grimm-nixos-laptop/common/firefox.nix

75 lines
2.4 KiB
Nix

{ inputs, pkgs, config, lib, ... }:
let
cfg = config.grimmShared;
in
{
config = with cfg; lib.mkIf (enable && firefox.enable) {
environment.systemPackages = [ ]
++ lib.optionals config.services.desktopManager.plasma6.enable [ pkgs.plasma-browser-integration ];
programs.firefox = {
package = pkgs.firefox-beta;
enable = true;
nativeMessagingHosts.packages = [ ]
++ lib.optionals (cfg.tooling.enable && cfg.tooling.pass) [ pkgs.passff-host ];
languagePacks = lib.optionals cfg.locale [ "de" "en-US" ];
policies = {
ExtensionSettings = lib.mkMerge [
(lib.mkIf cfg.firefox.disableUserPlugins {
"*".installation_mode = "blocked";
})
(lib.mapAttrs
(guid: shortId: {
# explicit plugins by config
install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi";
installation_mode = "force_installed";
})
cfg.firefox.plugins)
(lib.mkIf (cfg.tooling.enable && cfg.tooling.pass) {
# password-store support
"passff@invicem.pro" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/passff/latest.xpi";
installation_mode = "force_installed";
};
})
];
DisableTelemetry = true;
DisableFirefoxStudies = true;
EnableTrackingProtection = {
Value = true;
Locked = true;
Cryptomining = true;
Fingerprinting = true;
};
DisablePocket = true;
DisableFirefoxAccounts = true;
DisableAccounts = true;
DisableFirefoxScreenshots = true;
OverrideFirstRunPage = "";
OverridePostUpdatePage = "";
DontCheckDefaultBrowser = true;
Preferences = lib.mkMerge ([{
"pdfjs.enableScripting" = false;
}]
++ lib.optional cfg.sway.enable { "browser.tabs.inTitlebar" = 0; }
);
};
};
};
options.grimmShared.firefox = with lib; {
enable = mkEnableOption "grimm-firefox";
plugins = mkOption {
type = types.attrsOf types.str;
default = { };
description = "set of plugins to install. Format: guid = short-id";
};
disableUserPlugins = mkOption {
type = types.bool;
default = false;
description = "disables user controlled plugins";
};
};
}