home: librewolf -> firefox

- LibreWolf uses custom UA when RFP isn't enabled, this leads to inconviences
  and weird beheviour when website detects your browser's UA. For example,
  Google renders with weird styling, installing Firefox Add-ons does not work,
  etc.

- Sandboxing with NixPak does not work with programs.firefox, unsure why.
  But NixPak also breaks hardware video accelerating (on LibreWolf), so
  anyway.

- Also sorted thunderbird's user-override.js and impermanence.nix
This commit is contained in:
Guanran Wang 2024-02-14 04:19:48 +08:00
parent c32f4ce701
commit 4d38591c6e
Signed by: nyancat
SSH key fingerprint: SHA256:8oWGKciPALWut/6WA27oFKofX+6Wtc0gQnsefXLQx/8
5 changed files with 109 additions and 73 deletions

View file

@ -1,65 +1,66 @@
{ {pkgs, ...}:
inputs, #let
pkgs, #mkNixPak = inputs.nixpak.lib.nixpak {
... # inherit (pkgs) lib;
}: let # inherit pkgs;
mkNixPak = inputs.nixpak.lib.nixpak {
inherit (pkgs) lib;
inherit pkgs;
};
firefox = mkNixPak {
config = {
config,
sloth,
...
}: {
app.package = pkgs.firefox;
flatpak.appId = "org.mozilla.firefox";
imports = [
(inputs.nixpak-pkgs + "/pkgs/modules/gui-base.nix")
(inputs.nixpak-pkgs + "/pkgs/modules/network.nix")
];
# Specified in https://github.com/schizofox/schizofox/blob/main/modules/hm/default.nix
# I really don't have any idea what am I doing, it just works™
dbus.policies = {
"org.mozilla.firefox.*" = "own";
#"org.mozilla.firefox_beta.*" = "own";
};
bubblewrap = let
envSuffix = envKey: sloth.concat' (sloth.env envKey);
in {
bind.rw = [
"/tmp/.X11-unix"
(sloth.envOr "XAUTHORITY" "/no-xauth")
(envSuffix "XDG_RUNTIME_DIR" "/dconf")
(sloth.concat' sloth.homeDir "/.mozilla")
(sloth.concat' sloth.homeDir "/Downloads")
];
bind.ro = [
"/etc/localtime"
"/sys/bus/pci"
["${config.app.package}/lib/firefox" "/app/etc/firefox"]
(sloth.concat' sloth.xdgConfigHome "/dconf")
];
};
};
};
in {
home.packages = [firefox.config.env];
# TODO: does not seem to work
#programs.firefox = {
# enable = true;
# package = firefox.config.env;
#
# # TODO
# profiles."default" = {};
#}; #};
#
#firefox = mkNixPak {
# config = {
# config,
# sloth,
# ...
# }: {
# app.package = pkgs.firefox;
# flatpak.appId = "org.mozilla.firefox";
#
# imports = [
# (inputs.nixpak-pkgs + "/pkgs/modules/gui-base.nix")
# (inputs.nixpak-pkgs + "/pkgs/modules/network.nix")
# ];
#
# # Specified in https://github.com/schizofox/schizofox/blob/main/modules/hm/default.nix
# # I really don't have any idea what am I doing, it just works™
# dbus.policies = {
# "org.mozilla.firefox.*" = "own";
# #"org.mozilla.firefox_beta.*" = "own";
# };
#
# bubblewrap = let
# envSuffix = envKey: sloth.concat' (sloth.env envKey);
# in {
# bind.rw = [
# "/tmp/.X11-unix"
# (sloth.envOr "XAUTHORITY" "/no-xauth")
# (envSuffix "XDG_RUNTIME_DIR" "/dconf")
# (sloth.concat' sloth.homeDir "/.mozilla")
# (sloth.concat' sloth.homeDir "/Downloads")
# ];
# bind.ro = [
# "/etc/localtime"
# "/sys/bus/pci"
#
# ["${config.app.package}/lib/firefox" "/app/etc/firefox"]
# (sloth.concat' sloth.xdgConfigHome "/dconf")
# ];
# };
# };
#};
#in
{
programs.firefox = {
enable = true;
#package = firefox.config.env; # it didnt work
profiles."default" = {
extraConfig = ''
${builtins.readFile (pkgs.fetchurl {
url = "https://raw.githubusercontent.com/arkenfox/user.js/122.0/user.js";
hash = "sha256-H3Nk5sDxSElGRgK+cyQpVyjtlMF2Okxbstu9A+eJtGk=";
})}
${builtins.readFile ./user-overrides.js}
'';
};
};
home.sessionVariables = { home.sessionVariables = {
MOZ_USE_XINPUT2 = "1"; MOZ_USE_XINPUT2 = "1";

View file

@ -0,0 +1,35 @@
// Restore disabled functions
user_pref("browser.cache.disk.enable", true);
user_pref("browser.download.always_ask_before_handling_new_types", true);
user_pref("browser.download.useDownloadDir", true);
user_pref("browser.newtabpage.enabled", true);
user_pref("browser.shell.shortcutFavicons", true);
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.startup.page", 1);
user_pref("privacy.resistFingerprinting", false);
user_pref("privacy.resistFingerprinting.letterboxing", false);
user_pref("privacy.sanitize.sanitizeOnShutdown", false);
user_pref("security.OCSP.enabled", 0);
user_pref("security.pki.crlite_mode", 2);
user_pref("security.remote_settings.crlite_filters.enabled", true);
user_pref("webgl.disabled", false);
// Weird stuff that is not disabled
user_pref("browser.preferences.moreFromMozilla", false);
user_pref("browser.privatebrowsing.vpnpromourl", "");
user_pref("browser.safebrowsing.downloads.enabled", false);
user_pref("browser.shell.checkDefaultBrowser", false);
user_pref("extensions.pocket.enabled", false);
user_pref("signon.rememberSignons", false);
// Neat features, nice to have
user_pref("browser.compactmode.show", true);
user_pref("browser.search.separatePrivateDefault", false);
user_pref("browser.urlbar.suggest.calculator", true);
// Smooth scrolling
user_pref("apz.overscroll.enabled", true);
user_pref("general.smoothScroll", true);
user_pref("general.smoothScroll.msdPhysics.enabled", true);
user_pref("general.smoothScroll.msdPhysics.motionBeginSpringConstant", 600)
user_pref("mousewheel.default.delta_multiplier_y", 75);

View file

@ -24,7 +24,8 @@
# Browser # Browser
"chromium" "chromium"
"librewolf" #"librewolf"
"firefox"
# Language # Language
"nix" "nix"

View file

@ -1,15 +1,12 @@
{lib, ...}: { {lib, ...}: {
### sops-nix
sops.age.sshKeyPaths = lib.mkForce ["/persist/etc/ssh/ssh_host_ed25519_key"]; sops.age.sshKeyPaths = lib.mkForce ["/persist/etc/ssh/ssh_host_ed25519_key"];
fileSystems."/persist".neededForBoot = true; fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = { environment.persistence."/persist" = {
hideMounts = true; hideMounts = true;
directories = [ directories = [
"/var/log" "/var/log"
"/var/lib" "/var/lib"
"/etc/secureboot"
"/etc/secureboot" # sbctl, lanzaboote
]; ];
files = [ files = [
"/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_ed25519_key"
@ -24,24 +21,26 @@
"Downloads" "Downloads"
"Music" "Music"
"Pictures" "Pictures"
"Videos"
#"Public" #"Public"
#"Templates" #"Templates"
"Videos"
".ssh"
#".librewolf"
".mozilla/firefox"
".thunderbird"
".cache" ".cache"
".local/share" # ".local/bin" is managed through home-manager ".local/share"
".local/state" ".local/state"
".ssh"
".librewolf" ".config/Mumble"
".thunderbird" ".config/VSCodium"
".config/chromium" ".config/chromium"
".config/fcitx5" ".config/fcitx5"
".config/Mumble"
".config/spotify"
".config/obs-studio" ".config/obs-studio"
".config/qBittorrent" ".config/qBittorrent"
".config/VSCodium" # UI states, GitHub account state, etc ".config/spotify"
]; ];
files = [ files = [
".config/sops/age/keys.txt" ".config/sops/age/keys.txt"