grimm-nixos-laptop/common/firefox.nix

{ inputs, pkgs, config, lib, ... }:
let
  cfg = config.grimmShared;
in
{
  config = with cfg; lib.mkIf (enable && firefox.enable) {
    environment.systemPackages = [ ]
      ++ lib.optionals config.services.desktopManager.plasma6.enable [ pkgs.plasma-browser-integration ];

    programs.firefox = {
      package = pkgs.firefox-beta;
      enable = true;
      nativeMessagingHosts.packages = [ ]
        ++ lib.optionals (cfg.tooling.enable && cfg.tooling.pass) [ pkgs.passff-host ];
      languagePacks = lib.optionals cfg.locale [ "de" "en-US" ];
      policies = {
        ExtensionSettings = lib.mkMerge [
          (lib.mkIf cfg.firefox.disableUserPlugins {
            "*".installation_mode = "blocked";
          })
          (lib.mapAttrs
            (guid: shortId: {
              # explicit plugins by config 
              install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi";
              installation_mode = "force_installed";
            })
            cfg.firefox.plugins)
          (lib.mkIf (cfg.tooling.enable && cfg.tooling.pass) {
            # password-store support
            "passff@invicem.pro" = {
              install_url = "https://addons.mozilla.org/firefox/downloads/latest/passff/latest.xpi";
              installation_mode = "force_installed";
            };
          })
        ];
        DisableTelemetry = true;
        DisableFirefoxStudies = true;
        EnableTrackingProtection = {
          Value = true;
          Locked = true;
          Cryptomining = true;
          Fingerprinting = true;
        };
        DisablePocket = true;
        DisableFirefoxAccounts = true;
        DisableAccounts = true;
        DisableFirefoxScreenshots = true;
        OverrideFirstRunPage = "";
        OverridePostUpdatePage = "";
        DontCheckDefaultBrowser = true;
        Preferences = lib.mkMerge ([{
          "pdfjs.enableScripting" = false;
          "media.hardware-video-decoding.enabled" = true;
        }]
        ++ lib.optional cfg.sway.enable { "browser.tabs.inTitlebar" = 0; }
        );
      };
    };
  };

  options.grimmShared.firefox = with lib; {
    enable = mkEnableOption "grimm-firefox";

    plugins = mkOption {
      type = types.attrsOf types.str;
      default = { };
      description = "set of plugins to install. Format: guid = short-id";
    };

    disableUserPlugins = mkOption {
      type = types.bool;
      default = false;
      description = "disables user controlled plugins";
    };
  };
}
nixpkgs-fmt 2024-04-10 16:51:28 +02:00			`{ inputs, pkgs, config, lib, ... }:`
			`let`
readd common components 2024-03-24 16:59:47 +01:00			`cfg = config.grimmShared;`
nixpkgs-fmt 2024-04-10 16:51:28 +02:00			`in`
			`{`
readd common components 2024-03-24 16:59:47 +01:00			`config = with cfg; lib.mkIf (enable && firefox.enable) {`
nixpkgs-fmt 2024-04-10 16:51:28 +02:00			`environment.systemPackages = [ ]`
readd common components 2024-03-24 16:59:47 +01:00			`++ lib.optionals config.services.desktopManager.plasma6.enable [ pkgs.plasma-browser-integration ];`

			`programs.firefox = {`
update firefox to beta 125 to fix gtk off-by-one 2024-03-29 10:54:44 +01:00			`package = pkgs.firefox-beta;`
readd common components 2024-03-24 16:59:47 +01:00			`enable = true;`
nixpkgs-fmt 2024-04-10 16:51:28 +02:00			`nativeMessagingHosts.packages = [ ]`
readd common components 2024-03-24 16:59:47 +01:00			`++ lib.optionals (cfg.tooling.enable && cfg.tooling.pass) [ pkgs.passff-host ];`
transition to using mainProgram defined in meta 2024-04-11 23:12:08 +02:00			`languagePacks = lib.optionals cfg.locale [ "de" "en-US" ];`
readd common components 2024-03-24 16:59:47 +01:00			`policies = {`
			`ExtensionSettings = lib.mkMerge [`
			`(lib.mkIf cfg.firefox.disableUserPlugins {`
			`"*".installation_mode = "blocked";`
nixpkgs-fmt 2024-04-10 16:51:28 +02:00			`})`
			`(lib.mapAttrs`
			`(guid: shortId: {`
			`# explicit plugins by config`
			`install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi";`
			`installation_mode = "force_installed";`
			`})`
			`cfg.firefox.plugins)`
			`(lib.mkIf (cfg.tooling.enable && cfg.tooling.pass) {`
			`# password-store support`
readd common components 2024-03-24 16:59:47 +01:00			`"passff@invicem.pro" = {`
			`install_url = "https://addons.mozilla.org/firefox/downloads/latest/passff/latest.xpi";`
			`installation_mode = "force_installed";`
			`};`
			`})`
			`];`
			`DisableTelemetry = true;`
			`DisableFirefoxStudies = true;`
			`EnableTrackingProtection = {`
			`Value = true;`
			`Locked = true;`
			`Cryptomining = true;`
			`Fingerprinting = true;`
			`};`
			`DisablePocket = true;`
			`DisableFirefoxAccounts = true;`
			`DisableAccounts = true;`
			`DisableFirefoxScreenshots = true;`
			`OverrideFirstRunPage = "";`
			`OverridePostUpdatePage = "";`
			`DontCheckDefaultBrowser = true;`
sudo -> doas 2024-04-13 19:16:33 +02:00			`Preferences = lib.mkMerge ([{`
			`"pdfjs.enableScripting" = false;`
power weaking 2024-04-20 19:50:23 +02:00			`"media.hardware-video-decoding.enabled" = true;`
sudo -> doas 2024-04-13 19:16:33 +02:00			`}]`
			`++ lib.optional cfg.sway.enable { "browser.tabs.inTitlebar" = 0; }`
			`);`
readd common components 2024-03-24 16:59:47 +01:00			`};`
			`};`
			`};`
refactor: move option definitions to modules 2024-04-16 12:09:17 +02:00
			`options.grimmShared.firefox = with lib; {`
			`enable = mkEnableOption "grimm-firefox";`

			`plugins = mkOption {`
			`type = types.attrsOf types.str;`
			`default = { };`
			`description = "set of plugins to install. Format: guid = short-id";`
			`};`

			`disableUserPlugins = mkOption {`
			`type = types.bool;`
			`default = false;`
			`description = "disables user controlled plugins";`
			`};`
			`};`
readd common components 2024-03-24 16:59:47 +01:00			`}`