{ self', inputs, ... }: let extensions = { core = [ "ublock-origin" "privacybadger" "cleanurls" "sidebery" ]; security = [ "bitwarden-password-manager" ]; qol = [ "dark-reader" "stylus" ]; youtube = [ "sponsorblock" "return-youtube-dislikes" ]; }; mkExt = names: map ( name: "https://addons.mozilla.org/firefox/downloads/latest/${name}/latest.xpi" ) names; in { # ----------------------------- # NIXOS MODULE # ----------------------------- flake.nixosModules.browser = {pkgs, ...}: { programs.librewolf = { enable = true; package = self'.packages.librewolf-sandboxed; languagePacks = ["en-GB" "cs" "sk" "de"]; policies = { DisableTelemetry = true; DisableFirefoxStudies = true; DisablePocket = true; DisableFeedbackCommands = true; DefaultDownloadDirectory = "\${home}/Downloads"; # ----------------------------- # EXTENSIONS # ----------------------------- Extensions.Install = mkExt (extensions.core ++ extensions.security ++ extensions.youtube); Extensions.Uninstall = [ "google@search.mozilla.org" "bing@search.mozilla.org" "ddg@search.mozilla.org" ]; }; profiles = { # ------------------------- # 1. DAILY PROFILE (mun) # ------------------------- mun = { isDefault = true; search = { force = true; default = "duckduckbleh"; engines = { "duckduckbleh" = { urls = [ { template = "https://noai.duckduckgo.com/"; params = [ { name = "q"; value = "{searchTerms}"; } ]; } ]; definedAliases = ["duck" "d"]; }; }; }; settings = { "signon.rememberSignons" = false; "browser.startup.homepage" = "about:blank"; }; }; # ------------------------- # 2. WORK PROFILE # ------------------------- work = { isDefault = false; settings = { # more permissive (auth sites break otherwise) "signon.rememberSignons" = true; "network.cookie.lifetimePolicy" = 0; }; }; # ------------------------- # 3. SCHOOL PROFILE # ------------------------- school = { isDefault = false; settings = { "signon.rememberSignons" = true; "privacy.clearOnShutdown.cookies" = false; }; }; # ------------------------- # 4. OPSEC PROFILE (STRICT) # ------------------------- opsec = { isDefault = false; settings = { "signon.rememberSignons" = false; "network.cookie.lifetimePolicy" = 2; "privacy.clearOnShutdown.cookies" = true; "privacy.clearOnShutdown.history" = true; }; }; }; # GLOBAL BASELINE (applies to all profiles) settings = { "privacy.trackingprotection.enabled" = true; "network.dns.disablePrefetch" = true; "browser.send_pings" = false; "dom.security.https_only_mode" = true; "privacy.resistFingerprinting" = true; }; }; perSystem = {pkgs, ...}: { packages.librewolf-sandboxed = pkgs.writeShellScriptBin "librewolf" '' exec ${pkgs.bubblewrap}/bin/bwrap \ --unshare-all \ --die-with-parent \ --proc /proc \ --dev /dev \ --tmpfs /tmp \ --ro-bind /nix/store /nix/store \ --dir $HOME \ --setenv HOME $HOME \ --setenv MOZ_ENABLE_WAYLAND 1 \ ${pkgs.librewolf}/bin/librewolf "$@" ''; }; }; }