first commit

2025-09-15 22:39:41 +02:00
commit 1c60d751da
10 changed files with 803 additions and 0 deletions
--- a/modules/firefox.nix
+++ b/modules/firefox.nix
@@ -0,0 +1,81 @@
+{ pkgs, lib, ... }:
+let
+  managed-firefox = (
+    pkgs.firefox.override {
+      extraPolicies = {
+        AutofillCreditCardEnabled = false;
+        DisableFirefoxAccounts = true;
+        DisableFirefoxScreenshots = true;
+        DisableFirefoxStudies = true;
+        DisablePocket = true;
+        DisableTelemetry = true;
+        DontCheckDefaultBrowser = true;
+        EnableTrackingProtection = {
+          Value = true;
+          Locked = true;
+          Cryptomining = true;
+          Fingerprinting = true;
+          EmailTracking = true;
+        };
+        ExtensionSettings = {
+          "*".installation_mode = "blocked"; # blocks all addons except the ones specified below
+          # 1Password:
+          "{d634138d-c276-4fc8-924b-40a0ea21d284}" = {
+            install_url = "https://addons.mozilla.org/firefox/downloads/latest/1password-x-password-manager/latest.xpi";
+            installation_mode = "force_installed";
+          };
+          # Facebook container
+          "@contain-facebook" = {
+            install_url = "https://addons.mozilla.org/firefox/downloads/latest/facebook-container/latest.xpi";
+            installation_mode = "force_installed";
+          };
+          # Kagi search
+          "search@kagi.com" = {
+            install_url = "https://addons.mozilla.org/firefox/downloads/latest/kagi-search-for-firefox/latest.xpi";
+            installation_mode = "force_installed";
+          };
+          # ublock origin
+          "uBlock0@raymondhill.net" = {
+            install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
+            installation_mode = "force_installed";
+          };
+	  # bitwarden
+	  "" = {
+	    install_url = "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi";
+	    installation_mode = "force_installed";
+	  };
+        };
+
+        FirefoxSuggest = {
+          WebSuggestions = false;
+          SponsoredSuggestions = false;
+          ImproveSuggest = false;
+          Locked = true;
+        };
+        PasswordManagerEnabled = false;
+        PictureInPicture = {
+          Enabled = true;
+          Locked = true;
+        };
+      };
+    }
+  );
+in
+{
+  environment.systemPackages = [ managed-firefox ];
+
+  services.opensnitch.rules = {
+    rule-000-firefox = {
+      name = "Allow Firefox";
+      enabled = true;
+      action = "allow";
+      duration = "always";
+      operator = {
+        type = "simple";
+        sensitive = false;
+        operand = "process.path";
+        data = "${lib.getBin managed-firefox}/lib/firefox/firefox";
+      };
+    };
+  };
+}