mikael/idiosyn
mikael/idiosyn
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Use custom Firefox flake
Some checks failed
nix flake check / check (aarch64-linux) (push) Has been cancelled
Details
nix flake check / check (x86_64-linux) (push) Has been cancelled
Details

Browse source
This commit is contained in:
Mikael 2024-11-16 17:10:10 +01:00
parent 9c3cdb5691
commit a08b1e5238
Signed by: mikael
SSH key fingerprint: SHA256:21QyD2Meiot7jOUVitIR5YkGB/XuXdCvLW1hE6dsri0
6 changed files with 42 additions and 140 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
flake.lock
View file

@ -101,6 +101,24 @@
"type": "github"
}
},
"firefox": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1731773001,
"narHash": "sha256-/3tpXzkJqSmJObEilZxeL4Mo1GsyNP0q15kIvw6+GEo=",
"ref": "refs/heads/main",
"rev": "bb30e67d1f3e5947d46c86dda2a567d16e9d3f52",
"revCount": 3,
"type": "git",
"url": "https://woof.rip/mikael/firefox.git"
},
"original": {
"type": "git",
"url": "https://woof.rip/mikael/firefox.git"
}
},
"flake-compat": {
"flake": false,
"locked": {
@ -329,7 +347,7 @@
},
"linux-hardened": {
"inputs": {
"nixpkgs": "nixpkgs"
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1731676971,
@ -576,6 +594,22 @@
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1731531548,
"narHash": "sha256-sz8/v17enkYmfpgeeuyzniGJU0QQBfmAjlemAUYhfy8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "24f0d4acd634792badd6470134c387a3b039dace",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"locked": {
"lastModified": 1731667778,
@ -674,6 +708,7 @@
"catppuccin": "catppuccin",
"catppuccin-palette": "catppuccin-palette",
"colmena": "colmena",
"firefox": "firefox",
"home-manager": "home-manager",
"lanzaboote": "lanzaboote",
"linux-hardened": "linux-hardened",
@ -682,7 +717,7 @@
"niri": "niri",
"nix-index-database": "nix-index-database",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs_3",
"nur": "nur",
"ripgrep-all": "ripgrep-all",
"rust-overlay": "rust-overlay"

1
flake.nix
View file

@ -40,6 +40,7 @@
};
linux-hardened.url = "git+https://woof.rip/mikael/linux-hardened.git";
firefox.url = "git+https://woof.rip/mikael/firefox.git";
nix-index-database = {
url = "github:illdefined/nix-index-database";

94
home/config/nil/firefox.nix
View file

@ -1,4 +1,4 @@
{ ... }: { config, lib, pkgs, ... }@args:
{ firefox, ... }: { config, lib, pkgs, ... }@args:
let
osConfig = args.osConfig or { };
@ -12,7 +12,7 @@ let
in lib.mkIf (osConfig.hardware.graphics.enable or false) {
programs.firefox = {
enable = true;
package = pkgs.firefox;
package = firefox.packages.${pkgs.system}.firefox;
profiles = let
extensions = with config.nur.repos.rycee.firefox-addons; [
clearurls
@ -30,16 +30,6 @@ in lib.mkIf (osConfig.hardware.graphics.enable or false) {
"intl.accept_languages" = "en-gb,en,de,fr,es-es,es,pt,ja";
"intl.locale.requested" = "en-GB,en,de,fr,es-ES,es,pt,ja";
# use OS resolver
"network.trr.mode" = 5;
# force HTTPS
"dom.security.https_only_mode" = true;
"dom.security.https_only_mode_ever_enabled" = true;
# enable EME
"media.eme.enabled" = true;
# founts
"font.default.x-unicode" = "sans-serif";
"font.default.x-western" = "sans-serif";
@ -49,87 +39,7 @@ in lib.mkIf (osConfig.hardware.graphics.enable or false) {
"font.name.monospace.x-western" = "Fira Code";
# hardware acceleration
"gfx.webrender.all" = true;
"layers.acceleration.force-enabled" = true;
"media.ffmpeg.vaapi.enabled" = true;
# always ask for download location
"browser.download.useDownloadDir" = false;
# disable firefox tab
"browser.tabs.firefox-view" = false;
# disable firefox intro tab
"browser.startup.homepage_override.mstone" = "ignore";
# disable default browser check
"browser.shell.checkDefaultBrowser" = false;
# private containor for new tab page thumbnails
"privacy.usercontext.about_newtab_segregation.enabled" = true;
# disable Beacons API
"beacon.enabled" = false;
# disable pings
"browser.send_pings" = false;
# strip query parameters
"privacy.query_stripping" = true;
# disable access to device sensors
"device.sensors.enabled" = false;
"dom.battery.enabled" = false;
# disable media autoplay
"media.autoplay.enabled" = false;
# block thirdparty cookies
"network.cookie.cookieBehavior" = 1;
# spoof referrer header
"network.http.referer.spoofSource" = true;
# isolate all browser identifier sources
"privacy.firstparty.isolate" = true;
# resist fingerprinting
#"privacy.resistFingerprinting" = true;
# enable builtin tracking protection
"privacy.trackingprotection.enabled" = true;
"privacy.trackingprotection.emailtracking.enabled" = true;
"privacy.trackingprotection.socialtracking.enabled" = true;
# disable data sharing
"app.normandy.enabled" = false;
"app.shield.optoutstudies.enabled" = false;
"datareporting.healthreport.uploadEnabled" = false;
# disable safebrowsing
"browser.safebrowsing.downloads.enabled" = false;
"browser.safebrowsing.malware.enabled" = false;
"browser.safebrowsing.phishing.enabled" = false;
# disable firefox account
"identity.fxaccounts.enabled" = false;
# disable sponsored items
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"browser.newtabpage.enhanced" = false;
# disable Pocket
"extensions.pocket.enabled" = false;
# disable crash reporting
"browser.tabs.crashReporting.sendReport" = false;
"breakpad.reportURL" = "";
# disable accessibility services
"accessibility.force_disabled" = true;
# disable password autofill
"signon.autofillForms" = false;
# enable user profile customisation
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;

4
home/config/nil/thunderbird.nix
View file

@ -1,10 +1,10 @@
{ ... }: { config, lib, pkgs, ... }@args:
{ firefox, ... }: { config, lib, pkgs, ... }@args:
let
osConfig = args.osConfig or { };
in lib.mkIf (osConfig.hardware.graphics.enable or false) {
programs.thunderbird = {
enable = true;
package = pkgs.thunderbird;
package = firefox.packages.${pkgs.system}.thunderbird;
profiles = { };
};
}

16
overlay/mimalloc.nix
View file

@ -15,22 +15,6 @@ in {
secureBuild = true;
};
firefox = (final.wrapFirefox final.firefox-unwrapped { }).overrideAttrs (prevAttrs: {
buildCommand = prevAttrs.buildCommand + ''
sed -i \
'$i export MIMALLOC_RESERVE_HUGE_OS_PAGES=2' \
"$out/bin/firefox"
'';
});
thunderbird = (final.wrapThunderbird final.thunderbird-unwrapped { }).overrideAttrs (prevAttrs: {
buildCommand = prevAttrs.buildCommand + ''
sed -i \
'$i export MIMALLOC_RESERVE_HUGE_OS_PAGES=2' \
"$out/bin/thunderbird"
'';
});
fractal = prev.fractal.overrideAttrs (prevAttrs: {
nativeBuildInputs = prevAttrs.nativeBuildInputs or [ ] ++ [ final.makeBinaryWrapper ];
buildInputs = prevAttrs.buildInputs or [ ] ++ [ final.mimalloc ];

28
overlay/modern-minimal.nix
View file

@ -91,23 +91,6 @@ in genAttrs [
withSsh = false;
};
firefox-unwrapped = (prev.firefox-unwrapped.overrideAttrs (prevAttrs: {
buildInputs = prevAttrs.buildInputs or [ ]
++ [ final.alsa-lib ];
configureFlags = prevAttrs.configureFlags or [ ]
|> substituteFlags {
"--enable-default-toolkit=.*" = "--enable-default-toolkit=cairo-gtk3-wayland-only";
};
})).override {
alsaSupport = false;
gssSupport = false;
jemallocSupport = false;
sndioSupport = false;
};
firefox = final.wrapFirefox final.firefox-unwrapped { };
gammastep = prev.gammastep.override {
withRandr = false;
};
@ -344,17 +327,6 @@ in genAttrs [
withIptables = false;
};
thunderbird-unwrapped = (prev.thunderbird-unwrapped.overrideAttrs (prevAttrs: {
configureFlags = prevAttrs.configureFlags or [ ]
|> substituteFlags {
"--enable-default-toolkit=.*" = "--enable-default-toolkit=cairo-gtk3-wayland-only";
};
})).override {
jemallocSupport = false;
};
thunderbird = final.wrapThunderbird final.thunderbird-unwrapped { };
w3m = prev.w3m.override {
x11Support = false;
imlib2 = final.imlib2;