swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: firefox hardening

Browse source
This commit is contained in:
Swarsel 2024-12-08 12:26:53 +01:00
parent b17092ec6f
commit da1a9947ad
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
3 changed files with 473 additions and 209 deletions
Download patch file Download diff file Expand all files Collapse all files

79
SwarselSystems.org
View file

@ -179,6 +179,8 @@ Set in firefox `about:config > toolkit.legacyUserProfileCustomizations.styleshee
userChrome = builtins.readFile ../../../programs/firefox/chrome/userChrome.css; userChrome = builtins.readFile ../../../programs/firefox/chrome/userChrome.css;
extensions = with pkgs.nur.repos.rycee.firefox-addons; [ extensions = with pkgs.nur.repos.rycee.firefox-addons; [
tridactyl tridactyl
tampermonkey
sidebery
browserpass browserpass
clearurls clearurls
darkreader darkreader
@ -196,9 +198,67 @@ Set in firefox `about:config > toolkit.legacyUserProfileCustomizations.styleshee
unpaywall unpaywall
don-t-fuck-with-paste don-t-fuck-with-paste
plasma-integration plasma-integration
(buildFirefoxXpiAddon {
pname = "shortkeys";
version = "4.0.2";
addonId = "Shortkeys@Shortkeys.com";
url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi";
sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c";
meta = with lib;
{
description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys";
mozPermissions = [
"tabs"
"downloads"
"clipboardWrite"
"browsingData"
"storage"
"bookmarks"
"sessions"
"<all_urls>"
];
platforms = platforms.all;
};
})
]; ];
search.engines = { settings =
{
"extensions.autoDisableScopes" = 0;
"browser.bookmarks.showMobileBookmarks" = lock-true;
"toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true;
"browser.search.suggest.enabled" = lock-false;
"browser.search.suggest.enabled.private" = lock-false;
"browser.urlbar.suggest.searches" = lock-false;
"browser.urlbar.showSearchSuggestionsFirst" = lock-false;
"browser.topsites.contile.enabled" = lock-false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = lock-false;
"browser.newtabpage.activity-stream.feeds.snippets" = lock-false;
"browser.newtabpage.activity-stream.section.highlights.includePocket" = lock-false;
"browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = lock-false;
"browser.newtabpage.activity-stream.section.highlights.includeDownloads" = lock-false;
"browser.newtabpage.activity-stream.section.highlights.includeVisited" = lock-false;
"browser.newtabpage.activity-stream.showSponsored" = lock-false;
"browser.newtabpage.activity-stream.system.showSponsored" = lock-false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false;
};
search = {
default = "Kagi";
privateDefault = "Kagi";
engines = {
"Kagi" = {
urls = [{
template = "https://kagi.com/search";
params = [
{ name = "q"; value = "{searchTerms}"; }
];
}];
iconUpdateURL = "https://kagi.com/favicon.ico";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = [ "@k" ];
};
"Nix Packages" = { "Nix Packages" = {
urls = [{ urls = [{
template = "https://search.nixos.org/packages"; template = "https://search.nixos.org/packages";
@ -246,7 +306,8 @@ Set in firefox `about:config > toolkit.legacyUserProfileCustomizations.styleshee
"Google".metaData.alias = "@g"; "Google".metaData.alias = "@g";
}; };
search.force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart
};
#+end_src #+end_src
@ -8321,6 +8382,7 @@ I used to build the firefox addon =bypass-paywalls-clean= myself here, but the m
extensions = with pkgs.nur.repos.rycee.firefox-addons; [ extensions = with pkgs.nur.repos.rycee.firefox-addons; [
tridactyl tridactyl
tampermonkey tampermonkey
sidebery
browserpass browserpass
clearurls clearurls
darkreader darkreader
@ -9024,8 +9086,17 @@ The rest of the settings is at [[#h:fb3f3e01-7df4-4b06-9e91-aa9cac61a431][gaming
The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]. Here, I am setting up the different firefox profiles that I need for the SSO sites that I need to access at work as well as a few ssh shorthands. The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]. Here, I am setting up the different firefox profiles that I need for the SSO sites that I need to access at work as well as a few ssh shorthands.
#+begin_src nix :tangle profiles/optional/home/work.nix :noweb yes #+begin_src nix :tangle profiles/optional/home/work.nix :noweb yes
{ pkgs, ... }: { pkgs, lib, ... }:
let
lock-false = {
Value = false;
Status = "locked";
};
lock-true = {
Value = true;
Status = "locked";
};
in
{ {
home.packages = with pkgs; [ home.packages = with pkgs; [
stable.teams-for-linux stable.teams-for-linux

1
profiles/common/home/firefox.nix
View file

@ -149,6 +149,7 @@ in
extensions = with pkgs.nur.repos.rycee.firefox-addons; [ extensions = with pkgs.nur.repos.rycee.firefox-addons; [
tridactyl tridactyl
tampermonkey tampermonkey
sidebery
browserpass browserpass
clearurls clearurls
darkreader darkreader

208
profiles/optional/home/work.nix
View file

@ -1,5 +1,14 @@
{ pkgs, ... }: { pkgs, lib, ... }:
let
lock-false = {
Value = false;
Status = "locked";
};
lock-true = {
Value = true;
Status = "locked";
};
in
{ {
home.packages = with pkgs; [ home.packages = with pkgs; [
stable.teams-for-linux stable.teams-for-linux
@ -62,6 +71,8 @@
userChrome = builtins.readFile ../../../programs/firefox/chrome/userChrome.css; userChrome = builtins.readFile ../../../programs/firefox/chrome/userChrome.css;
extensions = with pkgs.nur.repos.rycee.firefox-addons; [ extensions = with pkgs.nur.repos.rycee.firefox-addons; [
tridactyl tridactyl
tampermonkey
sidebery
browserpass browserpass
clearurls clearurls
darkreader darkreader
@ -79,9 +90,67 @@
unpaywall unpaywall
don-t-fuck-with-paste don-t-fuck-with-paste
plasma-integration plasma-integration
(buildFirefoxXpiAddon {
pname = "shortkeys";
version = "4.0.2";
addonId = "Shortkeys@Shortkeys.com";
url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi";
sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c";
meta = with lib;
{
description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys";
mozPermissions = [
"tabs"
"downloads"
"clipboardWrite"
"browsingData"
"storage"
"bookmarks"
"sessions"
"<all_urls>"
];
platforms = platforms.all;
};
})
]; ];
search.engines = { settings =
{
"extensions.autoDisableScopes" = 0;
"browser.bookmarks.showMobileBookmarks" = lock-true;
"toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true;
"browser.search.suggest.enabled" = lock-false;
"browser.search.suggest.enabled.private" = lock-false;
"browser.urlbar.suggest.searches" = lock-false;
"browser.urlbar.showSearchSuggestionsFirst" = lock-false;
"browser.topsites.contile.enabled" = lock-false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = lock-false;
"browser.newtabpage.activity-stream.feeds.snippets" = lock-false;
"browser.newtabpage.activity-stream.section.highlights.includePocket" = lock-false;
"browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = lock-false;
"browser.newtabpage.activity-stream.section.highlights.includeDownloads" = lock-false;
"browser.newtabpage.activity-stream.section.highlights.includeVisited" = lock-false;
"browser.newtabpage.activity-stream.showSponsored" = lock-false;
"browser.newtabpage.activity-stream.system.showSponsored" = lock-false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false;
};
search = {
default = "Kagi";
privateDefault = "Kagi";
engines = {
"Kagi" = {
urls = [{
template = "https://kagi.com/search";
params = [
{ name = "q"; value = "{searchTerms}"; }
];
}];
iconUpdateURL = "https://kagi.com/favicon.ico";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = [ "@k" ];
};
"Nix Packages" = { "Nix Packages" = {
urls = [{ urls = [{
template = "https://search.nixos.org/packages"; template = "https://search.nixos.org/packages";
@ -129,7 +198,8 @@
"Google".metaData.alias = "@g"; "Google".metaData.alias = "@g";
}; };
search.force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart
};
}; };
cl_adm = { cl_adm = {
@ -139,6 +209,8 @@
userChrome = builtins.readFile ../../../programs/firefox/chrome/userChrome.css; userChrome = builtins.readFile ../../../programs/firefox/chrome/userChrome.css;
extensions = with pkgs.nur.repos.rycee.firefox-addons; [ extensions = with pkgs.nur.repos.rycee.firefox-addons; [
tridactyl tridactyl
tampermonkey
sidebery
browserpass browserpass
clearurls clearurls
darkreader darkreader
@ -156,9 +228,67 @@
unpaywall unpaywall
don-t-fuck-with-paste don-t-fuck-with-paste
plasma-integration plasma-integration
(buildFirefoxXpiAddon {
pname = "shortkeys";
version = "4.0.2";
addonId = "Shortkeys@Shortkeys.com";
url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi";
sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c";
meta = with lib;
{
description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys";
mozPermissions = [
"tabs"
"downloads"
"clipboardWrite"
"browsingData"
"storage"
"bookmarks"
"sessions"
"<all_urls>"
];
platforms = platforms.all;
};
})
]; ];
search.engines = { settings =
{
"extensions.autoDisableScopes" = 0;
"browser.bookmarks.showMobileBookmarks" = lock-true;
"toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true;
"browser.search.suggest.enabled" = lock-false;
"browser.search.suggest.enabled.private" = lock-false;
"browser.urlbar.suggest.searches" = lock-false;
"browser.urlbar.showSearchSuggestionsFirst" = lock-false;
"browser.topsites.contile.enabled" = lock-false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = lock-false;
"browser.newtabpage.activity-stream.feeds.snippets" = lock-false;
"browser.newtabpage.activity-stream.section.highlights.includePocket" = lock-false;
"browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = lock-false;
"browser.newtabpage.activity-stream.section.highlights.includeDownloads" = lock-false;
"browser.newtabpage.activity-stream.section.highlights.includeVisited" = lock-false;
"browser.newtabpage.activity-stream.showSponsored" = lock-false;
"browser.newtabpage.activity-stream.system.showSponsored" = lock-false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false;
};
search = {
default = "Kagi";
privateDefault = "Kagi";
engines = {
"Kagi" = {
urls = [{
template = "https://kagi.com/search";
params = [
{ name = "q"; value = "{searchTerms}"; }
];
}];
iconUpdateURL = "https://kagi.com/favicon.ico";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = [ "@k" ];
};
"Nix Packages" = { "Nix Packages" = {
urls = [{ urls = [{
template = "https://search.nixos.org/packages"; template = "https://search.nixos.org/packages";
@ -206,7 +336,8 @@
"Google".metaData.alias = "@g"; "Google".metaData.alias = "@g";
}; };
search.force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart
};
}; };
ws_adm = { ws_adm = {
@ -216,6 +347,8 @@
userChrome = builtins.readFile ../../../programs/firefox/chrome/userChrome.css; userChrome = builtins.readFile ../../../programs/firefox/chrome/userChrome.css;
extensions = with pkgs.nur.repos.rycee.firefox-addons; [ extensions = with pkgs.nur.repos.rycee.firefox-addons; [
tridactyl tridactyl
tampermonkey
sidebery
browserpass browserpass
clearurls clearurls
darkreader darkreader
@ -233,9 +366,67 @@
unpaywall unpaywall
don-t-fuck-with-paste don-t-fuck-with-paste
plasma-integration plasma-integration
(buildFirefoxXpiAddon {
pname = "shortkeys";
version = "4.0.2";
addonId = "Shortkeys@Shortkeys.com";
url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi";
sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c";
meta = with lib;
{
description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys";
mozPermissions = [
"tabs"
"downloads"
"clipboardWrite"
"browsingData"
"storage"
"bookmarks"
"sessions"
"<all_urls>"
];
platforms = platforms.all;
};
})
]; ];
search.engines = { settings =
{
"extensions.autoDisableScopes" = 0;
"browser.bookmarks.showMobileBookmarks" = lock-true;
"toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true;
"browser.search.suggest.enabled" = lock-false;
"browser.search.suggest.enabled.private" = lock-false;
"browser.urlbar.suggest.searches" = lock-false;
"browser.urlbar.showSearchSuggestionsFirst" = lock-false;
"browser.topsites.contile.enabled" = lock-false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = lock-false;
"browser.newtabpage.activity-stream.feeds.snippets" = lock-false;
"browser.newtabpage.activity-stream.section.highlights.includePocket" = lock-false;
"browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = lock-false;
"browser.newtabpage.activity-stream.section.highlights.includeDownloads" = lock-false;
"browser.newtabpage.activity-stream.section.highlights.includeVisited" = lock-false;
"browser.newtabpage.activity-stream.showSponsored" = lock-false;
"browser.newtabpage.activity-stream.system.showSponsored" = lock-false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false;
};
search = {
default = "Kagi";
privateDefault = "Kagi";
engines = {
"Kagi" = {
urls = [{
template = "https://kagi.com/search";
params = [
{ name = "q"; value = "{searchTerms}"; }
];
}];
iconUpdateURL = "https://kagi.com/favicon.ico";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = [ "@k" ];
};
"Nix Packages" = { "Nix Packages" = {
urls = [{ urls = [{
template = "https://search.nixos.org/packages"; template = "https://search.nixos.org/packages";
@ -283,7 +474,8 @@
"Google".metaData.alias = "@g"; "Google".metaData.alias = "@g";
}; };
search.force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart
};
}; };
}; };