more paranoia

2025-02-22 18:09:06 +01:00 · 2025-02-22 18:09:06 +01:00 · 8dde2866ec
commit 8dde2866ec
parent c6e2036dea
3 changed files with 58 additions and 10 deletions
--- a/common/firefox.nix
+++ b/common/firefox.nix
@ -25,7 +25,23 @@ in
      ++ optionals config.services.desktopManager.plasma6.enable [ pkgs.plasma-browser-integration ];

    programs.firefox = {
-      #      package = pkgs.firefox-beta;
+      package = pkgs.firefox.override {
+        extraPrefsFiles = [
+          "${pkgs.arkenfox-userjs}/user.cfg"
+
+          (pkgs.writeText "arkenfox-userjs-overrides.cfg" # javascript
+            ''
+              /// arkenfox user.js overrides.
+              // We want session restore to work, for that we need to save history:
+              // https://github.com/arkenfox/user.js/issues/1080#issue-774750296
+              lockPref("privacy.clearOnShutdown.history", false);
+              lockPref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", false);
+              lockPref("privacy.clearOnShutdown.offlineApps", false); // Site Data
+              lockPref("privacy.clearOnShutdown_v2.cookiesAndStorage", false); // Cookies, Site Data, Active Logins [FF128+]
+            ''
+          )
+        ];
+      };
      enable = true;
      languagePacks = optionals locale [
        "de"
@ -43,6 +59,7 @@ in
          );
        DisableTelemetry = true;
        DisableFirefoxStudies = true;
+        DisableScreenshots = true;
        EnableTrackingProtection = {
          Value = true;
          Locked = true;
@ -58,18 +75,48 @@ in
        DontCheckDefaultBrowser = true;
        Preferences = {
          "pdfjs.enableScripting" = false;
+          "signon.rememberSignons" = false;

          "media.hardware-video-decoding.enabled" = true;
          "media.ffmpeg.vaapi.enabled" = true;
-          "network.dns.disableIPv6" = true;
-          # "network.dns.DNS_HTTPS.domain" = "::1";
-          "network.connectivity-service.DNSv4.domain" = "127.0.0.1";
-          "network.connectivity-service.DNSv6.domain" = "::1";
-          network.dns.localDomains = "::1";
-          network.dns.forceResolve = true;
-          "media.peerconnection.enabled" = false;
          "media.rdd-ffmpeg.enabled" = true;
          "media.navigator.mediadatadecoder_vpx_enabled" = true;
+          "media.eme.enabled" = true;
+          # "media.peerconnection.enabled" = false;
+          
+          "browser.startup.homepage" = "about:home";
+          "browser.startup.page" = 1;
+          "browser.newtabpage.enabled" = true;
+          "browser.toolbars.bookmarks.visibility" = "newtab";
+          "browser.download.useDownloadDir" = true;
+
+          # "general.useragent.override" = "";
+          # "permissions.memory_only" = true;
+          "privacy.resistFingerprinting" = true;
+          "privacy.resistFingerprinting.block_mozAddonManager" = true;
+          "network.http.referer.XOriginPolicy" = 1;
+          "network.http.referer.XOriginTrimmingPolicy" = 1;
+          "network.http.sendRefererHeader" = 0;
+
+          "network.proxy.socks" = builtins.head (builtins.split ":" config.services.tor.torsocks.server);
+          "network.proxy.socks_port" = lib.last (builtins.split ":" config.services.tor.torsocks.server);
+          "network.connectivity-service.DNSv4.domain" = "127.0.0.1";
+          "network.connectivity-service.DNSv6.domain" = "::1";
+          "network.dns.localDomains" = "::1";
+          "network.dns.forceResolve" = true;
+          "network.dns.disableIPv6" = true;
+
+          "extensions.formautofill.addresses.enabled" = false;
+          "extensions.formautofill.creditCards.enabled" = false;
+
+          "permissions.default.geo" = 2;
+          "permissions.default.xr" = 2;
+          "privacy.fingerprintingProtection" = true;
+          "privacy.globalprivacycontrol.enabled" = true;
+          "signon.firefoxRelay.feature" = "disabled";
+          "browser.display.use_document_fonts" = 0;
+          
+          # "network.dns.DNS_HTTPS.domain" = "::1";
        } // optionalAttrs sway.enable { "browser.tabs.inTitlebar" = 0; };
      };
    };
--- a/hardening/opensnitch/block_lists.nix
+++ b/hardening/opensnitch/block_lists.nix
@ -5,13 +5,13 @@
 }:
 stdenv.mkDerivation rec {
  pname = "stevenblack_block";
-  version = "3.14.116";
+  version = "3.15.19";

  src = fetchFromGitHub {
    owner = "StevenBlack";
    repo = "hosts";
    rev = version;
-    hash = "sha256-MATJK6QO//6z5CXS3zVo/s/Bz6c2z0g8C+InM5iiv2o=";
+    hash = "sha256-hcvOs96apLZFVv1Fn9FUxS3VQQeP7h/IC2E3xOqcrZY=";
  };

  installPhase = ''
--- a/specific/grimm-nixos-ssd/configuration.nix
+++ b/specific/grimm-nixos-ssd/configuration.nix
@ -40,6 +40,7 @@
        "{b9db16a4-6edc-47ec-a1f4-b86292ed211d}" = "video-downloadhelper";
        "{1526fba1-ac33-4dfc-99d8-163e6129f7b9}" = "reveye-ris";
        "shinigamieyes@shinigamieyes" = "shinigami-eyes";
+        "{6787c9e3-c787-4e21-9449-92e301642b34}" = "proxyswitcheroo";
      };
    };
    spotify.enable = true;