firefox: declaratively define important settings & extensions

Closes #4
nixpkgs, home-manager: return nixpkgs config to flake.nix
2024-09-06 02:38:28 +01:00 · 2024-09-06 02:37:34 +01:00
7 changed files with 73 additions and 32 deletions
--- a/common/default.nix
+++ b/common/default.nix
@ -5,7 +5,6 @@
    ./environment.nix
    ./home-manager.nix
    ./nginx.nix
-    ./nixpkgs.nix
    ./openssh.nix
    ./security.nix
  ];
--- a/common/home-manager.nix
+++ b/common/home-manager.nix
@ -1,18 +1,13 @@
 { config, lib, pkgs, ... }:

 {
-  home-manager = {
-    useUserPackages = true;
-    useGlobalPkgs = true;
+  home-manager.users = {
+    qenya = { config, lib, pkgs, osConfig, ... }: {
+      home.homeDirectory = osConfig.users.users.qenya.home;

-    users = {
-      qenya = { config, lib, pkgs, osConfig, ... }: {
-        home.homeDirectory = osConfig.users.users.qenya.home;
-
-        imports = [
-          ../home/qenya
-        ];
-      };
+      imports = [
+        ../home/qenya
+      ];
    };
  };
 }
--- a/common/nixpkgs.nix
+++ b/common/nixpkgs.nix
@ -1,14 +0,0 @@
-{ config, lib, pkgs, inputs, ... }:
-
-{
-  nixpkgs = {
-    config = {
-      allowUnfree = true;
-      packageOverrides = pkgs: {
-        agenix = inputs.agenix.packages.${config.nixpkgs.hostPlatform.system}.default;
-      };
-    };
-
-    overlays = [ inputs.nur.overlay ];
-  };
-}
--- a/flake.nix
+++ b/flake.nix
@ -27,15 +27,24 @@
        nodeNixpkgs = {
          kalessin = import nixpkgs { system = "aarch64-linux"; }; # TODO: this should be generated from the host config somehow
        };
-        specialArgs = {
-          inherit inputs;
-        };
      };

-      defaults = { name, nodes, ... }: {
+      defaults = { name, nodes, config, ... }: {
        networking.hostName = name;

        nix.settings.experimental-features = "nix-command flakes";
+        nix.nixPath = [ "nixpkgs=flake:nixpkgs" ];
+        nixpkgs.config.allowUnfree = true;
+
+        nixpkgs.config.packageOverrides = pkgs: {
+          agenix = inputs.agenix.packages.${config.nixpkgs.hostPlatform.system}.default;
+        };
+        nixpkgs.overlays = [ inputs.nur.overlay ];
+
+        home-manager = {
+          useUserPackages = true;
+          useGlobalPkgs = true;
+        };

        imports = [
          home-manager.nixosModules.home-manager
@ -47,7 +56,7 @@
        ];
      };

-      kilgharrah.imports = [ ./hosts/kilgharrah ] ;
+      kilgharrah.imports = [ ./hosts/kilgharrah ];
      tohru.imports = [ ./hosts/tohru ];

      yevaud = { name, nodes, ... }: {
--- a/home/qenya/default.nix
+++ b/home/qenya/default.nix
@ -2,6 +2,7 @@
  imports = [
    ./dconf
    ./cli.nix
+    ./firefox.nix
    ./git.nix
    ./tmux.nix
    ./vscode.nix
--- a/home/qenya/firefox.nix
+++ b/home/qenya/firefox.nix
@ -0,0 +1,51 @@
+{ config, lib, pkgs, ... }:
+
+{
+  programs.firefox = {
+    # coming in 24.11
+    # languagePacks = [ "en-GB" ];
+
+    profiles.default = {
+      extensions = with pkgs.nur.repos.rycee.firefox-addons; [
+        bitwarden
+        ublock-origin
+      ];
+
+      settings = {
+        "browser.startup.page" = 3; # resume previous session
+        "browser.newtabpage.activity-stream.showSponsored" = false;
+        "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
+
+        # disable telemetry
+        "datareporting.healthreport.uploadEnabled" = false;
+        "app.shield.optoutstudies.enabled" = false;
+        "browser.crashReports.unsubmittedCheck.autoSubmit2" = false;
+
+        # disable prefetch?
+
+        # DNS over HTTPS
+        "network.trr.custom_uri" = "https://base.dns.mullvad.net/dns-query";
+        "network.trr.excluded-domains" = "detectportal.firefox.com";
+        "network.trr.mode" = 3;
+        "network.trr.uri" = "https://base.dns.mullvad.net/dns-query";
+
+        "browser.search.suggest.enabled" = false;
+        "browser.urlbar.suggest.searches" = false;
+
+        "dom.security.https_only_mode" = true;
+        "browser.contentblocking.category" = "strict"; # Enhanced Tracking Protection
+        # I think these are implied by the above
+        # "privacy.donottrackheader.enabled" = true;
+        # "privacy.trackingprotection.enabled" = true;
+        # "privacy.trackingprotection.emailtracking.enabled" = true;
+        # "privacy.trackingprotection.socialtracking.enabled" = true;
+
+        "privacy.sanitize.sanitizeOnShutdown" = true;
+        "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = false;
+
+        "dom.private-attribution.submission.enabled" = false; # disable "Privacy-Preserving Attribution for Advertising"
+        "extensions.autoDisableScopes" = 0; # automatically enable extensions installed through nix
+      };
+    };
+  };
+}
--- a/hosts/tohru/home.nix
+++ b/hosts/tohru/home.nix
@ -4,7 +4,7 @@
  dconf.enable = true;

  programs = {
-    firefox.enable = true; # TODO: config is not yet nix-ified
+    firefox.enable = true;
    vscode.enable = true;
  };
Author	SHA1	Message	Date
Katherina Walshe-Grey	4bb4780186	firefox: declaratively define important settings & extensions Closes #4	2024-09-06 02:38:28 +01:00
Katherina Walshe-Grey	48a5083a02	nixpkgs, home-manager: return nixpkgs config to flake.nix	2024-09-06 02:37:34 +01:00