diff --git a/flake.nix b/flake.nix index 1f8c058..104f6f1 100644 --- a/flake.nix +++ b/flake.nix @@ -11,11 +11,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - firefox-addons = { - url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - # Declarative partitioning and formatting disko = { url = "github:nix-community/disko"; diff --git a/home/common/optional/firefox.nix b/home/common/optional/firefox.nix index ac075a6..255d84e 100644 --- a/home/common/optional/firefox.nix +++ b/home/common/optional/firefox.nix @@ -1,95 +1,101 @@ -{ config, pkgs, ... }: - - let - lock-false = { - Value = false; - Status = "locked"; - }; - lock-true = { - Value = true; - Status = "locked"; - }; - in +{ pkgs, inputs, config, ... }: +let + user = config.home.username; +in { - programs = { - firefox = { - enable = true; - languagePacks = [ "gb" "en-GB" ]; + programs.firefox = { + enable = true; + policies = { + DisableTelemetry = true; + DisableFirefoxStudies = true; + EnableTrackingProtection = { + Value= true; + Locked = true; + Cryptomining = true; + Fingerprinting = true; + }; + DisablePocket = true; + DisableFirefoxAccounts = true; + DisableAccounts = true; + DisableFirefoxScreenshots = true; + OverrideFirstRunPage = ""; + OverridePostUpdatePage = ""; + DontCheckDefaultBrowser = true; + DisplayBookmarksToolbar = "never"; # alternatives: "always" or "newtab" + DisplayMenuBar = "default-off"; # alternatives: "always", "never" or "default-on" + SearchBar = "unified"; # alternative: "separate" + /* ---- EXTENSIONS ---- */ + # Check about:support for extension/add-on ID strings. + # Valid strings for installation_mode are "allowed", "blocked", + # "force_installed" and "normal_installed". + ExtensionSettings = { + "*".installation_mode = "blocked"; # blocks all addons except the ones specified below + # uBlock Origin: + "uBlock0@raymondhill.net" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"; + installation_mode = "force_installed"; + }; + # Privacy Badger: + "jid1-MnnxcxisBPnSXQ@jetpack" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/privacy-badger17/latest.xpi"; + installation_mode = "force_installed"; + }; + # Bitwarden + "{446900e4-71c2-419f-a6a7-df9c091e268b}" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi"; + installation_mode = "force_installed"; + }; + # Dark Reader + "addon@darkreader.org" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/darkreader/latest.xpi"; + installation_mode = "force_installed"; + }; + # Sponser Block + "sponsorBlocker@ajay.app" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/sponsorblock/latest.xpi"; + installation_mode = "force_installed"; + }; + # Return Youtube Dislike + "{762f9885-5a13-4abd-9c77-433dcd38b8fd}" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/return-youtube-dislikes/latest.xpi"; + installation_mode = "force_installed"; + }; + }; + }; + profiles.${user} = { + search.engines = { "Searxng" = { urls = [{ template = "http://10.0.10.35:8855"; }]; - }; - }; - /* ---- POLICIES ---- */ - # Check about:policies#documentation for options. - policies = { - DisableTelemetry = true; - DisableFirefoxStudies = true; - EnableTrackingProtection = { - Value= true; - Locked = true; - Cryptomining = true; - Fingerprinting = true; - }; - DisablePocket = true; - DisableFirefoxAccounts = true; - DisableAccounts = true; - DisableFirefoxScreenshots = true; - OverrideFirstRunPage = ""; - OverridePostUpdatePage = ""; - DontCheckDefaultBrowser = true; - DisplayBookmarksToolbar = "never"; # alternatives: "always" or "newtab" - DisplayMenuBar = "default-off"; # alternatives: "always", "never" or "default-on" - SearchBar = "unified"; # alternative: "separate" - /* ---- EXTENSIONS ---- */ - # Check about:support for extension/add-on ID strings. - # Valid strings for installation_mode are "allowed", "blocked", - # "force_installed" and "normal_installed". - ExtensionSettings = { - "*".installation_mode = "blocked"; # blocks all addons except the ones specified below - # uBlock Origin: - "uBlock0@raymondhill.net" = { - install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"; - installation_mode = "force_installed"; - }; - # Privacy Badger: - "jid1-MnnxcxisBPnSXQ@jetpack" = { - install_url = "https://addons.mozilla.org/firefox/downloads/latest/privacy-badger17/latest.xpi"; - installation_mode = "force_installed"; - }; - # 1Password: - "{d634138d-c276-4fc8-924b-40a0ea21d284}" = { - install_url = "https://addons.mozilla.org/firefox/downloads/latest/1password-x-password-manager/latest.xpi"; - installation_mode = "force_installed"; - }; - }; - - /* ---- PREFERENCES ---- */ - # Check about:config for options. - Preferences = { - "browser.contentblocking.category" = { Value = "strict"; Status = "locked"; }; - "extensions.pocket.enabled" = lock-false; - "extensions.screenshots.disabled" = lock-true; - "browser.topsites.contile.enabled" = lock-false; - "browser.formfill.enable" = lock-false; - "browser.search.suggest.enabled" = lock-false; - "browser.search.suggest.enabled.private" = lock-false; - "browser.urlbar.suggest.searches" = lock-false; - "browser.urlbar.showSearchSuggestionsFirst" = lock-false; - "browser.newtabpage.activity-stream.feeds.section.topstories" = lock-false; - "browser.newtabpage.activity-stream.feeds.snippets" = lock-false; - "browser.newtabpage.activity-stream.section.highlights.includePocket" = lock-false; - "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = lock-false; - "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = lock-false; - "browser.newtabpage.activity-stream.section.highlights.includeVisited" = lock-false; - "browser.newtabpage.activity-stream.showSponsored" = lock-false; - "browser.newtabpage.activity-stream.system.showSponsored" = lock-false; - "browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false; }; }; + search.force = true; + + bookmarks = [ + { + name = "wikipedia"; + tags = [ "wiki" ]; + keyword = "wiki"; + url = "https://en.wikipedia.org/wiki/Special:Search?search=%s&go=Go"; + } + { + name = "bitlab21"; + tags = [ "bitcoin" ]; + keyword = "bitcoin"; + url = "https://bitlab21.com"; + } + ]; + + settings = { + "dom.security.https_only_mode" = true; + "browser.download.panel.shown" = true; + "identity.fxaccounts.enabled" = false; + "signon.rememberSignons" = false; + }; + }; }; } diff --git a/hosts/common/core/sops.nix b/hosts/common/core/sops.nix index 91ccf22..97c9a3a 100644 --- a/hosts/common/core/sops.nix +++ b/hosts/common/core/sops.nix @@ -15,7 +15,7 @@ in validateSopsFiles = false; age = { - sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ]; }; secrets = { "passwords/root".neededForUsers = true; diff --git a/hosts/common/users/media/default.nix b/hosts/common/users/media/default.nix index 4a6e060..3924855 100644 --- a/hosts/common/users/media/default.nix +++ b/hosts/common/users/media/default.nix @@ -30,7 +30,8 @@ in ".config/dconf" ".config/cinnamon" ".config/nemo" - ".local" + ".mozilla" + ".local" ]; files = [ ];