profiles/browsers: init system-wide browser profile

2025-01-31 04:58:01 +00:00 · 2023-09-14 13:25:03 +08:00 · 2023-09-14 13:25:03 +08:00 · e83cbded5d
commit e83cbded5d
parent 2fd534c88e
2 changed files with 142 additions and 0 deletions
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@ -18,6 +18,7 @@ let
  ];
  privateModules = [
    ./profiles/archiving.nix
+    ./profiles/browsers.nix
    ./profiles/desktop.nix
    ./profiles/dev.nix
    ./profiles/filesystem.nix
--- a/modules/nixos/profiles/browsers.nix
+++ b/modules/nixos/profiles/browsers.nix
@ -0,0 +1,141 @@
+# Browsers for your enterprise needs (seriously though, they're configured
+# differently and typically for "enterprise" use cases in mind and what I mean
+# "enterprise" is for all of the users which is me, myself, and I).
+{ config, options, lib, pkgs, ... }:
+
+let
+  cfg = config.profiles.browsers;
+in
+{
+  options.profiles.browsers = {
+    firefox.enable = lib.mkEnableOption "Firefox and its fixed configuration";
+    chromium.enable = lib.mkEnableOption "Chromium and its fixed configuration";
+  };
+
+  config = lib.mkMerge [
+    (lib.mkIf cfg.chromium.enable {
+      programs.chromium = {
+        enable = true;
+
+        # Unlike the user-specific browser configuration, we're just
+        # considering the bare minimum set of preferred extensions.
+        extensions = [
+          "dbepggeogbaibhgnhhndojpepiihcmeb" # Vimium
+          "jfnifeihccihocjbfcfhicmmgpjicaec" # GSConnect
+          "aapbdbdomjkkjkaonfhkkikfgjllcleb" # Google Translate
+          "fpnmgdkabkmnadcjpehmlllkndpkmiak" # Wayback Machine
+        ];
+
+        extraOpts = {
+          AutofillAddressEnabled = false;
+          AutofillCreditCardEnabled = false;
+          BrowserSignIn = 0;
+          ColorCorrectionEnabled = true;
+          CursorHighlightEnabled = true;
+          PasswordManagerEnabled = false;
+        };
+      };
+    })
+
+    (lib.mkIf cfg.firefox.enable {
+      programs.firefox = {
+        enable = true;
+
+        policies = {
+          AppAutoUpdate = false;
+          DisableAppUpdate = true;
+          DisableMasterPasswordCreation = true;
+          DisablePocket = true;
+          DisableSetDesktopBackground = true;
+          DontCheckDefaultBrowser = true;
+
+          ExtensionSettings =
+            let
+              mozillaAddon = id: "https://addons.mozilla.org/firefox/downloads/latest/${id}/latest.xpi";
+
+              # Unlike the user-specific browser configuration, we're just
+              # considering the bare minimum set of preferred extensions.
+              extensions = {
+                "@contain-facebook".install_url = mozillaAddon "facebook-container";
+                "@testpilot-containers".install_url = mozillaAddon "multi-account-containers";
+                "firefox-translations-addon@mozilla.org".install_url = mozillaAddon "firefox-translations";
+                "jid1-MnnxcxisBPnSXQ@jetpack".install_url = mozillaAddon "privacy-badger17";
+                "uBlock0@raymondhill.net".install_url = mozillaAddon "ublock-origin";
+                "wayback_machine@mozilla.org" = {
+                  install_url = mozillaAddon "wayback-machine_new";
+                  default_area = "navbar";
+                };
+              };
+
+              applyInstallationMode = name: value:
+                lib.nameValuePair name (value //
+                  (lib.optionalAttrs (value.installation_mode != "") {
+                    installation_mode = "normal_installed";
+                  }));
+            in
+            lib.mapAttrs' applyInstallationMode extensions;
+
+          FirefoxHome = {
+            Highlights = false;
+            Pocket = false;
+            Snippets = false;
+            SponsporedPocket = false;
+            SponsporedTopSites = false;
+          };
+          NoDefaultBookmarks = true;
+          OfferToSaveLoginsDefault = false;
+          PasswordManagerEnabled = false;
+          SanitizeOnShutdown = {
+            FormData = true;
+          };
+          UseSystemPrintDialog = true;
+          UserMessaging = {
+            ExtensionRecommendations = false;
+            SkipOnboarding = true;
+          };
+        };
+
+        # These are the more situational but we'll consider the most likely to
+        # be used.
+        nativeMessagingHosts = {
+          ff2mpv = true;
+          fxCast = true;
+          tridactyl = true;
+        };
+
+        preferences = {
+          # Disable the UI tour.
+          "browser.uitour.enabled" = false;
+
+          # Don't tease me with the updates, man.
+          "apps.update.auto" = false;
+
+          # Some inconveniences of life (at least for me).
+          "extensions.pocket.enabled" = false;
+          "signon.rememberSignons" = false;
+
+          # Some quality of lifes.
+          "browser.search.widget.inNavBar" = true;
+          "browser.search.openintab" = true;
+
+          # Some privacy settings...
+          "privacy.donottrackheader.enabled" = true;
+          "privacy.trackingprotection.enabled" = true;
+
+          # Burn our own fingers.
+          "privacy.resistFingerprinting" = true;
+          "privacy.fingerprintingProtection" = true;
+          "privacy.fingerprintingProtection.pbmode" = true;
+
+          "privacy.query_stripping.enabled" = true;
+          "privacy.query_stripping.enabled.pbmode" = true;
+
+          "dom.security.https_first" = true;
+          "dom.security.https_first_pbm" = true;
+
+          "privacy.firstparty.isolate" = true;
+        };
+      };
+    })
+  ];
+}