diff options
| -rw-r--r-- | flake.lock | 39 | ||||
| -rw-r--r-- | flake.nix | 4 | ||||
| -rw-r--r-- | hosts/navi/default.nix | 9 | ||||
| -rw-r--r-- | mixins/dev.nix | 14 | ||||
| -rw-r--r-- | mixins/firefox/default.nix | 179 | ||||
| -rw-r--r-- | mixins/firefox/userChrome.css | 26 | ||||
| -rw-r--r-- | mixins/multimedia.nix | 4 | ||||
| -rw-r--r-- | mixins/pipewire.nix | 18 | ||||
| -rw-r--r-- | profiles/security.nix | 4 |
9 files changed, 271 insertions, 26 deletions
diff --git a/flake.lock b/flake.lock index 225714d..c564839 100644 --- a/flake.lock +++ b/flake.lock @@ -62,6 +62,44 @@ "type": "github" } }, + "firefox-addons": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "dir": "pkgs/firefox-addons", + "lastModified": 1690887506, + "narHash": "sha256-yrv5EeBgYceL4WkdMH6nx9JvokAvaarJxrygchIYIcw=", + "owner": "rycee", + "repo": "nur-expressions", + "rev": "77e7adbf84f50eda000d67e548bfb876a54bfdf5", + "type": "gitlab" + }, + "original": { + "dir": "pkgs/firefox-addons", + "owner": "rycee", + "repo": "nur-expressions", + "type": "gitlab" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1629284811, + "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "hardware": { "locked": { "lastModified": 1690704397, @@ -209,6 +247,7 @@ "inputs": { "agenix": "agenix", "disko": "disko", + "firefox-addons": "firefox-addons", "hardware": "hardware", "home-manager": "home-manager_2", "impermanence": "impermanence", diff --git a/flake.nix b/flake.nix index ac60c1a..8bb2930 100644 --- a/flake.nix +++ b/flake.nix @@ -26,6 +26,10 @@ url = "github:Mic92/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; }; + firefox-addons = { + url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = inputs @ {self, ...}: { diff --git a/hosts/navi/default.nix b/hosts/navi/default.nix index c1496e0..0620512 100644 --- a/hosts/navi/default.nix +++ b/hosts/navi/default.nix @@ -15,6 +15,7 @@ ../../mixins/pipewire.nix ../../mixins/multimedia.nix ../../mixins/syncthing.nix + ../../mixins/firefox ]; config = { @@ -90,10 +91,10 @@ home-manager.users.tzlil = { home.packages = [pkgs.schildichat-desktop-wayland pkgs.keepassxc pkgs.gtkcord4]; - programs.qutebrowser = { - enable = true; - settings.colors.webpage.darkmode.enabled = true; - }; + # programs.qutebrowser = { + # enable = true; + # settings.colors.webpage.darkmode.enabled = true; + # }; }; programs.steam.enable = true; diff --git a/mixins/dev.nix b/mixins/dev.nix index e25034e..ff2a078 100644 --- a/mixins/dev.nix +++ b/mixins/dev.nix @@ -4,14 +4,12 @@ config, ... }: { - config = { - home-manager.users.tzlil = {pkgs, ...} @ hm: { - home = { - packages = with pkgs; [ - ]; - }; - programs = { - }; + home-manager.users.tzlil = { + home = { + packages = with pkgs; [ + ]; + }; + programs = { }; }; } diff --git a/mixins/firefox/default.nix b/mixins/firefox/default.nix new file mode 100644 index 0000000..42bc634 --- /dev/null +++ b/mixins/firefox/default.nix @@ -0,0 +1,179 @@ +let + profile = "default"; +in + { + config, + inputs, + pkgs, + ... + }: { + home-manager.users.tzlil = { + home.file.".mozilla/firefox/default/browser-extension-data/redirector@einaregilsson.com/storage.js".text = builtins.toJSON { + redirects = + map ({ + includePattern, + redirectUrl, + description, + }: { + appliesTo = ["main_frame"]; + inherit description; + disabled = false; + error = null; + exampleResult = ""; + exampleUrl = ""; + excludePattern = ""; + grouped = false; + inherit includePattern; + patternDesc = ""; + patternType = "W"; + processMatches = "noProcessing"; + inherit redirectUrl; + }) [ + { + includePattern = "https://*youtube.com/watch?*v=*"; + redirectUrl = "https://yewtu.be/watch?$2v=$3}"; + description = "invidious"; + } + { + includePattern = "https://*youtube.com/results?*search_query=*"; + redirectUrl = "https://yewtu.be/search?$2q=$3"; + description = "invidious search"; + } + ]; + enableNotifications = false; + }; + programs.firefox = { + enable = true; + package = pkgs.wrapFirefox pkgs.firefox-unwrapped { + extraPolicies = { + OverrideFirstRunPage = ""; + Extensions = { + Install = map (x: x.src.outPath) config.home-manager.users.tzlil.programs.firefox.profiles."default".extensions; + Uninstall = [ + "google@search.mozilla.org" + "amazondotcom@search.mozilla.org" + "wikipedia@search.mozilla.org" + "bing@search.mozilla.org" + ]; + }; + SearchEngines.Remove = [ + "Amazon" + "Bing" + "Google" + "Twitter" + "Wikipedia" + "Yahoo" + ]; + }; + }; + profiles."${profile}" = { + search = { + default = "DuckDuckGo"; + force = true; + }; + userChrome = builtins.readFile ./userChrome.css; + extensions = with inputs.firefox-addons.packages.${pkgs.system}; [ + # privacy crap + ublock-origin + clearurls + darkreader + privacy-possum + smart-referer + # localcdn + canvasblocker + history-cleaner + + # usability crap + vimium + # tree-style-tab + sidebery + redirector + demodal + kristofferhagen-nord-theme + # new-tab-override + + # misc + snowflake + # (flagfox.overrideAttrs {meta.license.free = true;}) + ]; + settings = { + # for custom browser style + "toolkit.legacyUserProfileCustomizations.stylesheets" = true; + + "browser.newtabpage.pinned" = [ + {url = "https://tzlil.net";} + ]; + "browser.startup.homepage" = "https://lobste.rs"; + + "extensions.activeThemeID" = "{e410fec2-1cbd-4098-9944-e21e708418af}"; + + "browser.toolbars.bookmarks.visibility" = "always"; + "browser.uidensity" = 1; + "browser.aboutConfig.showWarning" = false; + "browser.shell.checkDefaultBrowser" = false; + + "browser.search.hiddenOneOffs" = "Google,Bing,Amazon.com,eBay,Twitter,Wikipedia (en)"; + + "browser.download.dir" = config.home-manager.users.tzlil.xdg.userDirs.download; + # privacy crap + "app.normandy.enabled" = false; + "app.shield.optoutstudies.enabled" = false; + "app.update.auto" = false; + "beacon.enabled" = false; + "breakpad.reportURL" = ""; + "browser.tabs.inTitlebar" = 0; + "browser.compactmode.show" = true; + "browser.contentblocking.category" = "strict"; + "browser.crashReports.unsubmittedCheck.enabled" = false; + "browser.discovery.enabled" = false; + "browser.newtab.preload" = false; + "browser.newtabpage.activity-stream.enabled" = false; + "browser.newtabpage.activity-stream.feeds.section.topstories" = false; + "browser.newtabpage.activity-stream.telemetry" = false; + "browser.ping-centre.telemetry" = false; + "browser.pocket.enabled" = false; + "browser.safebrowsing.malware.enabled" = true; + "browser.safebrowsing.phishing.enabled" = true; + "browser.send_pings" = false; + "browser.tabs.crashReporting.sendReport" = false; + "signon.autofillForms" = false; + "media.autoplay.default" = 2; + "device.sensors.enabled" = false; + "datareporting.healthreport.service.enabled" = false; + "datareporting.healthreport.uploadEnabled" = false; + "datareporting.policy.dataSubmissionEnabled" = false; + "dom.security.https_only_mode" = true; + "dom.battery.enabled" = false; + "experiments.enabled" = false; + "experiments.supported" = false; + "extensions.pocket.enabled" = false; + "extensions.shield-recipe-client.enabled" = false; + "network.dns.blockDotOnion" = true; + "network.stricttransportsecurity.preloadlist" = true; + "privacy.donottrackheader.enabled" = true; + "privacy.firstparty.isolate" = true; + "privacy.trackingprotection.cryptomining.enabled" = true; + "privacy.trackingprotection.enabled" = true; + "privacy.trackingprotection.fingerprinting.enabled" = true; + "privacy.trackingprotection.pbmode.enabled" = true; + "privacy.trackingprotection.socialtracking.enabled" = true; + "security.insecure_password.ui.enabled" = true; + "security.ssl.errorReporting.automatic" = false; + "services.sync.engine.addons" = false; + "services.sync.addons.ignoreUserEnabledChanges" = true; + "toolkit.telemetry.archive.enabled" = false; + "toolkit.telemetry.bhrPing.enabled" = false; + "toolkit.telemetry.enabled" = false; + "toolkit.telemetry.firstShutdownPing.enabled" = false; + "toolkit.telemetry.hybridContent.enabled" = false; + "toolkit.telemetry.newProfilePing.enabled" = false; + "toolkit.telemetry.reportingpolicy.firstRun" = false; + "toolkit.telemetry.server" = ""; + "toolkit.telemetry.shutdownPingSender.enabled" = false; + "toolkit.telemetry.unified" = false; + "toolkit.telemetry.updatePing.enabled" = false; + }; + }; + }; + }; + } diff --git a/mixins/firefox/userChrome.css b/mixins/firefox/userChrome.css new file mode 100644 index 0000000..c7ad88b --- /dev/null +++ b/mixins/firefox/userChrome.css @@ -0,0 +1,26 @@ +/* hide top tabs */ +#TabsToolbar { + visibility: collapse !important; + margin-bottom: 21px !important; +} +#sidebar-box[sidebarcommand="treestyletab_piro_sakura_ne_jp-sidebar-action"] #sidebar-header { + visibility: collapse !important; +} + +/* + * Bookmarks toolbar is visible only on new tab page, just like Chrome. + */ + +#main-window #PersonalToolbar { + visibility: collapse !important; +} + +#main-window[title^="about:newtab"] #PersonalToolbar, +#main-window[title^="New Tab"] #PersonalToolbar, +#main-window[title^="Nightly"] #PersonalToolbar, +#main-window[title^="Mozilla Firefox"] #PersonalToolbar, +#main-window[title^="Firefox"] #PersonalToolbar, +#main-window[title^="新标签页"] #PersonalToolbar, +#main-window[title^="Customize Firefox"] #PersonalToolbar { + visibility: visible !important; +} \ No newline at end of file diff --git a/mixins/multimedia.nix b/mixins/multimedia.nix index 93ce13a..b1ad501 100644 --- a/mixins/multimedia.nix +++ b/mixins/multimedia.nix @@ -27,8 +27,8 @@ }; userDirs = { createDirectories = true; - desktop = "${config.home.homeDirectory}/desktop"; - download = "${config.home.homeDirectory}/downloads"; + desktop = "${config.home-manager.users.tzlil.home.homeDirectory}/desktop"; + download = "${config.home-manager.users.tzlil.home.homeDirectory}/downloads"; }; #portal = { # enable = true; diff --git a/mixins/pipewire.nix b/mixins/pipewire.nix index 4208f08..12930f1 100644 --- a/mixins/pipewire.nix +++ b/mixins/pipewire.nix @@ -3,15 +3,13 @@ config, ... }: { - config = { - sound.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - }; + sound.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; }; } diff --git a/profiles/security.nix b/profiles/security.nix index 40d5bf4..f6fc5b3 100644 --- a/profiles/security.nix +++ b/profiles/security.nix @@ -11,8 +11,8 @@ ]; # https://source.android.com/docs/security/test/scudo - environment.memoryAllocator.provider = "scudo"; - environment.variables.SCUDO_OPTIONS = "ZeroContents=1"; + # environment.memoryAllocator.provider = "scudo"; + # environment.variables.SCUDO_OPTIONS = "ZeroContents=1"; security.lockKernelModules = true; security.protectKernelImage = true; |