbar.suggest.openpage" = lock-false; + "browser.urlbar.suggest.pocket" = lock-false; + "browser.urlbar.suggest.remotetab" = lock-false; + "browser.urlbar.suggest.topsites" = lock-false; + "browser.urlbar.suggest.trending" = lock-false; + "browser.urlbar.suggest.weather" = lock-false; + "browser.urlbar.suggest.yelp" = lock-false; + + # privacy + "privacy.globalprivacycontrol.enabled" = lock-true; + + # security + "security.OCSP.enabled" = { + Value = 0; + Status = "locked"; + }; + "browser.contentblocking.category" = { + Value = "strict"; + Status = "locked"; + }; + "xpinstall.whitelist.required" = lock-true; + "signon.management.page.breach-alerts.enabled" = lock-false; + + # graphics + "dom.webgpu.enabled" = lock-true; + "media.eme.enabled" = lock-true; + + # user messaging + # ... disable shit that is annoying + "browser.newtabpage.activity-stream.feeds.section.topstories" = lock-false; + "browser.newtabpage.activity-stream.feeds.snippets" = lock-false; + "browser.newtabpage.activity-stream.section.highlights.includePocket" = lock-false; + "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = lock-false; + "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = lock-false; + "browser.newtabpage.activity-stream.section.highlights.includeVisited" = lock-false; + "browser.newtabpage.activity-stream.showSponsored" = lock-false; + "browser.newtabpage.activity-stream.system.showSponsored" = lock-false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false; + "browser.newtabpage.activity-stream.showWeather" = lock-false; + "browser.newtabpage.activity-stream.newtabWallpapers.enabled" = lock-false; + "browser.newtabpage.activity-stream.newtabWallpapers.v2.enabled" = lock-false; + "browser.newtabpage.activity-stream.default.sites" = { + Value = ""; + Status = "locked"; + }; + + # safebrowsing + "browser.safebrowsing.malware.enabled" = lock-true; + "browser.safebrowsing.phishing.enabled" = lock-true; + "browser.safebrowsing.downloads.enabled" = lock-true; + "browser.safebrowsing.downloads.remote.block_uncommon" = lock-false; + "browser.safebrowsing.downloads.remote.block_potentially_unwanted" = lock-false; + + # sidebar + "browser.tabs.inTitlebar" = { + Value = 0; + Status = "locked"; + }; + "browser.tabs.warnOnClose" = lock-true; + "browser.tabs.firefox-view" = lock-false; + "browser.tabs.closeTabByDblclick" = lock-true; + "ui.key.menuAccessKeyFocuses" = lock-false; + + # general settings + "general.autoScroll" = lock-false; + "general.smoothScroll" = lock-true; + "widget.gtk.overlay-scrollbars.enabled" = lock-false; + "accessibility.browsewithcaret" = lock-false; + "accessibility.typeaheadfind" = lock-false; + "media.hardwaremediakeys.enabled" = lock-true; + "browser.crashReports.unsubmittedCheck.autoSubmit2" = lock-false; + "browser.aboutConfig.showWarning" = lock-false; +} diff --git a/modules/browsers/firefox/userChrome.nix b/modules/browsers/firefox/userChrome.nix new file mode 100644 index 0000000..ab93747 --- /dev/null +++ b/modules/browsers/firefox/userChrome.nix @@ -0,0 +1,23 @@ +'' + /* sidebar hack to flip contents the way i want them (arrows on the left) */ + #nav-bar-customization-target { + flex-direction: row-reverse; + } + + /* remove broken padding from sidebar hack */ + #unified-extensions-button { + padding-left: 0 !important; + } + + /* remove padding beside search bar */ + toolbarspring { + display: none !important; + } + + /* remove overflow menu and everything in it */ + #nav-bar-overflow-button, + #firefox-view-button, + #alltabs-button { + visibility: collapse; + } +'' -- cgit v1.2.3-freya