From 5ae55314552a8b3e3c142206c2acfe6eb58684a1 Mon Sep 17 00:00:00 2001 From: Jimbo Date: Fri, 29 Nov 2024 13:53:06 -0500 Subject: [PATCH] Variablize username in home, add more protections to Firefox/Librewolf's config --- hosts/tower/disko/default.nix | 4 +- .../home/programs/gui/librewolf/default.nix | 47 +++++++++++++++++-- modules/home/programs/gui/pcmanfm/default.nix | 4 +- .../home/programs/terminal/ranger/default.nix | 22 ++++----- 4 files changed, 57 insertions(+), 20 deletions(-) diff --git a/hosts/tower/disko/default.nix b/hosts/tower/disko/default.nix index 6c6c98d..d021010 100644 --- a/hosts/tower/disko/default.nix +++ b/hosts/tower/disko/default.nix @@ -51,11 +51,11 @@ subvolumes = { "/root" = { mountpoint = "/"; - mountOptions = [ "compress=zstd" "noatime" "ssd" ]; + mountOptions = [ "compress=zstd" "noatime" "ssd" "noexec" ]; }; "/prev" = { mountpoint = "/prev"; - mountOptions = [ "compress=zstd" "noatime" "ssd" ]; + mountOptions = [ "compress=zstd" "noatime" "ssd" "noexec" ]; }; "/nix" = { mountpoint = "/nix"; diff --git a/modules/home/programs/gui/librewolf/default.nix b/modules/home/programs/gui/librewolf/default.nix index 3458642..304e5e3 100644 --- a/modules/home/programs/gui/librewolf/default.nix +++ b/modules/home/programs/gui/librewolf/default.nix @@ -141,34 +141,55 @@ in { "browser.uidensity" = 1; "browser.compactmode.show" = true; - "browser.toolbars.bookmarks.visibility" = "newtab"; + "browser.send_pings" = false; + "browser.shell.checkDefaultBrowser" = false; + "browser.toolbars.bookmarks.visibility" = "never"; "browser.contentblocking.category" = "strict"; "browser.helperApps.deleteTempFileOnExit" = true; "browser.search.separatePrivateDefault" = false; "browser.download.useDownloadDir" = true; "browser.aboutConfig.showWarning" = false; "browser.startup.page" = 3; - "browser.newtabpage.enabled" = false; - "browser.tabs.inTitlebar" = 0; "browser.theme.content-theme" = 0; "browser.theme.toolbar-theme" = 0; + "browser.newtabpage.enabled" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false; + "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false; + "browser.tabs.inTitlebar" = 0; + "browser.tabs.closeWindowWithLastTab" = false; + "browser.urlbar.speculativeConnect.enabled" = false; + "browser.discovery.enabled" = false; + "browser.safebrowsing.downloads.enabled" = false; "browser.safebrowsing.downloads.remote.enabled" = false; "browser.safebrowsing.downloads.remote.block_uncommon" = false; "browser.safebrowsing.downloads.remote.block_potentially_unwanted" = false; "browser.safebrowsing.malware.enabled" = false; "browser.safebrowsing.phishing.enabled" = false; + "browser.safebrowsing.blockedURIs.enabled" = false; + "browser.safebrowsing.provider.google4.gethashURL" = false; + "browser.safebrowsing.provider.google4.updateURL" = false; + "browser.safebrowsing.provider.google.gethashURL" = false; + "browser.safebrowsing.provider.google.updateURL" = false; "extensions.pocket.enabled" = false; "extensions.autoDisableScopes" = 0; "extensions.activeThemeID" = "firefox-compact-dark@mozilla.org"; "extensions.formautofill.addresses.enabled" = false; + "extensions.formautofill.creditCards.enabled" = false; + "extensions.getAddons.showPane" = false; + "extensions.webservice.discoverURL" = ""; + "extensions.getAddons.discovery.api_url" = ""; + "extensions.htmlaboutaddons.discover.enabled" = false; + "extensions.htmlaboutaddons.recommendations.enabled" = false; "toolkit.legacyUserProfileCustomizations.stylesheets" = true; "toolkit.tabbox.switchByScrolling" = true; "privacy.resistFingerprinting" = true; "privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts" = true; + "privacy.firstparty.isolate" = true; "privacy.fingerprintingProtection" = true; "privacy.donottrackheader.enabled" = true; "privacy.globalprivacycontrol.enabled" = true; @@ -183,8 +204,11 @@ in { "network.trr.mode" = 3; "network.trr.uri" = "https://doh.libredns.gr/noads"; - "network.http.referer.XOriginPolicy" = true; + "network.cookie.cookieBehavior" = 1; "network.cookie.sameSite.noneRequiresSecure" = true; + "network.http.referer.XOriginPolicy" = 2; + "network.http.referer.XOriginTrimmingPolicy" = 2; + "network.http.referer.trimmingPolicy" = 2; "media.ffmpeg.vaapi.enabled" = true; "media.rdd-ffmpeg.enabled" = true; @@ -193,12 +217,25 @@ in { "gfx.webrender.all" = true; "gfx.x11-egl.force-enabled" = true; + "signon.rememberSignons" = false; + "signon.management.page.breach-alerts.enabled" = false; + + "dom.private-attribution.submission.enabled" = false; + "dom.battery.enabled" = false; + "dom.security.https_only_mode" = true; + "dom.security.https_only_mode.upgrade_local" = true; + "dom.security.https_only_mode_ever_enabled" = true; + "dom.security.https_only_mode_ever_enabled_pbm" = true; + "clipboard.autocopy" = false; "middlemouse.paste" = false; + "identity.fxaccounts.enabled" = false; "datareporting.healthreport.uploadEnabled" = false; "svg.context-properties.content.enabled" = true; + "services.sync.engine.addresses.available" = false; "device.sensors.motion.enabled" = false; + "security.OCSP.require" = true; "gnomeTheme.hideSingleTab" = true; "webgl.disabled" = false; }; @@ -244,7 +281,7 @@ in { # Fixes home.file = { # Symlinks to Librewolf - ".librewolf".source = config.lib.file.mkOutOfStoreSymlink "/home/jimbo/.mozilla/firefox"; + ".librewolf".source = config.lib.file.mkOutOfStoreSymlink "/home/${config.home.username}/.mozilla/firefox"; # Gnome theme ".mozilla/firefox/Misc/chrome".source = fetchTarball { diff --git a/modules/home/programs/gui/pcmanfm/default.nix b/modules/home/programs/gui/pcmanfm/default.nix index abbb327..5a668dc 100644 --- a/modules/home/programs/gui/pcmanfm/default.nix +++ b/modules/home/programs/gui/pcmanfm/default.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, config, ... }: { home = { packages = with pkgs; [ @@ -33,7 +33,7 @@ SortOrder=descending [Places] - HiddenPlaces=menu://applications/, network:///, computer:///, /home/jimbo/Desktop + HiddenPlaces=menu://applications/, network:///, computer:///, /home/${config.home.username}/Desktop [System] Archiver=file-roller diff --git a/modules/home/programs/terminal/ranger/default.nix b/modules/home/programs/terminal/ranger/default.nix index 5279d2b..36ae95c 100644 --- a/modules/home/programs/terminal/ranger/default.nix +++ b/modules/home/programs/terminal/ranger/default.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, config, ... }: { programs.ranger = { enable = true; @@ -104,20 +104,20 @@ file = { ".local/share/ranger/bookmarks".text = '' # Local files - h:/home/jimbo/ - k:/home/jimbo/Keepers - j:/home/jimbo/Downloads - v:/home/jimbo/Videos - c:/home/jimbo/.config - l:/home/jimbo/.local + h:/home/${config.home.username}/ + k:/home/${config.home.username}/Keepers + j:/home/${config.home.username}/Downloads + v:/home/${config.home.username}/Videos + c:/home/${config.home.username}/.config + l:/home/${config.home.username}/.local d:/mnt n:/etc/nixos # Remote files - J:/home/jimbo/JimboNFS - K:/home/jimbo/JimboNFS/Files - V:/home/jimbo/JimboNFS/Media - M:/home/jimbo/JimboNFS/Music + J:/home/${config.home.username}/JimboNFS + K:/home/${config.home.username}/JimboNFS/Files + V:/home/${config.home.username}/JimboNFS/Media + M:/home/${config.home.username}/JimboNFS/Music ''; }; packages = with pkgs; [