From 48a5083a022fa9b0e081f0516dcbfa30878142ec Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 6 Sep 2024 02:37:34 +0100 Subject: [PATCH 1/2] nixpkgs, home-manager: return nixpkgs config to flake.nix --- common/default.nix | 1 - common/home-manager.nix | 17 ++++++----------- common/nixpkgs.nix | 14 -------------- flake.nix | 19 ++++++++++++++----- 4 files changed, 20 insertions(+), 31 deletions(-) delete mode 100644 common/nixpkgs.nix diff --git a/common/default.nix b/common/default.nix index bc3cc10..f6c8c0a 100644 --- a/common/default.nix +++ b/common/default.nix @@ -5,7 +5,6 @@ ./environment.nix ./home-manager.nix ./nginx.nix - ./nixpkgs.nix ./openssh.nix ./security.nix ]; diff --git a/common/home-manager.nix b/common/home-manager.nix index 6740dbc..e4d7106 100644 --- a/common/home-manager.nix +++ b/common/home-manager.nix @@ -1,18 +1,13 @@ { config, lib, pkgs, ... }: { - home-manager = { - useUserPackages = true; - useGlobalPkgs = true; + home-manager.users = { + qenya = { config, lib, pkgs, osConfig, ... }: { + home.homeDirectory = osConfig.users.users.qenya.home; - users = { - qenya = { config, lib, pkgs, osConfig, ... }: { - home.homeDirectory = osConfig.users.users.qenya.home; - - imports = [ - ../home/qenya - ]; - }; + imports = [ + ../home/qenya + ]; }; }; } diff --git a/common/nixpkgs.nix b/common/nixpkgs.nix deleted file mode 100644 index b11cac9..0000000 --- a/common/nixpkgs.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, lib, pkgs, inputs, ... }: - -{ - nixpkgs = { - config = { - allowUnfree = true; - packageOverrides = pkgs: { - agenix = inputs.agenix.packages.${config.nixpkgs.hostPlatform.system}.default; - }; - }; - - overlays = [ inputs.nur.overlay ]; - }; -} diff --git a/flake.nix b/flake.nix index de114b3..3e5ffdb 100644 --- a/flake.nix +++ b/flake.nix @@ -27,15 +27,24 @@ nodeNixpkgs = { kalessin = import nixpkgs { system = "aarch64-linux"; }; # TODO: this should be generated from the host config somehow }; - specialArgs = { - inherit inputs; - }; }; - defaults = { name, nodes, ... }: { + defaults = { name, nodes, config, ... }: { networking.hostName = name; nix.settings.experimental-features = "nix-command flakes"; + nix.nixPath = [ "nixpkgs=flake:nixpkgs" ]; + nixpkgs.config.allowUnfree = true; + + nixpkgs.config.packageOverrides = pkgs: { + agenix = inputs.agenix.packages.${config.nixpkgs.hostPlatform.system}.default; + }; + nixpkgs.overlays = [ inputs.nur.overlay ]; + + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + }; imports = [ home-manager.nixosModules.home-manager @@ -47,7 +56,7 @@ ]; }; - kilgharrah.imports = [ ./hosts/kilgharrah ] ; + kilgharrah.imports = [ ./hosts/kilgharrah ]; tohru.imports = [ ./hosts/tohru ]; yevaud = { name, nodes, ... }: { From 4bb4780186b219d209eb4407c41190b0ede88cc9 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 6 Sep 2024 02:38:28 +0100 Subject: [PATCH 2/2] firefox: declaratively define important settings & extensions Closes #4 --- home/qenya/default.nix | 1 + home/qenya/firefox.nix | 51 ++++++++++++++++++++++++++++++++++++++++++ hosts/tohru/home.nix | 2 +- 3 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 home/qenya/firefox.nix diff --git a/home/qenya/default.nix b/home/qenya/default.nix index e3197ef..4923dcb 100644 --- a/home/qenya/default.nix +++ b/home/qenya/default.nix @@ -2,6 +2,7 @@ imports = [ ./dconf ./cli.nix + ./firefox.nix ./git.nix ./tmux.nix ./vscode.nix diff --git a/home/qenya/firefox.nix b/home/qenya/firefox.nix new file mode 100644 index 0000000..ebfd2ca --- /dev/null +++ b/home/qenya/firefox.nix @@ -0,0 +1,51 @@ +{ config, lib, pkgs, ... }: + +{ + programs.firefox = { + # coming in 24.11 + # languagePacks = [ "en-GB" ]; + + profiles.default = { + extensions = with pkgs.nur.repos.rycee.firefox-addons; [ + bitwarden + ublock-origin + ]; + + settings = { + "browser.startup.page" = 3; # resume previous session + "browser.newtabpage.activity-stream.showSponsored" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + + # disable telemetry + "datareporting.healthreport.uploadEnabled" = false; + "app.shield.optoutstudies.enabled" = false; + "browser.crashReports.unsubmittedCheck.autoSubmit2" = false; + + # disable prefetch? + + # DNS over HTTPS + "network.trr.custom_uri" = "https://base.dns.mullvad.net/dns-query"; + "network.trr.excluded-domains" = "detectportal.firefox.com"; + "network.trr.mode" = 3; + "network.trr.uri" = "https://base.dns.mullvad.net/dns-query"; + + "browser.search.suggest.enabled" = false; + "browser.urlbar.suggest.searches" = false; + + "dom.security.https_only_mode" = true; + "browser.contentblocking.category" = "strict"; # Enhanced Tracking Protection + # I think these are implied by the above + # "privacy.donottrackheader.enabled" = true; + # "privacy.trackingprotection.enabled" = true; + # "privacy.trackingprotection.emailtracking.enabled" = true; + # "privacy.trackingprotection.socialtracking.enabled" = true; + + "privacy.sanitize.sanitizeOnShutdown" = true; + "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = false; + + "dom.private-attribution.submission.enabled" = false; # disable "Privacy-Preserving Attribution for Advertising" + "extensions.autoDisableScopes" = 0; # automatically enable extensions installed through nix + }; + }; + }; +} diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 4fdeb48..2ebda52 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -4,7 +4,7 @@ dconf.enable = true; programs = { - firefox.enable = true; # TODO: config is not yet nix-ified + firefox.enable = true; vscode.enable = true; };