Changed url of pam-fprint-grosshack input

flake.lock

@@ -458,11 +458,11 @@
         "rev": "7ad351f85a92fee40806cb81777430c33499be41",
         "revCount": 1,
         "type": "git",
-        "url": "https://gitea.iateyourcookies.com/cookiez/nix-fprint-grosshack-flake.git"
+        "url": "https://gitea.cookiee.org/cookiez/nix-fprint-grosshack-flake.git"
       },
       "original": {
         "type": "git",
-        "url": "https://gitea.iateyourcookies.com/cookiez/nix-fprint-grosshack-flake.git"
+        "url": "https://gitea.cookiee.org/cookiez/nix-fprint-grosshack-flake.git"
       }
     },
     "pam-fprint-src": {

flake.nix

@@ -40,7 +40,7 @@
     };
 
     pam-fprint-grosshack = {
-      url = "git+https://gitea.iateyourcookies.com/cookiez/nix-fprint-grosshack-flake.git";
+      url = "git+https://gitea.cookiee.org/cookiez/nix-fprint-grosshack-flake.git";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 

modules/configuration.nix

@@ -62,7 +62,7 @@
         footer = true;
       };
 
-      timeout = 10;
+      timeout = 5;
     };
   };
 
@@ -124,7 +124,7 @@
   # List services that you want to enable:
   services = {
     ollama = {
-      enable = true;
+      enable = false;
       # Optional: load models on startup
       #loadModels = [ ... ];
     };

modules/firefox/default.nix

@@ -13,7 +13,7 @@
   };
 in {
   home-manager.sharedModules = [
-    ./firefox-home.nix
+    ./home.nix
   ];
 
   programs = {
@@ -59,25 +59,20 @@ in {
             name = uuid;
             value = {
               install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi";
-              installation_mode = "normal_installed";
+              installation_mode = "force_installed";
             };
           };
         in
           listToAttrs [
+            #(extension "{name in url}" "{about:support Add-ons on }")
             (extension "ublock-origin" "uBlock0@raymondhill.net")
             (extension "bitwarden-password-manager" "{446900e4-71c2-419f-a6a7-df9c091e268b}")
-            #(extension "2fas-two-factor-authentication" "admin@2fas.com")
             (extension "sponsorblock" "sponsorBlocker@ajay.app")
-            #(extension "dearrow" "deArrow@ajay.app")
-            #(extension "enhancer-for-youtube" "enhancerforyoutube@maximerf.addons.mozilla.org")
-            #(extension "tabliss" "extension@tabliss.io")
-            #(extension "don-t-fuck-with-paste" "DontFuckWithPaste@raim.ist")
-            #(extension "clearurls" "{74145f27-f039-47ce-a470-a662b129930a}")
-            #(extension "react-devtools" "@react-devtools")
             (extension "keepa" "amptra@keepa.com")
             (extension "redditUntranslate" "reddit-url-redirector@kichkoupi.com")
             (extension "darkreader" "addon@darkreader.org")
             (extension "youtube-shorts-block" "{34daeb50-c2d2-4f14-886a-7160b24d66a4}")
+            (extension "clearurls" "{74145f27-f039-47ce-a470-a662b129930a}")
           ];
 
         /*
@@ -86,26 +81,89 @@ in {
         # Check about:config for options.
         Preferences = {
           "browser.contentblocking.category" = {
-            Value = "strict";
+            Value = "strict"; # strictest tracker/ad blocking mode
             Status = "locked";
           };
-          "extensions.pocket.enabled" = lock-false;
+          "extensions.pocket.enabled" = lock-false; # disables Pocket integration
-          "extensions.screenshots.disabled" = lock-true;
+          "extensions.screenshots.disabled" = lock-true; # disables Firefox Screenshots
-          "browser.topsites.contile.enabled" = lock-false;
+          "browser.topsites.contile.enabled" = lock-false; # disables sponsored tiles on newtab
-          #"browser.formfill.enable" = lock-false;
+          "browser.formfill.enable" = lock-false; # disables form autofill (prevents local data leakage)
-          #"browser.search.suggest.enabled" = lock-false;
+          "browser.search.suggest.enabled" = lock-false; # disables search suggestions in normal mode
-          #"browser.search.suggest.enabled.private" = lock-false;
+          "browser.search.suggest.enabled.private" = lock-false; # disables search suggestions in private mode
-          #"browser.urlbar.suggest.searches" = lock-false;
+          "browser.urlbar.suggest.searches" = lock-false; # disables search suggestions in address bar dropdown
-          "browser.urlbar.showSearchSuggestionsFirst" = lock-false;
+          "browser.urlbar.showSearchSuggestionsFirst" = lock-false; # hides search suggestions in address bar
-          "browser.newtabpage.activity-stream.feeds.section.topstories" = lock-false;
+          "browser.newtabpage.activity-stream.feeds.section.topstories" = lock-false; # disables sponsored stories on newtab
-          "browser.newtabpage.activity-stream.feeds.snippets" = lock-false;
+          "browser.newtabpage.activity-stream.feeds.snippets" = lock-false; # disables news snippets on newtab
-          "browser.newtabpage.activity-stream.section.highlights.includePocket" = lock-false;
+          "browser.newtabpage.activity-stream.section.highlights.includePocket" = lock-false; # removes Pocket from highlights
-          "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = lock-false;
+          "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = lock-false; # removes bookmarks from highlights
-          "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = lock-false;
+          "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = lock-false; # removes downloads from highlights
-          "browser.newtabpage.activity-stream.section.highlights.includeVisited" = lock-false;
+          "browser.newtabpage.activity-stream.section.highlights.includeVisited" = lock-false; # removes visited sites from highlights
-          "browser.newtabpage.activity-stream.showSponsored" = lock-false;
+          "browser.newtabpage.activity-stream.showSponsored" = lock-false; # disables all sponsored content
-          "browser.newtabpage.activity-stream.system.showSponsored" = lock-false;
+          "browser.newtabpage.activity-stream.system.showSponsored" = lock-false; # disables system-level sponsored content
-          "browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false;
+          "browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false; # disables sponsored top sites
+
+          "privacy.resistFingerprinting" = lock-true; # spoofs/normalizes fingerprinting signals (screen, timezone, fonts)
+          "privacy.firstparty.isolate" = lock-true; # isolates cookies/storage per top-level domain (breaks cross-site tracking)
+          "network.dns.disablePrefetch" = lock-true; # stops speculative DNS lookups for unclicked links
+          "network.predictor.enabled" = lock-false; # disables ML-based prefetch predictions
+          "network.prefetch-next" = lock-false; # disables link-hover prefetching
+          "toolkit.telemetry.enabled" = lock-false; # disables core telemetry reporting
+          "toolkit.telemetry.unified" = lock-false; # disables unified telemetry pipeline
+          "datareporting.healthreport.uploadEnabled" = lock-false; # disables Firefox Health Report uploads
+          "dom.battery.enabled" = lock-false; # blocks Battery Status API fingerprinting
+          "dom.gamepad.enabled" = lock-false; # blocks Gamepad API fingerprinting
+
+          "browser.startup.homepage" = {
+            Value = "about:blank";
+            Status = "locked";
+          };
+          "browser.startup.page" = {
+            Value = 0;
+            Status = "locked";
+          }; # 0=blank, 3=homepage
+          "browser.startup.homepage_override.mstone" = {
+            Value = "ignore";
+            Status = "locked";
+          };
+
+          # HTTPS‑only / mixed‑content
+          "dom.security.https_only_mode" = {
+            Value = true;
+            Status = "locked";
+          };
+          "dom.security.https_only_mode_ever_enabled" = {
+            Value = true;
+            Status = "locked";
+          };
+
+          # Referrer / headers tightening
+          "network.http.referer.XOriginPolicy" = {
+            Value = 2;
+            Status = "locked";
+          }; # strict cross‑origin
+          "network.http.referer.XOriginTrimmingPolicy" = {
+            Value = 2;
+            Status = "locked";
+          };
+
+          # DNS‑over‑HTTPS (if you want enforced DoH)
+          "network.trr.mode" = {
+            Value = 2;
+            Status = "locked";
+          }; # 2=prefer TRR
+          "network.trr.custom_uri" = {
+            Value = "https://dns.quad9.net/dns-query";
+            Status = "locked";
+          };
+
+          # Disable various Web APIs that can leak or be abused
+          "dom.webnotifications.enabled" = lock-false; # disable desktop notifications
+          "media.navigator.enabled" = lock-false; # disable getUserMedia permission prompts
+          "media.webrtc.legacy_global_callback" = lock-false;
+
+          # Disable geolocation / sensors
+          "geo.enabled" = lock-false;
+          "device.sensors.enabled" = lock-false;
         };
       };
     };

modules/firefox/firefox-home.nix

@@ -1,17 +0,0 @@
-{username, ...}: {
-  programs.firefox = {
-    enable = true;
-    profiles = {
-      "${username}" = {
-        extensions.force = true;
-      };
-    };
-  };
-
-  systemd.user.services."firefox-autostart" = {
-    serviceConfig = {
-      ExecStart = "";
-      ExecStop = "";
-    };
-  };
-}

modules/firefox/home.nix

@@ -0,0 +1,44 @@
+{username, ...}: {
+  programs.firefox = {
+    enable = true;
+    profiles = {
+      "${username}" = {
+        extensions.force = true;
+
+        #Create multiple containers, like "work" "social media" ..., for cookies to reside in so they dont cross leak
+        #containers.force = true;
+
+        search = {
+          force = true;
+          default = "SearXNG";
+          order = ["SearXNG"];
+          engines = {
+            "SearXNG" = {
+              name = "SearXNG";
+              urls = [
+                {
+                  template = "https://searxng.cookiee.org/search";
+                  params = [
+                    {
+                      name = "q";
+                      value = "{searchTerms}";
+                    }
+                  ];
+                }
+              ];
+              iconMapObj."16" = "https://searxng.cookiee.org/favicon.ico";
+              definedAliases = ["@sx"];
+            };
+          };
+        };
+      };
+    };
+  };
+
+  systemd.user.services."firefox-autostart" = {
+    serviceConfig = {
+      ExecStart = "";
+      ExecStop = "";
+    };
+  };
+}

modules/packages/desktop.nix

@@ -40,6 +40,7 @@
     wineWow64Packages.stagingFull
     winetricks
     wasistlos #Whatsapp
+    losslesscut-bin #Lossless cut for quckly cutting videos
     #obs-studio   #Screen Recorder
     gparted #Disk partition Manager
     #rustdesk   #Remote Desktop Client