From 979ff80d226a967a921a534b5fa19bd9e23331a2 Mon Sep 17 00:00:00 2001
From: Crazazy
Date: Sun, 27 Feb 2022 11:19:13 +0100
Subject: add a hardened firefox config

---
 nixos.org | 44 ++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 42 insertions(+), 2 deletions(-)

(limited to 'nixos.org')

diff --git a/nixos.org b/nixos.org
index 5e1e2f9..ffa412f 100644
--- a/nixos.org
+++ b/nixos.org
@@ -13,6 +13,46 @@ stuff
       sources = import ./nix/sources.nix;
       nur = import sources.NUR { inherit pkgs; };
       nurModules = import sources.NUR { };
+      myFirefox = with pkgs; wrapFirefox firefox-esr-unwrapped {
+        nixExtensions = builtins.filter lib.isDerivation (builtins.attrValues nur.repos.crazazy.firefox-addons);
+
+        extraPolicies = {
+          CaptivePortal = false;
+          DisableFirefoxStudies = true;
+          DisablePocket = true;
+          DisableTelemetry = true;
+          DisableFirefoxAccounts = true;
+          DontCheckDefaultBrowser = true;
+          FirefoxHome = {
+            Pocket = false;
+            Snippets = false;
+          };
+          UserMessaging = {
+            ExtensionRecommendations = false;
+            SkipOnboarding = true;
+          };
+        };
+        extraPrefs = ''
+      // Show more ssl cert infos
+      lockPref("security.identityblock.show_extended_validation", true);
+      // Enable userchrome css
+      lockPref("toolkit.legacyUserProfileCustomizations.stylesheets", true);
+      // Enable dark dev tools
+      lockPref("devtools.theme","dark");
+      // Misc other settings
+      lockPref("extensions.autoDisableScopes", 0);
+      lockPref("browser.uidensity", 1);
+      lockPref("browser.search.openintab", true);
+      lockPref("extensions.update.enabled", false);
+      lockPref("identity.fxaccounts.enabled", false);
+      lockPref("signon.rememberSignons", false);
+      lockPref("signon.rememberSignons.visibilityToggle", false);
+      lockPref("media.eme.enabled", true);
+      lockPref("browser.eme.ui.enabled", true);
+      lockPref("xpinstall.signatures.required",false);
+      lockPref("browser.shell.checkDefaultBrowser", false );
+    '';
+      };
     in
     {
       imports = [
@@ -154,7 +194,7 @@ stuff
           ".config/keybase"
           ".local/share/Steam"
           ".local/share/keybase"
-          ".mozilla/seamonkey"
+          ".mozilla/firefox"
           ".ssh"
           ".wine"
           "Desktop"
@@ -210,7 +250,7 @@ stuff
           gitFull
           curl
           vim
-          nur.repos.crazazy.seamonkey
+          myFirefox
           (wine.override { wineBuild = "wineWow"; })
         ];
       }
-- 
cgit 1.4.1-2-gfad0