home: librewolf -> firefox

- LibreWolf uses custom UA when RFP isn't enabled, this leads to inconviences
  and weird beheviour when website detects your browser's UA. For example,
  Google renders with weird styling, installing Firefox Add-ons does not work,
  etc.

- Sandboxing with NixPak does not work with programs.firefox, unsure why.
  But NixPak also breaks hardware video accelerating (on LibreWolf), so
  anyway.

- Also sorted thunderbird's user-override.js and impermanence.nix

home/applications/firefox/default.nix

@@ -1,65 +1,66 @@
+{pkgs, ...}:
+#let
+#mkNixPak = inputs.nixpak.lib.nixpak {
+#  inherit (pkgs) lib;
+#  inherit pkgs;
+#};
+#
+#firefox = mkNixPak {
+#  config = {
+#    config,
+#    sloth,
+#    ...
+#  }: {
+#    app.package = pkgs.firefox;
+#    flatpak.appId = "org.mozilla.firefox";
+#
+#    imports = [
+#      (inputs.nixpak-pkgs + "/pkgs/modules/gui-base.nix")
+#      (inputs.nixpak-pkgs + "/pkgs/modules/network.nix")
+#    ];
+#
+#    # Specified in https://github.com/schizofox/schizofox/blob/main/modules/hm/default.nix
+#    # I really don't have any idea what am I doing, it just works™
+#    dbus.policies = {
+#      "org.mozilla.firefox.*" = "own";
+#      #"org.mozilla.firefox_beta.*" = "own";
+#    };
+#
+#    bubblewrap = let
+#      envSuffix = envKey: sloth.concat' (sloth.env envKey);
+#    in {
+#      bind.rw = [
+#        "/tmp/.X11-unix"
+#        (sloth.envOr "XAUTHORITY" "/no-xauth")
+#        (envSuffix "XDG_RUNTIME_DIR" "/dconf")
+#        (sloth.concat' sloth.homeDir "/.mozilla")
+#        (sloth.concat' sloth.homeDir "/Downloads")
+#      ];
+#      bind.ro = [
+#        "/etc/localtime"
+#        "/sys/bus/pci"
+#
+#        ["${config.app.package}/lib/firefox" "/app/etc/firefox"]
+#        (sloth.concat' sloth.xdgConfigHome "/dconf")
+#      ];
+#    };
+#  };
+#};
+#in
 {
-  inputs,
+  programs.firefox = {
-  pkgs,
+    enable = true;
-  ...
+    #package = firefox.config.env; # it didnt work
-}: let
+    profiles."default" = {
-  mkNixPak = inputs.nixpak.lib.nixpak {
+      extraConfig = ''
-    inherit (pkgs) lib;
+        ${builtins.readFile (pkgs.fetchurl {
-    inherit pkgs;
+          url = "https://raw.githubusercontent.com/arkenfox/user.js/122.0/user.js";
-  };
+          hash = "sha256-H3Nk5sDxSElGRgK+cyQpVyjtlMF2Okxbstu9A+eJtGk=";
-
+        })}
-  firefox = mkNixPak {
+        ${builtins.readFile ./user-overrides.js}
-    config = {
+      '';
-      config,
-      sloth,
-      ...
-    }: {
-      app.package = pkgs.firefox;
-      flatpak.appId = "org.mozilla.firefox";
-
-      imports = [
-        (inputs.nixpak-pkgs + "/pkgs/modules/gui-base.nix")
-        (inputs.nixpak-pkgs + "/pkgs/modules/network.nix")
-      ];
-
-      # Specified in https://github.com/schizofox/schizofox/blob/main/modules/hm/default.nix
-      # I really don't have any idea what am I doing, it just works™
-      dbus.policies = {
-        "org.mozilla.firefox.*" = "own";
-        #"org.mozilla.firefox_beta.*" = "own";
-      };
-
-      bubblewrap = let
-        envSuffix = envKey: sloth.concat' (sloth.env envKey);
-      in {
-        bind.rw = [
-          "/tmp/.X11-unix"
-          (sloth.envOr "XAUTHORITY" "/no-xauth")
-          (envSuffix "XDG_RUNTIME_DIR" "/dconf")
-          (sloth.concat' sloth.homeDir "/.mozilla")
-          (sloth.concat' sloth.homeDir "/Downloads")
-        ];
-        bind.ro = [
-          "/etc/localtime"
-          "/sys/bus/pci"
-
-          ["${config.app.package}/lib/firefox" "/app/etc/firefox"]
-          (sloth.concat' sloth.xdgConfigHome "/dconf")
-        ];
-      };
     };
   };
-in {
-  home.packages = [firefox.config.env];
-
-  # TODO: does not seem to work
-  #programs.firefox = {
-  #  enable = true;
-  #  package = firefox.config.env;
-  #
-  #  # TODO
-  #  profiles."default" = {};
-  #};
 
   home.sessionVariables = {
     MOZ_USE_XINPUT2 = "1";

home/applications/firefox/user-overrides.js

@@ -0,0 +1,35 @@
+// Restore disabled functions
+user_pref("browser.cache.disk.enable", true);
+user_pref("browser.download.always_ask_before_handling_new_types", true);
+user_pref("browser.download.useDownloadDir", true);
+user_pref("browser.newtabpage.enabled", true);
+user_pref("browser.shell.shortcutFavicons", true);
+user_pref("browser.startup.homepage", "about:home");
+user_pref("browser.startup.page", 1);
+user_pref("privacy.resistFingerprinting", false);
+user_pref("privacy.resistFingerprinting.letterboxing", false);
+user_pref("privacy.sanitize.sanitizeOnShutdown", false);
+user_pref("security.OCSP.enabled", 0);
+user_pref("security.pki.crlite_mode", 2);
+user_pref("security.remote_settings.crlite_filters.enabled", true);
+user_pref("webgl.disabled", false);
+
+// Weird stuff that is not disabled
+user_pref("browser.preferences.moreFromMozilla", false);
+user_pref("browser.privatebrowsing.vpnpromourl", "");
+user_pref("browser.safebrowsing.downloads.enabled", false);
+user_pref("browser.shell.checkDefaultBrowser", false);
+user_pref("extensions.pocket.enabled", false);
+user_pref("signon.rememberSignons", false);
+
+// Neat features, nice to have
+user_pref("browser.compactmode.show", true);
+user_pref("browser.search.separatePrivateDefault", false);
+user_pref("browser.urlbar.suggest.calculator", true);
+
+// Smooth scrolling
+user_pref("apz.overscroll.enabled", true);
+user_pref("general.smoothScroll", true);
+user_pref("general.smoothScroll.msdPhysics.enabled", true);
+user_pref("general.smoothScroll.msdPhysics.motionBeginSpringConstant", 600)
+user_pref("mousewheel.default.delta_multiplier_y", 75);

home/applications/thunderbird/user-overrides.js

@@ -15,4 +15,4 @@ user_pref("mailnews.display.html_as", 0);
 user_pref("mailnews.message_display.disable_remote_image", false);
 
 // user_pref("privacy.resistFingerprinting", false);
-user_Pref("mail.shell.checkDefaultClient", false);
+user_Pref("mail.shell.checkDefaultClient", false);

nixos/profiles/common/graphical/home/default.nix

@@ -24,7 +24,8 @@
 
       # Browser
       "chromium"
-      "librewolf"
+      #"librewolf"
+      "firefox"
 
       # Language
       "nix"

nixos/profiles/common/opt-in/impermanence.nix

@@ -1,15 +1,12 @@
 {lib, ...}: {
-  ### sops-nix
   sops.age.sshKeyPaths = lib.mkForce ["/persist/etc/ssh/ssh_host_ed25519_key"];
-
   fileSystems."/persist".neededForBoot = true;
   environment.persistence."/persist" = {
     hideMounts = true;
     directories = [
       "/var/log"
       "/var/lib"
-
+      "/etc/secureboot"
-      "/etc/secureboot" # sbctl, lanzaboote
     ];
     files = [
       "/etc/ssh/ssh_host_ed25519_key"
@@ -24,24 +21,26 @@
         "Downloads"
         "Music"
         "Pictures"
+        "Videos"
         #"Public"
         #"Templates"
-        "Videos"
+
+        ".ssh"
+        #".librewolf"
+        ".mozilla/firefox"
+        ".thunderbird"
 
         ".cache"
-        ".local/share" # ".local/bin" is managed through home-manager
+        ".local/share"
         ".local/state"
-        ".ssh"
 
-        ".librewolf"
+        ".config/Mumble"
-        ".thunderbird"
+        ".config/VSCodium"
         ".config/chromium"
         ".config/fcitx5"
-        ".config/Mumble"
-        ".config/spotify"
         ".config/obs-studio"
         ".config/qBittorrent"
-        ".config/VSCodium" # UI states, GitHub account state, etc
+        ".config/spotify"
       ];
       files = [
         ".config/sops/age/keys.txt"