feat(firefox): add about:config settings, betterfox and search engine definitions

2023-09-08 16:59:17 +02:00 · 2023-09-08 16:59:17 +02:00 · 2af6d9e2fb
commit 2af6d9e2fb
parent 922e64eb9c
1 changed files with 239 additions and 12 deletions
--- a/users/myuser/graphical/firefox.nix
+++ b/users/myuser/graphical/firefox.nix
@ -16,19 +16,246 @@
    NVD_BACKEND = "direct";
  };
  envStr = concatStringsSep " " (mapAttrsToList (n: v: "${n}=${escapeShellArg v}") env);
-in {
-  programs.firefox.enable = true;
-  programs.firefox.package = pkgs.firefox.overrideAttrs (old: {
-    buildCommand =
-      old.buildCommand
-      + ''
-        substituteInPlace $out/bin/firefox \
-          --replace "exec -a" ${escapeShellArg envStr}" exec -a"
-      '';
-  });

-  # TODO userChrome
-  # TODO settings if they can coexist with non declarative stuff
+  betterfox = pkgs.fetchFromGitHub {
+    owner = "yokoffing";
+    repo = "Betterfox";
+    rev = "116.1";
+    hash = "sha256-Ai8Szbrk/4FhGhS4r5gA2DqjALFRfQKo2a/TwWCIA6g=";
+  };
+in {
+  programs.firefox = {
+    enable = true;
+    package = pkgs.firefox.overrideAttrs (old: {
+      buildCommand =
+        old.buildCommand
+        + ''
+          substituteInPlace $out/bin/firefox \
+            --replace "exec -a" ${escapeShellArg envStr}" exec -a"
+        '';
+    });
+
+    profiles.default = {
+      id = 0;
+      isDefault = true;
+
+      # Hide tab bar because we have tree style tabs
+      userChrome = ''
+        #TabsToolbar {
+          visibility: collapse !important;
+        }
+
+        #titlebar-buttonbox {
+          height: 32px !important;
+        }
+      '';
+
+      extraConfig = builtins.concatStringsSep "\n" [
+        (builtins.readFile "${betterfox}/Securefox.js")
+        (builtins.readFile "${betterfox}/Fastfox.js")
+        (builtins.readFile "${betterfox}/Peskyfox.js")
+      ];
+
+      settings = {
+        # General
+        "intl.accept_languages" = "en-us,en";
+        "browser.startup.page" = 3; # Resume previous session on startup
+        "browser.aboutConfig.showWarning" = false; # I sometimes know what I'm doing
+        "browser.ctrlTab.recentlyUsedOrder" = false; # Who want's that?
+        "browser.download.useDownloadDir" = false; # Ask where to save stuff
+        "privacy.clearOnShutdown.history" = false; # We want to save history on exit
+        # Hi-DPI
+        "layout.css.devPixelsPerPx" = "1.5";
+        # Allow executing JS in the dev console
+        "devtools.chrome.enabled" = true;
+        # Disable browser crash reporting
+        "browser.tabs.crashReporting.sendReport" = false;
+        # Allow userCrome.css
+        "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
+
+        # Hardware acceleration
+        # See https://github.com/elFarto/nvidia-vaapi-driver?tab=readme-ov-file#firefox
+        "gfx.webrender.all" = true;
+        "media.ffmpeg.vaapi.enabled" = true;
+        "media.rdd-ffmpeg.enabled" = true;
+        "widget.dmabuf.force-enabled" = true;
+        "media.av1.enabled" = false; # XXX: change once I've upgraded my GPU
+        # XXX: what is this?
+        "media.ffvpx.enabled" = false;
+        "media.rdd-vpx.enabled" = false;
+
+        # Privacy
+        "privacy.donottrackheader.enabled" = true;
+        "privacy.trackingprotection.enabled" = true;
+        "privacy.trackingprotection.socialtracking.enabled" = true;
+        "privacy.userContext.enabled" = true;
+        "privacy.userContext.ui.enabled" = true;
+
+        "browser.send_pings" = false; # Don't respect <a ping=...>
+
+        # This allows firefox devs changing options for a small amount of users to test out stuff.
+        # Not with me please ...
+        "app.normandy.enabled" = false;
+        "app.shield.optoutstudies.enabled" = false;
+
+        "beacon.enabled" = false; # No bluetooth location BS in my webbrowser please
+        "device.sensors.enabled" = false; # This isn't a phone
+        "geo.enabled" = false; # Disable geolocation alltogether
+
+        # Enable certificate pinning via HPKP
+        "security.cert_pinning.hpkp.enabled" = true;
+
+        # Encrypted SNI (domain nanme) when using SSL
+        "network.security.esni.enabled" = true;
+
+        # Disable telemetry for privacy reasons
+        "toolkit.telemetry.archive.enabled" = false;
+        "toolkit.telemetry.enabled" = false;
+        "toolkit.telemetry.prompted" = 2;
+        "toolkit.telemetry.rejected" = true;
+        "toolkit.telemetry.server" = "";
+        "toolkit.telemetry.unified" = false;
+        "extensions.webcompat-reporter.enabled" = false; # don't report compability problems to mozilla
+        "datareporting.policy.dataSubmissionEnabled" = false;
+        "datareporting.healthreport.uploadEnabled" = false;
+        "browser.ping-centre.telemetry" = false;
+        "browser.urlbar.eventTelemetry.enabled" = false;
+
+        # Disable some useless stuff
+        "extensions.pocket.enabled" = false; # disable pocket, save links, send tabs
+        "extensions.abuseReport.enabled" = false; # don't show 'report abuse' in extensions
+        "extensions.fxmonitor.firstAlertShown" = false; # don't show advertisement for breach detection
+        "extensions.formautofill.creditCards.enabled" = false; # don't auto-fill credit card information
+        "identity.fxaccounts.enabled" = false; # disable firefox login
+        "identity.fxaccounts.toolbar.enabled" = false;
+        "identity.fxaccounts.pairing.enabled" = false;
+        "identity.fxaccounts.commands.enabled" = false;
+        "browser.contentblocking.report.lockwise.enabled" = false; # don't use firefox password manger
+        "browser.uitour.enabled" = false; # no tutorial please
+        "browser.newtabpage.activity-stream.showSponsored" = false;
+        "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
+
+        # disable EME encrypted media extension (Providers can get DRM
+        # through this if they include a decryption black-box program)
+        "browser.eme.ui.enabled" = false;
+        "media.eme.enabled" = false;
+
+        # don't predict network requests
+        "network.predictor.enabled" = false;
+        "browser.urlbar.speculativeConnect.enabled" = false;
+        "browser.urlbar.usepreloadedtopurls.enabled" = false;
+
+        # disable annoying web features
+        "dom.push.enabled" = false; # no notifications, really...
+        "dom.push.connection.enabled" = false;
+        "dom.battery.enabled" = false; # you don't need to see my battery...
+        "dom.event.clipboardevents.enabled" = false; # the clipboard is mine, no info leak, except when i want to paste
+        "dom.event.contextmenu.enabled" = false; # no disabling right-clicking..
+      };
+
+      search = {
+        force = true;
+        default = "DuckDuckGo";
+        order = ["DuckDuckGo" "Youtube" "Nix Packages" "GitHub" "HackerNews"];
+
+        engines = {
+          "Bing".metaData.hidden = true;
+          "Amazon.com".metaData.hidden = true;
+          "Google".metaData.hidden = true;
+
+          "YouTube" = {
+            iconUpdateURL = "https://youtube.com/favicon.ico";
+            updateInterval = 24 * 60 * 60 * 1000;
+            definedAliases = ["@yt"];
+            urls = [
+              {
+                template = "https://www.youtube.com/results";
+                params = [
+                  {
+                    name = "search_query";
+                    value = "{searchTerms}";
+                  }
+                ];
+              }
+            ];
+          };
+
+          "Nix Packages" = {
+            icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+            definedAliases = ["@np"];
+            urls = [
+              {
+                template = "https://search.nixos.org/packages";
+                params = [
+                  {
+                    name = "type";
+                    value = "packages";
+                  }
+                  {
+                    name = "query";
+                    value = "{searchTerms}";
+                  }
+                ];
+              }
+            ];
+          };
+
+          "GitHub" = {
+            iconUpdateURL = "https://github.com/favicon.ico";
+            updateInterval = 24 * 60 * 60 * 1000;
+            definedAliases = ["@gh"];
+
+            urls = [
+              {
+                template = "https://github.com/search";
+                params = [
+                  {
+                    name = "q";
+                    value = "{searchTerms}";
+                  }
+                ];
+              }
+            ];
+          };
+
+          "Home Manager" = {
+            icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+            definedAliases = ["@hm"];
+
+            url = [
+              {
+                template = "https://mipmip.github.io/home-manager-option-search/";
+                params = [
+                  {
+                    name = "query";
+                    value = "{searchTerms}";
+                  }
+                ];
+              }
+            ];
+          };
+
+          "HackerNews" = {
+            iconUpdateURL = "https://hn.algolia.com/favicon.ico";
+            updateInterval = 24 * 60 * 60 * 1000;
+            definedAliases = ["@hn"];
+
+            url = [
+              {
+                template = "https://hn.algolia.com/";
+                params = [
+                  {
+                    name = "query";
+                    value = "{searchTerms}";
+                  }
+                ];
+              }
+            ];
+          };
+        };
+      };
+    };
+  };

  home.persistence."/state".directories = [
    "Downloads"