2024-11-16 17:03:21 +01:00
|
|
|
|
{ lib, firefox ? false, thunderbird ? false }: let
|
|
|
|
|
inherit (lib) optionals optionalAttrs;
|
|
|
|
|
in assert (lib.xor firefox thunderbird); {
|
2024-11-16 16:04:35 +01:00
|
|
|
|
CaptivePortal = false;
|
|
|
|
|
|
|
|
|
|
Cookies = {
|
|
|
|
|
Behavior = "reject-tracker-and-partition-foreign";
|
|
|
|
|
BehivorPrivateBrowsing = "reject-tracker-and-partition-foreign";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
DNSOverHTTPS.Enabled = false;
|
|
|
|
|
DisableEncryptedClientHello = false;
|
|
|
|
|
DisableFeedbackCommands = true;
|
|
|
|
|
DisableFirefoxStudies = true;
|
|
|
|
|
DisablePocket = true;
|
|
|
|
|
DisableTelemetry = true;
|
|
|
|
|
DontCheckDefaultBrowser = true;
|
|
|
|
|
|
|
|
|
|
EnableTrackingProtection = {
|
|
|
|
|
Value = true;
|
|
|
|
|
Cryptomining = true;
|
|
|
|
|
Fingerprinting = true;
|
|
|
|
|
EmailTracking = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
EncryptedMediaExtensions.Enabled = true;
|
|
|
|
|
|
2024-11-16 17:03:21 +01:00
|
|
|
|
ExtensionSettings = {
|
|
|
|
|
"uBlock0@raymondhill.net" = {
|
|
|
|
|
installation_mode = "normal_installed";
|
|
|
|
|
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
|
|
|
|
|
};
|
|
|
|
|
} // optionalAttrs firefox {
|
|
|
|
|
"@testpilot-containers" = {
|
|
|
|
|
installation_mode = "normal_installed";
|
|
|
|
|
install_url = "https://addons.mozilla.org/firefox/downloads/latest/multi-account-containers/latest.xpi";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
"gdpr@cavi.au.dk" = {
|
|
|
|
|
installation_mode = "normal_installed";
|
|
|
|
|
install_url = "https://addons.mozilla.org/firefox/downloads/latest/consent-o-matic/latest.xpi";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
"jid1-BoFifL9Vbdl2zQ@jetpack" = {
|
|
|
|
|
installation_mode = "normal_installed";
|
|
|
|
|
install_url = "https://addons.mozilla.org/firefox/downloads/latest/decentraleyes/latest.xpi";
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-11-16 16:04:35 +01:00
|
|
|
|
|
|
|
|
|
FirefoxHome = {
|
|
|
|
|
SponsoredTopSites = false;
|
|
|
|
|
SponsoredPocket = false;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
FirefoxSuggest = {
|
|
|
|
|
SponsoredSuggestions = false;
|
|
|
|
|
ImproveSuggest = false;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
HardwareAcceleration = true;
|
|
|
|
|
HomePage.StartPage = "previous-session";
|
|
|
|
|
HttpsOnlyMode = "force_enabled";
|
|
|
|
|
NewTabPage = false;
|
|
|
|
|
OverrideFirstRunPage = "";
|
|
|
|
|
|
|
|
|
|
PDFjs = {
|
|
|
|
|
Enabled = true;
|
|
|
|
|
EnablePermissions = false;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
Permissions.AutoPlay.Default = "block-audio-video";
|
|
|
|
|
PopupBlocking.Default = true;
|
|
|
|
|
PostQuantumKeyAgreementEnabled = true;
|
|
|
|
|
|
|
|
|
|
Preferences = let
|
|
|
|
|
default = value: {
|
|
|
|
|
Status = "default";
|
|
|
|
|
Value = value;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
locked = value: {
|
|
|
|
|
Status = "locked";
|
|
|
|
|
Value = value;
|
|
|
|
|
};
|
|
|
|
|
in {
|
2024-11-16 17:03:21 +01:00
|
|
|
|
# date and time formats
|
|
|
|
|
"intl.date_time.pattern_override.date_short" = default "yyyy-MM-dd";
|
|
|
|
|
"intl.date_time.pattern_override.time_short" = default "HH:mm";
|
|
|
|
|
|
2024-11-16 16:04:35 +01:00
|
|
|
|
# cache
|
|
|
|
|
"browser.cache.memory.enable" = default true;
|
|
|
|
|
"browser.cache.memory.capacity" = default 262144;
|
|
|
|
|
"browser.cache.disk.enable" = default true;
|
|
|
|
|
"browser.cache.disk.capacity" = default 16777216;
|
|
|
|
|
|
2024-11-19 19:02:09 +01:00
|
|
|
|
# disable WebGL by default
|
|
|
|
|
"webgl.disabled" = default true;
|
|
|
|
|
|
2024-11-16 16:04:35 +01:00
|
|
|
|
# disable Normandy
|
|
|
|
|
"app.normandy.enabled" = locked false;
|
|
|
|
|
"app.normandy.api_url" = locked "";
|
|
|
|
|
"app.shield.optoutstudies.enabled" = locked false;
|
|
|
|
|
|
|
|
|
|
# disable sending of file hashes
|
|
|
|
|
"browser.safebrowsing.downloads.remote.enabled" = default false;
|
|
|
|
|
"browser.safebrowsing.downloads.remote.url" = default "";
|
|
|
|
|
|
|
|
|
|
# disable accessibility
|
|
|
|
|
"accessibility.force_disabled" = default true;
|
|
|
|
|
|
|
|
|
|
# disable crash reporting
|
|
|
|
|
"browser.tabs.crashReporting.sendReport" = locked false;
|
|
|
|
|
"breakpad.reportURL" = locked "";
|
|
|
|
|
|
|
|
|
|
# disable beacon API
|
|
|
|
|
"beacon.enabled" = locked false;
|
|
|
|
|
|
|
|
|
|
# disable pings
|
|
|
|
|
"browser.send_pings" = locked false;
|
|
|
|
|
|
|
|
|
|
# strip cross‐origin referrers
|
|
|
|
|
"network.http.referrer.XOriginTrimmingPolicy" = default 2;
|
|
|
|
|
|
|
|
|
|
# strip tracking query parameters
|
|
|
|
|
"privacy.query_stripping.enabled" = default true;
|
|
|
|
|
"privacy.query_stripping.enabled.pbmode" = default true;
|
|
|
|
|
|
|
|
|
|
# TLS
|
|
|
|
|
"security.ssl.require_safe_negotiation" = default true;
|
|
|
|
|
"security.tls.hello_downgrade_check" = default true;
|
|
|
|
|
"security.OCSP.enabled" = default 1;
|
|
|
|
|
"security.OCSP.require" = default true;
|
|
|
|
|
"security.cert_pinning.enforcement_level" = default 2;
|
|
|
|
|
"security.pki.crlite_mode" = default 2;
|
|
|
|
|
|
|
|
|
|
# enable ECN
|
|
|
|
|
"network.http.http3.ecn" = default true;
|
2024-11-16 17:03:21 +01:00
|
|
|
|
} // optionalAttrs firefox {
|
|
|
|
|
# hardware acceleration
|
|
|
|
|
"gfx.webrender.all" = default true;
|
|
|
|
|
"media.ffmpeg.vaapi.enabled" = default true;
|
2024-11-16 16:04:35 +01:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
PromptForDownloadLocation = true;
|
|
|
|
|
ShowHomeButton = false;
|
|
|
|
|
SSLVersionMin = "tls1.3";
|
|
|
|
|
TranslateEnabled = true;
|
|
|
|
|
}
|