Variablize username in home, add more protections to Firefox/Librewolf's config

hosts/tower/disko/default.nix

@@ -51,11 +51,11 @@
               subvolumes = {
                 "/root" = {
                   mountpoint = "/";
-                  mountOptions = [ "compress=zstd" "noatime" "ssd" ];
+                  mountOptions = [ "compress=zstd" "noatime" "ssd" "noexec" ];
                 };
                 "/prev" = {
                   mountpoint = "/prev";
-                  mountOptions = [ "compress=zstd" "noatime" "ssd" ];
+                  mountOptions = [ "compress=zstd" "noatime" "ssd" "noexec" ];
                 };
                 "/nix" = {
                   mountpoint = "/nix";

modules/home/programs/gui/librewolf/default.nix

@@ -141,34 +141,55 @@ in {
 
       "browser.uidensity" = 1;
       "browser.compactmode.show" = true;
-      "browser.toolbars.bookmarks.visibility" = "newtab";
+      "browser.send_pings" = false;
+      "browser.shell.checkDefaultBrowser" = false;
+      "browser.toolbars.bookmarks.visibility" = "never";
       "browser.contentblocking.category" = "strict";
       "browser.helperApps.deleteTempFileOnExit" = true;
       "browser.search.separatePrivateDefault" = false;
       "browser.download.useDownloadDir" = true;
       "browser.aboutConfig.showWarning" = false;
       "browser.startup.page" = 3;
-      "browser.newtabpage.enabled" = false;
-      "browser.tabs.inTitlebar" = 0;
       "browser.theme.content-theme" = 0;
       "browser.theme.toolbar-theme" = 0;
+      "browser.newtabpage.enabled" = false;
+      "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
+      "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false;
+      "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false;
+      "browser.tabs.inTitlebar" = 0;
+      "browser.tabs.closeWindowWithLastTab" = false;
+      "browser.urlbar.speculativeConnect.enabled" = false;
+      "browser.discovery.enabled" = false;
+
       "browser.safebrowsing.downloads.enabled" = false;
       "browser.safebrowsing.downloads.remote.enabled" = false;
       "browser.safebrowsing.downloads.remote.block_uncommon" = false;
       "browser.safebrowsing.downloads.remote.block_potentially_unwanted" = false;
       "browser.safebrowsing.malware.enabled" = false;
       "browser.safebrowsing.phishing.enabled" = false;
+      "browser.safebrowsing.blockedURIs.enabled" = false;
+      "browser.safebrowsing.provider.google4.gethashURL" = false;
+      "browser.safebrowsing.provider.google4.updateURL" = false;
+      "browser.safebrowsing.provider.google.gethashURL" = false;
+      "browser.safebrowsing.provider.google.updateURL" = false;
 
       "extensions.pocket.enabled" = false;
       "extensions.autoDisableScopes" = 0;
       "extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
       "extensions.formautofill.addresses.enabled" = false;
+      "extensions.formautofill.creditCards.enabled" = false;
+      "extensions.getAddons.showPane" = false;
+      "extensions.webservice.discoverURL" = "";
+      "extensions.getAddons.discovery.api_url" = "";
+      "extensions.htmlaboutaddons.discover.enabled" = false;
+      "extensions.htmlaboutaddons.recommendations.enabled" = false;
 
       "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
       "toolkit.tabbox.switchByScrolling" = true;
 
       "privacy.resistFingerprinting" = true;
       "privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts" = true;
+      "privacy.firstparty.isolate" = true;
       "privacy.fingerprintingProtection" = true;
       "privacy.donottrackheader.enabled" = true;
       "privacy.globalprivacycontrol.enabled" = true;
@@ -183,8 +204,11 @@ in {
 
       "network.trr.mode" = 3;
       "network.trr.uri" = "https://doh.libredns.gr/noads";
-      "network.http.referer.XOriginPolicy" = true;
+      "network.cookie.cookieBehavior" = 1;
       "network.cookie.sameSite.noneRequiresSecure" = true;
+      "network.http.referer.XOriginPolicy" = 2;
+      "network.http.referer.XOriginTrimmingPolicy" = 2;
+      "network.http.referer.trimmingPolicy" = 2;
 
       "media.ffmpeg.vaapi.enabled" = true;
       "media.rdd-ffmpeg.enabled" = true;
@@ -193,12 +217,25 @@ in {
       "gfx.webrender.all" = true;
       "gfx.x11-egl.force-enabled" = true;
 
+      "signon.rememberSignons" = false;
+      "signon.management.page.breach-alerts.enabled" = false;
+
+      "dom.private-attribution.submission.enabled" = false;
+      "dom.battery.enabled" = false;
+      "dom.security.https_only_mode" = true;
+      "dom.security.https_only_mode.upgrade_local" = true;
+      "dom.security.https_only_mode_ever_enabled" = true;
+      "dom.security.https_only_mode_ever_enabled_pbm" = true;
+
       "clipboard.autocopy" = false;
       "middlemouse.paste" = false;
 
+      "identity.fxaccounts.enabled" = false;
       "datareporting.healthreport.uploadEnabled" = false;
       "svg.context-properties.content.enabled" = true;
+      "services.sync.engine.addresses.available" = false;
       "device.sensors.motion.enabled" = false;
+      "security.OCSP.require" = true;
       "gnomeTheme.hideSingleTab" = true;
       "webgl.disabled" = false;
     };
@@ -244,7 +281,7 @@ in {
   # Fixes
   home.file = {
     # Symlinks to Librewolf
-    ".librewolf".source = config.lib.file.mkOutOfStoreSymlink "/home/jimbo/.mozilla/firefox";
+    ".librewolf".source = config.lib.file.mkOutOfStoreSymlink "/home/${config.home.username}/.mozilla/firefox";
     
     # Gnome theme
     ".mozilla/firefox/Misc/chrome".source = fetchTarball {

modules/home/programs/gui/pcmanfm/default.nix

@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 {
   home = {
     packages = with pkgs; [
@@ -33,7 +33,7 @@
         SortOrder=descending
 
         [Places]
-        HiddenPlaces=menu://applications/, network:///, computer:///, /home/jimbo/Desktop
+        HiddenPlaces=menu://applications/, network:///, computer:///, /home/${config.home.username}/Desktop
 
         [System]
         Archiver=file-roller

modules/home/programs/terminal/ranger/default.nix

@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 {
   programs.ranger = {
     enable = true;
@@ -104,20 +104,20 @@
     file = {
       ".local/share/ranger/bookmarks".text = ''
         # Local files
-        h:/home/jimbo/
+        h:/home/${config.home.username}/
-        k:/home/jimbo/Keepers
+        k:/home/${config.home.username}/Keepers
-        j:/home/jimbo/Downloads
+        j:/home/${config.home.username}/Downloads
-        v:/home/jimbo/Videos
+        v:/home/${config.home.username}/Videos
-        c:/home/jimbo/.config
+        c:/home/${config.home.username}/.config
-        l:/home/jimbo/.local
+        l:/home/${config.home.username}/.local
         d:/mnt
         n:/etc/nixos
 
         # Remote files
-        J:/home/jimbo/JimboNFS
+        J:/home/${config.home.username}/JimboNFS
-        K:/home/jimbo/JimboNFS/Files
+        K:/home/${config.home.username}/JimboNFS/Files
-        V:/home/jimbo/JimboNFS/Media
+        V:/home/${config.home.username}/JimboNFS/Media
-        M:/home/jimbo/JimboNFS/Music
+        M:/home/${config.home.username}/JimboNFS/Music
       '';
     };
     packages = with pkgs; [