diff options
| author | Natasha Moongrave <natasha@256phi.eu> | 2026-06-20 22:52:39 +0200 |
|---|---|---|
| committer | Natasha Moongrave <natasha@256phi.eu> | 2026-06-20 22:52:39 +0200 |
| commit | 12e698ef536aff14173dc9b57bf5db4a5a1c53ec (patch) | |
| tree | f4737074134ec163bcd7df230a49d417e88972b4 | |
| parent | bc1303d11279b761d9d8db3068913bd67637feac (diff) | |
Added a browser configuration part (libre-wolf)
| -rw-r--r-- | modules/features/browser.nix | 164 |
1 files changed, 164 insertions, 0 deletions
diff --git a/modules/features/browser.nix b/modules/features/browser.nix new file mode 100644 index 0000000..3146436 --- /dev/null +++ b/modules/features/browser.nix @@ -0,0 +1,164 @@ +{ + self', + inputs, + ... +}: let + extensions = { + core = [ + "ublock-origin" + "privacybadger" + "cleanurls" + "sidebery" + ]; + security = [ + "bitwarden-password-manager" + ]; + qol = [ + "dark-reader" + "stylus" + ]; + youtube = [ + "sponsorblock" + "return-youtube-dislikes" + ]; + }; + + mkExt = names: + map ( + name: "https://addons.mozilla.org/firefox/downloads/latest/${name}/latest.xpi" + ) + names; +in { + # ----------------------------- + # NIXOS MODULE + # ----------------------------- + flake.nixosModules.browser = {pkgs, ...}: { + programs.librewolf = { + enable = true; + package = self'.packages.librewolf-sandboxed; + + languagePacks = ["en-GB" "cs" "sk" "de"]; + + policies = { + DisableTelemetry = true; + DisableFirefoxStudies = true; + DisablePocket = true; + DisableFeedbackCommands = true; + + DefaultDownloadDirectory = "\${home}/Downloads"; + + # ----------------------------- + # EXTENSIONS + # ----------------------------- + Extensions.Install = mkExt (extensions.core ++ extensions.security ++ extensions.youtube); + + Extensions.Uninstall = [ + "google@search.mozilla.org" + "bing@search.mozilla.org" + "ddg@search.mozilla.org" + ]; + }; + + profiles = { + # ------------------------- + # 1. DAILY PROFILE (mun) + # ------------------------- + mun = { + isDefault = true; + + search = { + force = true; + default = "duckduckbleh"; + + engines = { + "duckduckbleh" = { + urls = [ + { + template = "https://noai.duckduckgo.com/"; + params = [ + { + name = "q"; + value = "{searchTerms}"; + } + ]; + } + ]; + definedAliases = ["duck" "d"]; + }; + }; + }; + + settings = { + "signon.rememberSignons" = false; + "browser.startup.homepage" = "about:blank"; + }; + }; + + # ------------------------- + # 2. WORK PROFILE + # ------------------------- + work = { + isDefault = false; + + settings = { + # more permissive (auth sites break otherwise) + "signon.rememberSignons" = true; + "network.cookie.lifetimePolicy" = 0; + }; + }; + + # ------------------------- + # 3. SCHOOL PROFILE + # ------------------------- + school = { + isDefault = false; + + settings = { + "signon.rememberSignons" = true; + "privacy.clearOnShutdown.cookies" = false; + }; + }; + + # ------------------------- + # 4. OPSEC PROFILE (STRICT) + # ------------------------- + opsec = { + isDefault = false; + + settings = { + "signon.rememberSignons" = false; + "network.cookie.lifetimePolicy" = 2; + + "privacy.clearOnShutdown.cookies" = true; + "privacy.clearOnShutdown.history" = true; + }; + }; + }; + + # GLOBAL BASELINE (applies to all profiles) + settings = { + "privacy.trackingprotection.enabled" = true; + "network.dns.disablePrefetch" = true; + "browser.send_pings" = false; + "dom.security.https_only_mode" = true; + "privacy.resistFingerprinting" = true; + }; + }; + + perSystem = {pkgs, ...}: { + packages.librewolf-sandboxed = pkgs.writeShellScriptBin "librewolf" '' + exec ${pkgs.bubblewrap}/bin/bwrap \ + --unshare-all \ + --die-with-parent \ + --proc /proc \ + --dev /dev \ + --tmpfs /tmp \ + --ro-bind /nix/store /nix/store \ + --dir $HOME \ + --setenv HOME $HOME \ + --setenv MOZ_ENABLE_WAYLAND 1 \ + ${pkgs.librewolf}/bin/librewolf "$@" + ''; + }; + }; +} |