{ config, pkgs, ... }: let lock-false = { Value = false; Status = "locked"; }; lock-true = { Value = true; Status = "locked"; }; in { home-manager.sharedModules = [ ./home.nix ]; programs = { firefox = { enable = true; languagePacks = ["de" "en-US"]; /* ---- POLICIES ---- */ # Check about:policies#documentation for options. policies = { PasswordManagerEnabled = false; DisableTelemetry = true; DisableFirefoxStudies = true; EnableTrackingProtection = { Value = true; Locked = true; Cryptomining = true; Fingerprinting = true; }; DisablePocket = true; #DisableFirefoxAccounts = true; #DisableAccounts = true; #DisableFirefoxScreenshots = true; OverrideFirstRunPage = ""; OverridePostUpdatePage = ""; DontCheckDefaultBrowser = true; DisplayBookmarksToolbar = "always"; # alternatives: "always" or "newtab" DisplayMenuBar = "default-off"; # alternatives: "always", "never" or "default-on" SearchBar = "unified"; # alternative: "separate" /* ---- EXTENSIONS ---- */ # Check about:support for extension/add-on ID strings. # Valid strings for installation_mode are "allowed", "blocked", # "force_installed" and "normal_installed". # How to: https://discourse.nixos.org/t/declare-firefox-extensions-and-settings/36265 ExtensionSettings = with builtins; let extension = shortId: uuid: { name = uuid; value = { install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi"; installation_mode = "force_installed"; }; }; in listToAttrs [ #(extension "{name in url}" "{about:support Add-ons on }") (extension "ublock-origin" "uBlock0@raymondhill.net") (extension "bitwarden-password-manager" "{446900e4-71c2-419f-a6a7-df9c091e268b}") (extension "sponsorblock" "sponsorBlocker@ajay.app") (extension "keepa" "amptra@keepa.com") (extension "redditUntranslate" "reddit-url-redirector@kichkoupi.com") (extension "darkreader" "addon@darkreader.org") (extension "youtube-shorts-block" "{34daeb50-c2d2-4f14-886a-7160b24d66a4}") (extension "clearurls" "{74145f27-f039-47ce-a470-a662b129930a}") ]; /* ---- PREFERENCES ---- */ # Check about:config for options. Preferences = { "browser.contentblocking.category" = { Value = "strict"; # strictest tracker/ad blocking mode Status = "locked"; }; "extensions.pocket.enabled" = lock-false; # disables Pocket integration "extensions.screenshots.disabled" = lock-true; # disables Firefox Screenshots "browser.topsites.contile.enabled" = lock-false; # disables sponsored tiles on newtab "browser.formfill.enable" = lock-false; # disables form autofill (prevents local data leakage) "browser.search.suggest.enabled" = lock-false; # disables search suggestions in normal mode "browser.search.suggest.enabled.private" = lock-false; # disables search suggestions in private mode "browser.urlbar.suggest.searches" = lock-false; # disables search suggestions in address bar dropdown "browser.urlbar.showSearchSuggestionsFirst" = lock-false; # hides search suggestions in address bar "browser.newtabpage.activity-stream.feeds.section.topstories" = lock-false; # disables sponsored stories on newtab "browser.newtabpage.activity-stream.feeds.snippets" = lock-false; # disables news snippets on newtab "browser.newtabpage.activity-stream.section.highlights.includePocket" = lock-false; # removes Pocket from highlights "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = lock-false; # removes bookmarks from highlights "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = lock-false; # removes downloads from highlights "browser.newtabpage.activity-stream.section.highlights.includeVisited" = lock-false; # removes visited sites from highlights "browser.newtabpage.activity-stream.showSponsored" = lock-false; # disables all sponsored content "browser.newtabpage.activity-stream.system.showSponsored" = lock-false; # disables system-level sponsored content "browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false; # disables sponsored top sites "privacy.resistFingerprinting" = lock-true; # spoofs/normalizes fingerprinting signals (screen, timezone, fonts) "privacy.firstparty.isolate" = lock-true; # isolates cookies/storage per top-level domain (breaks cross-site tracking) "network.dns.disablePrefetch" = lock-true; # stops speculative DNS lookups for unclicked links "network.predictor.enabled" = lock-false; # disables ML-based prefetch predictions "network.prefetch-next" = lock-false; # disables link-hover prefetching "toolkit.telemetry.enabled" = lock-false; # disables core telemetry reporting "toolkit.telemetry.unified" = lock-false; # disables unified telemetry pipeline "datareporting.healthreport.uploadEnabled" = lock-false; # disables Firefox Health Report uploads "dom.battery.enabled" = lock-false; # blocks Battery Status API fingerprinting "dom.gamepad.enabled" = lock-false; # blocks Gamepad API fingerprinting "browser.startup.homepage" = { Value = "about:blank"; Status = "locked"; }; "browser.startup.page" = { Value = 0; Status = "locked"; }; # 0=blank, 3=homepage "browser.startup.homepage_override.mstone" = { Value = "ignore"; Status = "locked"; }; # HTTPS‑only / mixed‑content "dom.security.https_only_mode" = { Value = true; Status = "locked"; }; "dom.security.https_only_mode_ever_enabled" = { Value = true; Status = "locked"; }; # Referrer / headers tightening "network.http.referer.XOriginPolicy" = { Value = 2; Status = "locked"; }; # strict cross‑origin "network.http.referer.XOriginTrimmingPolicy" = { Value = 2; Status = "locked"; }; # DNS‑over‑HTTPS (if you want enforced DoH) "network.trr.mode" = { Value = 2; Status = "locked"; }; # 2=prefer TRR "network.trr.custom_uri" = { Value = "https://dns.quad9.net/dns-query"; Status = "locked"; }; # Disable various Web APIs that can leak or be abused "dom.webnotifications.enabled" = lock-false; # disable desktop notifications "media.navigator.enabled" = lock-false; # disable getUserMedia permission prompts "media.webrtc.legacy_global_callback" = lock-false; # Disable geolocation / sensors "geo.enabled" = lock-false; "device.sensors.enabled" = lock-false; }; }; }; }; }