Use custom Firefox flake
Some checks failed
nix flake check / check (aarch64-linux) (push) Has been cancelled
nix flake check / check (x86_64-linux) (push) Has been cancelled

This commit is contained in:
Mikael 2024-11-16 17:10:10 +01:00
parent 9c3cdb5691
commit a08b1e5238
Signed by: mikael
SSH key fingerprint: SHA256:21QyD2Meiot7jOUVitIR5YkGB/XuXdCvLW1hE6dsri0
6 changed files with 42 additions and 140 deletions

View file

@ -101,6 +101,24 @@
"type": "github" "type": "github"
} }
}, },
"firefox": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1731773001,
"narHash": "sha256-/3tpXzkJqSmJObEilZxeL4Mo1GsyNP0q15kIvw6+GEo=",
"ref": "refs/heads/main",
"rev": "bb30e67d1f3e5947d46c86dda2a567d16e9d3f52",
"revCount": 3,
"type": "git",
"url": "https://woof.rip/mikael/firefox.git"
},
"original": {
"type": "git",
"url": "https://woof.rip/mikael/firefox.git"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -329,7 +347,7 @@
}, },
"linux-hardened": { "linux-hardened": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1731676971, "lastModified": 1731676971,
@ -576,6 +594,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": {
"locked": {
"lastModified": 1731531548,
"narHash": "sha256-sz8/v17enkYmfpgeeuyzniGJU0QQBfmAjlemAUYhfy8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "24f0d4acd634792badd6470134c387a3b039dace",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1731667778, "lastModified": 1731667778,
@ -674,6 +708,7 @@
"catppuccin": "catppuccin", "catppuccin": "catppuccin",
"catppuccin-palette": "catppuccin-palette", "catppuccin-palette": "catppuccin-palette",
"colmena": "colmena", "colmena": "colmena",
"firefox": "firefox",
"home-manager": "home-manager", "home-manager": "home-manager",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"linux-hardened": "linux-hardened", "linux-hardened": "linux-hardened",
@ -682,7 +717,7 @@
"niri": "niri", "niri": "niri",
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_3",
"nur": "nur", "nur": "nur",
"ripgrep-all": "ripgrep-all", "ripgrep-all": "ripgrep-all",
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"

View file

@ -40,6 +40,7 @@
}; };
linux-hardened.url = "git+https://woof.rip/mikael/linux-hardened.git"; linux-hardened.url = "git+https://woof.rip/mikael/linux-hardened.git";
firefox.url = "git+https://woof.rip/mikael/firefox.git";
nix-index-database = { nix-index-database = {
url = "github:illdefined/nix-index-database"; url = "github:illdefined/nix-index-database";

View file

@ -1,4 +1,4 @@
{ ... }: { config, lib, pkgs, ... }@args: { firefox, ... }: { config, lib, pkgs, ... }@args:
let let
osConfig = args.osConfig or { }; osConfig = args.osConfig or { };
@ -12,7 +12,7 @@ let
in lib.mkIf (osConfig.hardware.graphics.enable or false) { in lib.mkIf (osConfig.hardware.graphics.enable or false) {
programs.firefox = { programs.firefox = {
enable = true; enable = true;
package = pkgs.firefox; package = firefox.packages.${pkgs.system}.firefox;
profiles = let profiles = let
extensions = with config.nur.repos.rycee.firefox-addons; [ extensions = with config.nur.repos.rycee.firefox-addons; [
clearurls clearurls
@ -30,16 +30,6 @@ in lib.mkIf (osConfig.hardware.graphics.enable or false) {
"intl.accept_languages" = "en-gb,en,de,fr,es-es,es,pt,ja"; "intl.accept_languages" = "en-gb,en,de,fr,es-es,es,pt,ja";
"intl.locale.requested" = "en-GB,en,de,fr,es-ES,es,pt,ja"; "intl.locale.requested" = "en-GB,en,de,fr,es-ES,es,pt,ja";
# use OS resolver
"network.trr.mode" = 5;
# force HTTPS
"dom.security.https_only_mode" = true;
"dom.security.https_only_mode_ever_enabled" = true;
# enable EME
"media.eme.enabled" = true;
# founts # founts
"font.default.x-unicode" = "sans-serif"; "font.default.x-unicode" = "sans-serif";
"font.default.x-western" = "sans-serif"; "font.default.x-western" = "sans-serif";
@ -49,87 +39,7 @@ in lib.mkIf (osConfig.hardware.graphics.enable or false) {
"font.name.monospace.x-western" = "Fira Code"; "font.name.monospace.x-western" = "Fira Code";
# hardware acceleration # hardware acceleration
"gfx.webrender.all" = true;
"layers.acceleration.force-enabled" = true; "layers.acceleration.force-enabled" = true;
"media.ffmpeg.vaapi.enabled" = true;
# always ask for download location
"browser.download.useDownloadDir" = false;
# disable firefox tab
"browser.tabs.firefox-view" = false;
# disable firefox intro tab
"browser.startup.homepage_override.mstone" = "ignore";
# disable default browser check
"browser.shell.checkDefaultBrowser" = false;
# private containor for new tab page thumbnails
"privacy.usercontext.about_newtab_segregation.enabled" = true;
# disable Beacons API
"beacon.enabled" = false;
# disable pings
"browser.send_pings" = false;
# strip query parameters
"privacy.query_stripping" = true;
# disable access to device sensors
"device.sensors.enabled" = false;
"dom.battery.enabled" = false;
# disable media autoplay
"media.autoplay.enabled" = false;
# block thirdparty cookies
"network.cookie.cookieBehavior" = 1;
# spoof referrer header
"network.http.referer.spoofSource" = true;
# isolate all browser identifier sources
"privacy.firstparty.isolate" = true;
# resist fingerprinting
#"privacy.resistFingerprinting" = true;
# enable builtin tracking protection
"privacy.trackingprotection.enabled" = true;
"privacy.trackingprotection.emailtracking.enabled" = true;
"privacy.trackingprotection.socialtracking.enabled" = true;
# disable data sharing
"app.normandy.enabled" = false;
"app.shield.optoutstudies.enabled" = false;
"datareporting.healthreport.uploadEnabled" = false;
# disable safebrowsing
"browser.safebrowsing.downloads.enabled" = false;
"browser.safebrowsing.malware.enabled" = false;
"browser.safebrowsing.phishing.enabled" = false;
# disable firefox account
"identity.fxaccounts.enabled" = false;
# disable sponsored items
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"browser.newtabpage.enhanced" = false;
# disable Pocket
"extensions.pocket.enabled" = false;
# disable crash reporting
"browser.tabs.crashReporting.sendReport" = false;
"breakpad.reportURL" = "";
# disable accessibility services
"accessibility.force_disabled" = true;
# disable password autofill
"signon.autofillForms" = false;
# enable user profile customisation # enable user profile customisation
"toolkit.legacyUserProfileCustomizations.stylesheets" = true; "toolkit.legacyUserProfileCustomizations.stylesheets" = true;

View file

@ -1,10 +1,10 @@
{ ... }: { config, lib, pkgs, ... }@args: { firefox, ... }: { config, lib, pkgs, ... }@args:
let let
osConfig = args.osConfig or { }; osConfig = args.osConfig or { };
in lib.mkIf (osConfig.hardware.graphics.enable or false) { in lib.mkIf (osConfig.hardware.graphics.enable or false) {
programs.thunderbird = { programs.thunderbird = {
enable = true; enable = true;
package = pkgs.thunderbird; package = firefox.packages.${pkgs.system}.thunderbird;
profiles = { }; profiles = { };
}; };
} }

View file

@ -15,22 +15,6 @@ in {
secureBuild = true; secureBuild = true;
}; };
firefox = (final.wrapFirefox final.firefox-unwrapped { }).overrideAttrs (prevAttrs: {
buildCommand = prevAttrs.buildCommand + ''
sed -i \
'$i export MIMALLOC_RESERVE_HUGE_OS_PAGES=2' \
"$out/bin/firefox"
'';
});
thunderbird = (final.wrapThunderbird final.thunderbird-unwrapped { }).overrideAttrs (prevAttrs: {
buildCommand = prevAttrs.buildCommand + ''
sed -i \
'$i export MIMALLOC_RESERVE_HUGE_OS_PAGES=2' \
"$out/bin/thunderbird"
'';
});
fractal = prev.fractal.overrideAttrs (prevAttrs: { fractal = prev.fractal.overrideAttrs (prevAttrs: {
nativeBuildInputs = prevAttrs.nativeBuildInputs or [ ] ++ [ final.makeBinaryWrapper ]; nativeBuildInputs = prevAttrs.nativeBuildInputs or [ ] ++ [ final.makeBinaryWrapper ];
buildInputs = prevAttrs.buildInputs or [ ] ++ [ final.mimalloc ]; buildInputs = prevAttrs.buildInputs or [ ] ++ [ final.mimalloc ];

View file

@ -91,23 +91,6 @@ in genAttrs [
withSsh = false; withSsh = false;
}; };
firefox-unwrapped = (prev.firefox-unwrapped.overrideAttrs (prevAttrs: {
buildInputs = prevAttrs.buildInputs or [ ]
++ [ final.alsa-lib ];
configureFlags = prevAttrs.configureFlags or [ ]
|> substituteFlags {
"--enable-default-toolkit=.*" = "--enable-default-toolkit=cairo-gtk3-wayland-only";
};
})).override {
alsaSupport = false;
gssSupport = false;
jemallocSupport = false;
sndioSupport = false;
};
firefox = final.wrapFirefox final.firefox-unwrapped { };
gammastep = prev.gammastep.override { gammastep = prev.gammastep.override {
withRandr = false; withRandr = false;
}; };
@ -344,17 +327,6 @@ in genAttrs [
withIptables = false; withIptables = false;
}; };
thunderbird-unwrapped = (prev.thunderbird-unwrapped.overrideAttrs (prevAttrs: {
configureFlags = prevAttrs.configureFlags or [ ]
|> substituteFlags {
"--enable-default-toolkit=.*" = "--enable-default-toolkit=cairo-gtk3-wayland-only";
};
})).override {
jemallocSupport = false;
};
thunderbird = final.wrapThunderbird final.thunderbird-unwrapped { };
w3m = prev.w3m.override { w3m = prev.w3m.override {
x11Support = false; x11Support = false;
imlib2 = final.imlib2; imlib2 = final.imlib2;