caem/nixos-system-config
caem/nixos-system-config
1
Fork 0
Code Pull requests 1 Releases Activity

this actually might be it

Browse source
This commit is contained in:
caem 2025-01-25 03:02:40 +01:00
parent 5541426fd0
commit 906495daf0
Signed by: caem
GPG key ID: 69A830D03203405F
5 changed files with 87 additions and 90 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
modules/nixos/core/nix.nix
View file

@ -2,7 +2,7 @@
let
importOverlays = builtins.map
(overlay: import overlay { inherit lib inputs pkgs; })
(overlay: import overlay { inherit lib inputs pkgs cfgPath; })
(builtins.filter
(file: builtins.match ".*\.nix" (builtins.toString file) != null)
(lib.filesystem.listFilesRecursive "${cfgPath}/overlays"));

83
modules/nixos/multimedia/web/firefox.nix
View file

@ -1,83 +0,0 @@
{ username, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
tor-browser
firefox-esr
];
environment.persistence."/nix/config" = {
users."${username}".directories = [
".config/mozilla"
];
};
environment.etc."firefox/policies/policies.json" = {
mode = "0444";
text = ''
{
"policies": {
"EnableTrackingProtection": {
"Value": true,
"Cryptomining": true,
"Fingerprinting": true,
"EmailTracking": true,
"Level": "strict"
},
"DisableTelemetry": true,
"DisablePocket": true,
"DisableFirefoxStudies": true,
"DisableFirefoxAccounts": false,
"DisableAccounts": false,
"DontCheckDefaultBrowser": true,
"OverrideFirstRunPage": "",
"OverridePostUpdatePage": "",
"NoDefaultBookmarks": true,
"Cookies": {
"Behavior": "reject-foreign",
"BehaviorPrivateBrowsing": "reject-foreign"
},
"UserMessaging": {
"WhatsNew": false,
"ExtensionRecommendations": false,
"FeatureRecommendations": false,
"UrlbarInterventions": false,
"SkipOnboarding": true,
"MoreFromMozilla": false
},
"FirefoxHome": {
"Search": true,
"TopSites": true,
"SponsoredTopSites": false,
"Highlights": false,
"Pocket": false,
"SponsoredPocket": false,
"Snippets": false,
"Locked": true
},
"SearchSuggestEnabled": false,
"ShowSearchSuggestionsFirst": false,
"NewTabPage": false,
"SearchEngines": {
"Add": [
{
"Name": "Kagi",
"URLTemplate": "https://kagi.com/search?q={searchTerms}",
"Method": "GET",
"IconURL": "https://kagi.com/favicon.ico",
"Alias": "@k",
"Default": true
}
],
"Remove": [
"Bing",
"Google",
"DuckDuckGo",
"Wikipedia (en)"
]
}
}
}
'';
};
}

14
modules/nixos/multimedia/web/firefox/default.nix Normal file
View file

@ -0,0 +1,14 @@
{ username, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
tor-browser
firefox-esr
];
environment.persistence."/nix/config" = {
users."${username}".directories = [
".config/mozilla"
];
};
}

62
modules/nixos/multimedia/web/firefox/policies.json Normal file
View file

@ -0,0 +1,62 @@
{
"policies": {
"EnableTrackingProtection": {
"Value": true,
"Cryptomining": true,
"Fingerprinting": true,
"EmailTracking": true,
"Level": "strict"
},
"DisableTelemetry": true,
"DisablePocket": true,
"DisableFirefoxStudies": true,
"DisableFirefoxAccounts": false,
"DisableAccounts": false,
"DontCheckDefaultBrowser": true,
"OverrideFirstRunPage": "",
"OverridePostUpdatePage": "",
"NoDefaultBookmarks": true,
"Cookies": {
"Behavior": "reject-foreign",
"BehaviorPrivateBrowsing": "reject-foreign"
},
"UserMessaging": {
"WhatsNew": false,
"ExtensionRecommendations": false,
"FeatureRecommendations": false,
"UrlbarInterventions": false,
"SkipOnboarding": true,
"MoreFromMozilla": false
},
"FirefoxHome": {
"Search": true,
"TopSites": true,
"SponsoredTopSites": false,
"Highlights": false,
"Pocket": false,
"SponsoredPocket": false,
"Snippets": false,
"Locked": true
},
"SearchSuggestEnabled": false,
"NewTabPage": false,
"SearchEngines": {
"Add": [
{
"Name": "Kagi",
"URLTemplate": "https://kagi.com/search?q={searchTerms}",
"Method": "GET",
"IconURL": "https://kagi.com/favicon.ico",
"Alias": "@k",
"Default": true
}
],
"Remove": [
"Bing",
"Google",
"DuckDuckGo",
"Wikipedia (en)"
]
}
}
}

16
overlays/nixpak/firefox.nix
View file

@ -2,11 +2,18 @@
# https://github.com/ryan4yin/nix-config/blob/7deed26cc5a3af2072b8c89a688f265607babc80/hardening/nixpaks/firefox.nix
# https://github.com/schizofox/schizofox/blob/cdf69b2a445ff12680657a3bd44ce7c406bf2ae6/flake/modules/home-manager/default.nix
{ ... }: final: prev: {
{ cfgPath, ... }: final: prev: {
firefox-esr = let
intermediary-firefox-esr = prev.firefox-esr.overrideAttrs (oldAttrs: {
postInstall = (oldAttrs.postInstall or "") + ''
mkdir -p $out/lib/firefox/policies
cp "${cfgPath}/modules/nixos/multimedia/web/firefox/polcies.json" $out/lib/firefox/policies/policies.json
'';
});
sandboxed-firefox-esr = prev.mkNixPak {
config = { sloth, ... }: {
app.package = prev.firefox-esr;
app.package = intermediary-firefox-esr;
app.binPath = "bin/firefox-esr";
flatpak.appId = "org.mozilla.firefox";
@ -52,16 +59,13 @@
(envSuffix "XDG_RUNTIME_DIR" "/dconf")
[(sloth.mkdir (sloth.concat' sloth.xdgConfigHome "/mozilla")) (sloth.concat' sloth.homeDir "/.mozilla")]
# rw because we have to place policies.json inside
["${prev.firefox-esr}/lib/firefox" "/app/etc/firefox"]
];
bind.ro = [
[ "/etc/firefox/policies/policies.json" "/app/etc/firefox/policies/policies.json" ]
"/sys/bus/pci"
"/etc/resolv.conf"
"/etc/localtime"
["${prev.firefox-esr}/lib/firefox" "/app/etc/firefox"]
(sloth.concat' sloth.xdgConfigHome "/dconf")
(sloth.concat' sloth.xdgConfigHome "/gtk-2.0")
(sloth.concat' sloth.xdgConfigHome "/gtk-3.0")