Variablize username in home, add more protections to Firefox/Librewolf's config

This commit is contained in:
Jimbo 2024-11-29 13:53:06 -05:00
parent 137a9ab6d9
commit f4acc6c10d
4 changed files with 57 additions and 20 deletions

View file

@ -51,11 +51,11 @@
subvolumes = { subvolumes = {
"/root" = { "/root" = {
mountpoint = "/"; mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" "ssd" ]; mountOptions = [ "compress=zstd" "noatime" "ssd" "noexec" ];
}; };
"/prev" = { "/prev" = {
mountpoint = "/prev"; mountpoint = "/prev";
mountOptions = [ "compress=zstd" "noatime" "ssd" ]; mountOptions = [ "compress=zstd" "noatime" "ssd" "noexec" ];
}; };
"/nix" = { "/nix" = {
mountpoint = "/nix"; mountpoint = "/nix";

View file

@ -141,34 +141,55 @@ in {
"browser.uidensity" = 1; "browser.uidensity" = 1;
"browser.compactmode.show" = true; "browser.compactmode.show" = true;
"browser.toolbars.bookmarks.visibility" = "newtab"; "browser.send_pings" = false;
"browser.shell.checkDefaultBrowser" = false;
"browser.toolbars.bookmarks.visibility" = "never";
"browser.contentblocking.category" = "strict"; "browser.contentblocking.category" = "strict";
"browser.helperApps.deleteTempFileOnExit" = true; "browser.helperApps.deleteTempFileOnExit" = true;
"browser.search.separatePrivateDefault" = false; "browser.search.separatePrivateDefault" = false;
"browser.download.useDownloadDir" = true; "browser.download.useDownloadDir" = true;
"browser.aboutConfig.showWarning" = false; "browser.aboutConfig.showWarning" = false;
"browser.startup.page" = 3; "browser.startup.page" = 3;
"browser.newtabpage.enabled" = false;
"browser.tabs.inTitlebar" = 0;
"browser.theme.content-theme" = 0; "browser.theme.content-theme" = 0;
"browser.theme.toolbar-theme" = 0; "browser.theme.toolbar-theme" = 0;
"browser.newtabpage.enabled" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false;
"browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false;
"browser.tabs.inTitlebar" = 0;
"browser.tabs.closeWindowWithLastTab" = false;
"browser.urlbar.speculativeConnect.enabled" = false;
"browser.discovery.enabled" = false;
"browser.safebrowsing.downloads.enabled" = false; "browser.safebrowsing.downloads.enabled" = false;
"browser.safebrowsing.downloads.remote.enabled" = false; "browser.safebrowsing.downloads.remote.enabled" = false;
"browser.safebrowsing.downloads.remote.block_uncommon" = false; "browser.safebrowsing.downloads.remote.block_uncommon" = false;
"browser.safebrowsing.downloads.remote.block_potentially_unwanted" = false; "browser.safebrowsing.downloads.remote.block_potentially_unwanted" = false;
"browser.safebrowsing.malware.enabled" = false; "browser.safebrowsing.malware.enabled" = false;
"browser.safebrowsing.phishing.enabled" = false; "browser.safebrowsing.phishing.enabled" = false;
"browser.safebrowsing.blockedURIs.enabled" = false;
"browser.safebrowsing.provider.google4.gethashURL" = false;
"browser.safebrowsing.provider.google4.updateURL" = false;
"browser.safebrowsing.provider.google.gethashURL" = false;
"browser.safebrowsing.provider.google.updateURL" = false;
"extensions.pocket.enabled" = false; "extensions.pocket.enabled" = false;
"extensions.autoDisableScopes" = 0; "extensions.autoDisableScopes" = 0;
"extensions.activeThemeID" = "firefox-compact-dark@mozilla.org"; "extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
"extensions.formautofill.addresses.enabled" = false; "extensions.formautofill.addresses.enabled" = false;
"extensions.formautofill.creditCards.enabled" = false;
"extensions.getAddons.showPane" = false;
"extensions.webservice.discoverURL" = "";
"extensions.getAddons.discovery.api_url" = "";
"extensions.htmlaboutaddons.discover.enabled" = false;
"extensions.htmlaboutaddons.recommendations.enabled" = false;
"toolkit.legacyUserProfileCustomizations.stylesheets" = true; "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
"toolkit.tabbox.switchByScrolling" = true; "toolkit.tabbox.switchByScrolling" = true;
"privacy.resistFingerprinting" = true; "privacy.resistFingerprinting" = true;
"privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts" = true; "privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts" = true;
"privacy.firstparty.isolate" = true;
"privacy.fingerprintingProtection" = true; "privacy.fingerprintingProtection" = true;
"privacy.donottrackheader.enabled" = true; "privacy.donottrackheader.enabled" = true;
"privacy.globalprivacycontrol.enabled" = true; "privacy.globalprivacycontrol.enabled" = true;
@ -183,8 +204,11 @@ in {
"network.trr.mode" = 3; "network.trr.mode" = 3;
"network.trr.uri" = "https://doh.libredns.gr/noads"; "network.trr.uri" = "https://doh.libredns.gr/noads";
"network.http.referer.XOriginPolicy" = true; "network.cookie.cookieBehavior" = 1;
"network.cookie.sameSite.noneRequiresSecure" = true; "network.cookie.sameSite.noneRequiresSecure" = true;
"network.http.referer.XOriginPolicy" = 2;
"network.http.referer.XOriginTrimmingPolicy" = 2;
"network.http.referer.trimmingPolicy" = 2;
"media.ffmpeg.vaapi.enabled" = true; "media.ffmpeg.vaapi.enabled" = true;
"media.rdd-ffmpeg.enabled" = true; "media.rdd-ffmpeg.enabled" = true;
@ -193,12 +217,25 @@ in {
"gfx.webrender.all" = true; "gfx.webrender.all" = true;
"gfx.x11-egl.force-enabled" = true; "gfx.x11-egl.force-enabled" = true;
"signon.rememberSignons" = false;
"signon.management.page.breach-alerts.enabled" = false;
"dom.private-attribution.submission.enabled" = false;
"dom.battery.enabled" = false;
"dom.security.https_only_mode" = true;
"dom.security.https_only_mode.upgrade_local" = true;
"dom.security.https_only_mode_ever_enabled" = true;
"dom.security.https_only_mode_ever_enabled_pbm" = true;
"clipboard.autocopy" = false; "clipboard.autocopy" = false;
"middlemouse.paste" = false; "middlemouse.paste" = false;
"identity.fxaccounts.enabled" = false;
"datareporting.healthreport.uploadEnabled" = false; "datareporting.healthreport.uploadEnabled" = false;
"svg.context-properties.content.enabled" = true; "svg.context-properties.content.enabled" = true;
"services.sync.engine.addresses.available" = false;
"device.sensors.motion.enabled" = false; "device.sensors.motion.enabled" = false;
"security.OCSP.require" = true;
"gnomeTheme.hideSingleTab" = true; "gnomeTheme.hideSingleTab" = true;
"webgl.disabled" = false; "webgl.disabled" = false;
}; };
@ -244,7 +281,7 @@ in {
# Fixes # Fixes
home.file = { home.file = {
# Symlinks to Librewolf # Symlinks to Librewolf
".librewolf".source = config.lib.file.mkOutOfStoreSymlink "/home/jimbo/.mozilla/firefox"; ".librewolf".source = config.lib.file.mkOutOfStoreSymlink "/home/${config.home.username}/.mozilla/firefox";
# Gnome theme # Gnome theme
".mozilla/firefox/Misc/chrome".source = fetchTarball { ".mozilla/firefox/Misc/chrome".source = fetchTarball {

View file

@ -1,4 +1,4 @@
{ pkgs, ... }: { pkgs, config, ... }:
{ {
home = { home = {
packages = with pkgs; [ packages = with pkgs; [
@ -33,7 +33,7 @@
SortOrder=descending SortOrder=descending
[Places] [Places]
HiddenPlaces=menu://applications/, network:///, computer:///, /home/jimbo/Desktop HiddenPlaces=menu://applications/, network:///, computer:///, /home/${config.home.username}/Desktop
[System] [System]
Archiver=file-roller Archiver=file-roller

View file

@ -1,4 +1,4 @@
{ pkgs, ... }: { pkgs, config, ... }:
{ {
programs.ranger = { programs.ranger = {
enable = true; enable = true;
@ -104,20 +104,20 @@
file = { file = {
".local/share/ranger/bookmarks".text = '' ".local/share/ranger/bookmarks".text = ''
# Local files # Local files
h:/home/jimbo/ h:/home/${config.home.username}/
k:/home/jimbo/Keepers k:/home/${config.home.username}/Keepers
j:/home/jimbo/Downloads j:/home/${config.home.username}/Downloads
v:/home/jimbo/Videos v:/home/${config.home.username}/Videos
c:/home/jimbo/.config c:/home/${config.home.username}/.config
l:/home/jimbo/.local l:/home/${config.home.username}/.local
d:/mnt d:/mnt
n:/etc/nixos n:/etc/nixos
# Remote files # Remote files
J:/home/jimbo/JimboNFS J:/home/${config.home.username}/JimboNFS
K:/home/jimbo/JimboNFS/Files K:/home/${config.home.username}/JimboNFS/Files
V:/home/jimbo/JimboNFS/Media V:/home/${config.home.username}/JimboNFS/Media
M:/home/jimbo/JimboNFS/Music M:/home/${config.home.username}/JimboNFS/Music
''; '';
}; };
packages = with pkgs; [ packages = with pkgs; [