darkkirb/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions
nixos-config/config/programs/firefox.nix

210 lines
8.9 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ pkgs, ... }: {
programs.firefox = {
enable = true;
extensions = with pkgs.nur.repos.rycee.firefox-addons; [
decentraleyes
onepassword-password-manager
privacy-badger
sponsorblock
stylus
tree-style-tab
ublock-origin
];
profiles = {
lotte = {
settings = {
# I have yet to find a website that has a genuine reason for me to allow notifs
"dom.webnotifications.enabled" = false;
# Prevent JavaScript from profiling (high-resolution) performance or timing
"dom.enable_performance" = false;
"dom.enable_resource_timing" = false;
"dom.enable_user_timing" = false;
# Disable geolocation
"geo.enabled" = false;
# Use mozillas geoinformation instead of googles
"geo.wifi.uri" = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
# Dont log geoinformation
"geo.wifi.logging.enabled" = false;
# Disable WebTelephony
"dom.telephony.enabled" = false;
# Disable beacons (used for analytics)
"beacon.enabled" = false;
# Disable sensors API
"device.sensors.enabled" = false;
# Disable a pings
"browser.send_pings" = false;
# Prevent USB device enumeration
"dom.gamepad.enabled" = false;
# Disable VR
"dom.vr.enabled" = false;
# Disable vibration api
"dom.vibrator.enabled" = false;
# Disable face detection
"camera.control.face_detection.enabled" = false;
# Set search engine region to US
"browser.search.countryCode" = "US";
"browser.search.region" = "US";
"browser.search.geoip.url" = "";
# Set Accept-Language to en-US
"intl.accept_languages" = "en-US, en";
# Dont use the host locale
"intl.locale.matchOS" = false;
# Dont use geo-specific search engines
"browser.search.geoSpecificDefaults" = false;
# Use US locale in javascript
"javascript.use_us_english_locale" = true;
# Dont submit invalid urls to the search engine
"keyword.enabled" = false;
# Dont guess domain names
"browser.fixup.alternate.enabled" = false;
# Send DNS queries through SOCKS
"network.proxy.socks_remote_dns" = true;
# Block mixed content
"security.mixed_content.block_active_content" = true;
"security.mixed_content.block_display_content" = true;
# Dont open unsafe types in jars
"network.jar.open-unsafe-types" = false;
# File URI origin policy
"security.fileuri.strict_origin_policy" = true;
# Filter javascript from history
"browser.urlbar.filter.javascript" = true;
# Disable video stats
"media.video_stats.enabled" = false;
# Dont reveal buildID
"general.buildID.override" = "20100101";
"browser.startup.homepage_override.buildID" = "20100101";
# Dont use document-enumerated fonts
"browser.display.use_document_fonts" = false;
# Disable extension recommendations
"browser.newtabpage.activity-stream.asrouter.userprefs.cfr" = false;
# Disable WebIDE
"devtools.webide.enabled" = false;
"devtools.webide.autoinstallADBHelper" = false;
"devtools.webide.autoinstallFxdtAdapters" = false;
# Disable remote debugging
"devtools.debugger.remote-enabled" = false;
"devtools.debugger.force-local" = true;
# Disable telemetry and experiments
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.unified" = false;
"toolkit.telemetry.archive.enabled" = false;
"experiments.supported" = false;
"experiments.enabled" = false;
"experiments.manifest.uri" = "";
# Disable Necko A/B testing
"network.allow-experiments" = false;
# Disable crash reports
"breakpad.reportURL" = "";
"browser.tabs.crashReporting.sendReport" = false;
"browser.crashReports.unsubmittedCheck.enabled" = false;
# Disable IOT discovery
"dom.flyweb.enabled" = false;
# Enable Tracking protection
"privacy.trackingprotection.enabled" = true;
"privacy.trackingprotection.pbmode.enabled" = true;
# Enable contextual identity containers
"privacy.userContext.enabled" = true;
# Resist fingerprinting
"privacy.resistFingerprinting" = true;
# Disable mozAddonManager api
"privacy.resistFingerprinting.block_mozAddonManager" = true;
"extensions.webextensions.restrictedDomains" = "";
# Disable health report
"datareporting.healthreport.uploadEnabled" = false;
"datareporting.healthreport.service.enabled" = false;
"datareporting.policy.dataSubmissionEnabled" = false;
# Disable personalized extension recommendations
"browser.discovery.enabled" = false;
# Disable telemetry
"app.normandy.enabled" = false;
"app.normandy.api_url" = "";
"extensions.shield-recipe-client.enabled" = false;
"app.shield.optoutstudies.enabled" = false;
# Enable safe browsing
"browser.safebrowsing.phishing.enabled" = true;
"browser.safebrowsing.malware.enabled" = true;
# Disable the use of googles application reputation database
"browser.safebrowsing.downloads.remote.enabled" = false;
# Disable pocket
"browser.pocket.enabled" = false;
"extensions.pocket.enabled" = false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
# Disable automatic connections
"network.prefetch-next" = false;
"network.dns.disablePrefetch" = true;
"network.dns.disablePrefetchFromHTTPS" = true;
"network.predictor.enabled" = false;
"network.dns.blockDotOnion" = true;
"browser.search.suggest.enabled" = false;
"browser.urlbar.groupLabels.enabled" = false;
"browser.casting.enabled" = false;
"media.gmp-gmpopenh264.enabled" = false;
"media.gmp-manager.url" = "";
"network.http.speculative-parallel-limit" = 0;
"browser.aboutHomeSnippets.updateUrl" = "";
"browser.search.update" = false;
"network.captive-portal-service.enabled" = false;
# Disable NTLMv1
"network.negotiate-auth.allow-insecure-ntlm-v1" = false;
# Enable CSP 1.1 script-nonce
"security.csp.experimentalEnabled" = true;
# Enable CSP
"security.csp.enable" = true;
# Enable SRI
"security.sri.enable" = true;
# Spoof referrer header
"network.http.referer.spoofSource" = true;
# Disable cross-origin referrer headers
"network.http.referer.XOriginPolicy" = 2;
# block 3rd party cookies
"network.cookie.cookieBehavior" = 1;
# 1st party isolation
"privacy.firstparty.isolate" = true;
# Enable HTTPS only mode
"dom.security.https_only_mode" = true;
# Preload HSTS
"network.stricttransportsecurity.preloadlist" = true;
# enable OCSP
"security.OCSP.enabled" = 1;
"security.ssl.enable_ocsp_stapling" = true;
"security.ssl.enable_ocsp_must_staple" = true;
"security.OCSP.require" = true;
# Disable session tickets
"security.ssl.disable_session_identifiers" = true;
# Require the server to be updated
"security.tls.version.min" = 3;
"security.tls.version.max" = 4;
# Disable insecure fallback
"security.tls.version.fallback-limit" = 4;
# Enforce public key pinning
"security.cert_pinning.enforcement_level" = 2;
# Disallow sha-1
"security.pki.sha1_enforcement_level" = 1;
# unsafe negotiation = broken
"security.ssl.treat_unsafe_negotiation_as_broken" = true;
# Disable error reporting
"security.ssl.errorReporting.automatic" = false;
"browser.ssl_override_behavior" = 1;
# use ESNI
"network.security.esni.enabled" = true;
# Enable Userchrome
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
};
userChrome = ''
/* Hide tab bar in FF Quantum */
@-moz-document url("chrome://browser/content/browser.xul") {
#TabsToolbar {
visibility: collapse !important;
margin-bottom: 21px !important;
}
#sidebar-box[sidebarcommand="treestyletab_piro_sakura_ne_jp-sidebar-action"] #sidebar-header {
visibility: collapse !important;
}
}
'';
};
};
};
}
Reference in a new issue View git blame Copy permalink