nixos-config/modules/nixos/profiles/browsers.nix

# Browsers for your enterprise needs (seriously though, they're configured
# differently and typically for "enterprise" use cases in mind and what I mean
# "enterprise" is for all of the users which is me, myself, and I).
{ config, options, lib, pkgs, ... }:

let
  cfg = config.profiles.browsers;
in
{
  options.profiles.browsers = {
    firefox.enable = lib.mkEnableOption "Firefox and its fixed configuration";
    chromium.enable = lib.mkEnableOption "Chromium and its fixed configuration";
  };

  config = lib.mkMerge [
    (lib.mkIf cfg.chromium.enable {
      environment.systemPackages = with pkgs; [
        chromium
      ];

      programs.chromium = {
        enable = true;

        # Unlike the user-specific browser configuration, we're just
        # considering the bare minimum set of preferred extensions.
        extensions = [
          "dbepggeogbaibhgnhhndojpepiihcmeb" # Vimium
          "jfnifeihccihocjbfcfhicmmgpjicaec" # GSConnect
          "aapbdbdomjkkjkaonfhkkikfgjllcleb" # Google Translate
          "fpnmgdkabkmnadcjpehmlllkndpkmiak" # Wayback Machine
        ];

        extraOpts = {
          AutofillAddressEnabled = false;
          AutofillCreditCardEnabled = false;
          BrowserSignIn = 0;
          ColorCorrectionEnabled = true;
          CursorHighlightEnabled = true;
          PasswordManagerEnabled = false;
        };
      };
    })

    (lib.mkIf cfg.firefox.enable {
      programs.firefox = {
        enable = true;

        policies = {
          AppAutoUpdate = false;
          DisableAppUpdate = true;
          DisableMasterPasswordCreation = true;
          DisablePocket = true;
          DisableSetDesktopBackground = true;
          DontCheckDefaultBrowser = true;

          ExtensionSettings =
            let
              mozillaAddon = id: "https://addons.mozilla.org/firefox/downloads/latest/${id}/latest.xpi";

              # Unlike the user-specific browser configuration, we're just
              # considering the bare minimum set of preferred extensions.
              extensions = {
                "@contain-facebook".install_url = mozillaAddon "facebook-container";
                "@contain-google".install_url = mozillaAddon "google-container";
                "@testpilot-containers".install_url = mozillaAddon "multi-account-containers";
                "{446900e4-71c2-419f-a6a7-df9c091e268b}" = {
                  install_url = mozillaAddon "bitwarden-password-manager";
                  installation_mode = "force_installed";
                  default_area = "navbar";
                };
                "ff2mpv@yossarian.net".install_url = mozillaAddon "ff2mpv";
                "firefox-translations-addon@mozilla.org".install_url = mozillaAddon "firefox-translations";
                "fx_cast@matt.tf".install_url = "https://github.com/hensm/fx_cast/releases/download/v0.3.1/fx_cast-0.3.1.xpi";
                "jid1-MnnxcxisBPnSXQ@jetpack".install_url = mozillaAddon "privacy-badger17";
                "tridactyl.vim@cmcaine.co.uk".install_url = mozillaAddon "tridactyl-vim";
                "uBlock0@raymondhill.net".install_url = mozillaAddon "ublock-origin";
                "wayback_machine@mozilla.org" = {
                  install_url = mozillaAddon "wayback-machine_new";
                  default_area = "navbar";
                };
              };

              applyInstallationMode = name: value:
                lib.nameValuePair name (value //
                  (lib.optionalAttrs
                    (! (lib.hasAttrByPath [ "installation_mode" ] value))
                    { installation_mode = "normal_installed"; }));
            in
            lib.mapAttrs' applyInstallationMode extensions;

          FirefoxHome = {
            Highlights = false;
            Pocket = false;
            Snippets = false;
            SponsporedPocket = false;
            SponsporedTopSites = false;
          };
          NoDefaultBookmarks = true;
          OfferToSaveLoginsDefault = false;
          PasswordManagerEnabled = false;
          SanitizeOnShutdown = {
            FormData = true;
          };
          UseSystemPrintDialog = true;
          UserMessaging = {
            ExtensionRecommendations = false;
            SkipOnboarding = true;
          };
        };

        # These are the more situational but we'll consider the most likely to
        # be used.
        nativeMessagingHosts = {
          ff2mpv = true;
          fxCast = true;
          tridactyl = true;
        };

        preferences = {
          # Disable the UI tour.
          "browser.uitour.enabled" = false;

          # Don't tease me with the updates, man.
          "apps.update.auto" = false;

          # Some inconveniences of life (at least for me).
          "extensions.pocket.enabled" = false;
          "signon.rememberSignons" = false;

          # Some quality of lifes.
          "browser.search.widget.inNavBar" = true;
          "browser.search.openintab" = true;

          # Some privacy settings...
          "privacy.donottrackheader.enabled" = true;
          "privacy.trackingprotection.enabled" = true;

          # Burn our own fingers.
          "privacy.resistFingerprinting" = true;
          "privacy.fingerprintingProtection" = true;
          "privacy.fingerprintingProtection.pbmode" = true;

          "privacy.query_stripping.enabled" = true;
          "privacy.query_stripping.enabled.pbmode" = true;

          "dom.security.https_first" = true;
          "dom.security.https_first_pbm" = true;

          "privacy.firstparty.isolate" = true;
        };
      };
    })
  ];
}
profiles/browsers: init system-wide browser profile 2023-09-14 05:25:03 +00:00			`# Browsers for your enterprise needs (seriously though, they're configured`
			`# differently and typically for "enterprise" use cases in mind and what I mean`
			`# "enterprise" is for all of the users which is me, myself, and I).`
			`{ config, options, lib, pkgs, ... }:`

			`let`
			`cfg = config.profiles.browsers;`
			`in`
			`{`
			`options.profiles.browsers = {`
			`firefox.enable = lib.mkEnableOption "Firefox and its fixed configuration";`
			`chromium.enable = lib.mkEnableOption "Chromium and its fixed configuration";`
			`};`

			`config = lib.mkMerge [`
			`(lib.mkIf cfg.chromium.enable {`
profiles/browsers: add Chromium browser to system packages 2023-09-18 06:43:02 +00:00			`environment.systemPackages = with pkgs; [`
			`chromium`
			`];`

profiles/browsers: init system-wide browser profile 2023-09-14 05:25:03 +00:00			`programs.chromium = {`
			`enable = true;`

			`# Unlike the user-specific browser configuration, we're just`
			`# considering the bare minimum set of preferred extensions.`
			`extensions = [`
			`"dbepggeogbaibhgnhhndojpepiihcmeb" # Vimium`
			`"jfnifeihccihocjbfcfhicmmgpjicaec" # GSConnect`
			`"aapbdbdomjkkjkaonfhkkikfgjllcleb" # Google Translate`
			`"fpnmgdkabkmnadcjpehmlllkndpkmiak" # Wayback Machine`
			`];`

			`extraOpts = {`
			`AutofillAddressEnabled = false;`
			`AutofillCreditCardEnabled = false;`
			`BrowserSignIn = 0;`
			`ColorCorrectionEnabled = true;`
			`CursorHighlightEnabled = true;`
			`PasswordManagerEnabled = false;`
			`};`
			`};`
			`})`

			`(lib.mkIf cfg.firefox.enable {`
			`programs.firefox = {`
			`enable = true;`

			`policies = {`
			`AppAutoUpdate = false;`
			`DisableAppUpdate = true;`
			`DisableMasterPasswordCreation = true;`
			`DisablePocket = true;`
			`DisableSetDesktopBackground = true;`
			`DontCheckDefaultBrowser = true;`

			`ExtensionSettings =`
			`let`
			`mozillaAddon = id: "https://addons.mozilla.org/firefox/downloads/latest/${id}/latest.xpi";`

			`# Unlike the user-specific browser configuration, we're just`
			`# considering the bare minimum set of preferred extensions.`
			`extensions = {`
			`"@contain-facebook".install_url = mozillaAddon "facebook-container";`
profiles/browsers: add "Google Container" add-on 2023-09-23 12:27:17 +00:00			`"@contain-google".install_url = mozillaAddon "google-container";`
profiles/browsers: init system-wide browser profile 2023-09-14 05:25:03 +00:00			`"@testpilot-containers".install_url = mozillaAddon "multi-account-containers";`
profiles/browsers: add Bitwarden extension for Firefox 2023-09-16 08:18:25 +00:00			`"{446900e4-71c2-419f-a6a7-df9c091e268b}" = {`
			`install_url = mozillaAddon "bitwarden-password-manager";`
			`installation_mode = "force_installed";`
			`default_area = "navbar";`
			`};`
profiles/browser: add browser extensions for Firefox native extensions 2023-09-16 08:31:17 +00:00			`"ff2mpv@yossarian.net".install_url = mozillaAddon "ff2mpv";`
profiles/browsers: init system-wide browser profile 2023-09-14 05:25:03 +00:00			`"firefox-translations-addon@mozilla.org".install_url = mozillaAddon "firefox-translations";`
profiles/browser: add browser extensions for Firefox native extensions 2023-09-16 08:31:17 +00:00			`"fx_cast@matt.tf".install_url = "https://github.com/hensm/fx_cast/releases/download/v0.3.1/fx_cast-0.3.1.xpi";`
profiles/browsers: init system-wide browser profile 2023-09-14 05:25:03 +00:00			`"jid1-MnnxcxisBPnSXQ@jetpack".install_url = mozillaAddon "privacy-badger17";`
profiles/browser: add browser extensions for Firefox native extensions 2023-09-16 08:31:17 +00:00			`"tridactyl.vim@cmcaine.co.uk".install_url = mozillaAddon "tridactyl-vim";`
profiles/browsers: init system-wide browser profile 2023-09-14 05:25:03 +00:00			`"uBlock0@raymondhill.net".install_url = mozillaAddon "ublock-origin";`
			`"wayback_machine@mozilla.org" = {`
			`install_url = mozillaAddon "wayback-machine_new";`
			`default_area = "navbar";`
			`};`
			`};`

			`applyInstallationMode = name: value:`
			`lib.nameValuePair name (value //`
profiles/browser: add browser extensions for Firefox native extensions 2023-09-16 08:31:17 +00:00			`(lib.optionalAttrs`
			`(! (lib.hasAttrByPath [ "installation_mode" ] value))`
			`{ installation_mode = "normal_installed"; }));`
profiles/browsers: init system-wide browser profile 2023-09-14 05:25:03 +00:00			`in`
			`lib.mapAttrs' applyInstallationMode extensions;`

			`FirefoxHome = {`
			`Highlights = false;`
			`Pocket = false;`
			`Snippets = false;`
			`SponsporedPocket = false;`
			`SponsporedTopSites = false;`
			`};`
			`NoDefaultBookmarks = true;`
			`OfferToSaveLoginsDefault = false;`
			`PasswordManagerEnabled = false;`
			`SanitizeOnShutdown = {`
			`FormData = true;`
			`};`
			`UseSystemPrintDialog = true;`
			`UserMessaging = {`
			`ExtensionRecommendations = false;`
			`SkipOnboarding = true;`
			`};`
			`};`

			`# These are the more situational but we'll consider the most likely to`
			`# be used.`
			`nativeMessagingHosts = {`
			`ff2mpv = true;`
			`fxCast = true;`
			`tridactyl = true;`
			`};`

			`preferences = {`
			`# Disable the UI tour.`
			`"browser.uitour.enabled" = false;`

			`# Don't tease me with the updates, man.`
			`"apps.update.auto" = false;`

			`# Some inconveniences of life (at least for me).`
			`"extensions.pocket.enabled" = false;`
			`"signon.rememberSignons" = false;`

			`# Some quality of lifes.`
			`"browser.search.widget.inNavBar" = true;`
			`"browser.search.openintab" = true;`

			`# Some privacy settings...`
			`"privacy.donottrackheader.enabled" = true;`
			`"privacy.trackingprotection.enabled" = true;`

			`# Burn our own fingers.`
			`"privacy.resistFingerprinting" = true;`
			`"privacy.fingerprintingProtection" = true;`
			`"privacy.fingerprintingProtection.pbmode" = true;`

			`"privacy.query_stripping.enabled" = true;`
			`"privacy.query_stripping.enabled.pbmode" = true;`

			`"dom.security.https_first" = true;`
			`"dom.security.https_first_pbm" = true;`

			`"privacy.firstparty.isolate" = true;`
			`};`
			`};`
			`})`
			`];`
			`}`