From 133af4ac95c3e061f819ce78c6154d2aad8b7154 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@nix.build>
Date: Thu, 27 Oct 2022 01:37:51 +0200
Subject: workstation: Switch to Nix-managed Firefox

I had this laying around locally for a year now and I'm still not really
happy with some things, for example not having yet full source builds of
the extensions and a few config options not yet managed by Nix (eg.
search engines).

However, since Firefox takes a while to build it's a bit tedious to
always do it directly (and locally) after I update my machines. Having
this part of my workstation profile should make sure that my version of
Firefox is available at all times.

Signed-off-by: aszlig <aszlig@nix.build>
---
 pkgs/aszlig/firefox/default.nix | 125 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 125 insertions(+)
 create mode 100644 pkgs/aszlig/firefox/default.nix

(limited to 'pkgs/aszlig/firefox/default.nix')

diff --git a/pkgs/aszlig/firefox/default.nix b/pkgs/aszlig/firefox/default.nix
new file mode 100644
index 00000000..8595a3e2
--- /dev/null
+++ b/pkgs/aszlig/firefox/default.nix
@@ -0,0 +1,125 @@
+{ lib, writeTextFile, writers, wrapFirefox, fetchFirefoxAddon
+, firefox-unwrapped, tridactyl-native
+}:
+
+let
+  mkExtension = name: { url, hash }: fetchFirefoxAddon {
+    inherit name url hash;
+  };
+
+  extensions = lib.mapAttrs mkExtension (lib.importJSON ./addons.json);
+
+  firefoxNoSigning = (firefox-unwrapped.override {
+    crashreporterSupport = false;
+    drmSupport = false;
+    googleAPISupport = false;
+  }).overrideAttrs (drv: {
+    patches = (drv.patches or []) ++ [
+      ./mute-by-default.patch
+      ./dont-block-about-pages.patch
+    ];
+    MOZ_REQUIRE_SIGNING = false;
+  });
+
+  jsString = str: builtins.toJSON (toString str);
+
+in wrapFirefox firefoxNoSigning {
+  nixExtensions = lib.attrValues extensions;
+
+  extraNativeMessagingHosts = [
+    (writeTextFile {
+      name = "ff2mpv-native";
+      destination = "/lib/mozilla/native-messaging-hosts/ff2mpv.json";
+      text = builtins.toJSON {
+        name = "ff2mpv";
+        description = "Helper to actually run mpv";
+        path = let
+          source = builtins.readFile ./ff2mpv.py;
+        in writers.writePython3 "ff2mpv.py" {} source;
+        type = "stdio";
+        allowed_extensions = [ extensions.ff2mpv.extid ];
+      };
+    })
+    (writeTextFile {
+      name = "tridactyl-native";
+      destination = "/lib/mozilla/native-messaging-hosts/tridactyl.json";
+      text = builtins.toJSON {
+        name = "tridactyl";
+        description = "Tridactyl native command handler";
+        path = "${tridactyl-native}/share/tridactyl/native_main.py";
+        type = "stdio";
+        allowed_extensions = [
+          extensions.tridactyl-vim.extid
+          "tridactyl.vim@cmcaine.co.uk"
+        ];
+      };
+    })
+  ];
+
+  extraPrefs = ''
+    lockPref('app.normandy.enabled', false);
+    lockPref('app.normandy.first_run', false);
+    lockPref('app.shield.optoutstudies.enabled', false);
+    lockPref('browser.aboutConfig.showWarning', false);
+    lockPref('browser.aboutwelcome.enabled', false);
+    lockPref('browser.contentblocking.category', 'strict');
+    lockPref('browser.laterrun.enabled', false);
+    lockPref('browser.newtab.extensionControlled', true);
+    lockPref('browser.newtab.privateAllowed', false);
+    lockPref('browser.newtabpage.enabled', false);
+    lockPref('browser.rights.3.shown', true);
+    lockPref('browser.safebrowsing.malware.enabled', false);
+    lockPref('browser.safebrowsing.phishing.enabled', false);
+    lockPref('browser.shell.checkDefaultBrowser', false);
+    lockPref('devtools.theme', 'dark');
+    lockPref('extensions.webextensions.restrictedDomains', "");
+    lockPref('privacy.donottrackheader.enabled', true);
+    lockPref('privacy.query_stripping.enabled', true);
+    lockPref('privacy.query_stripping.enabled.pbmode', true);
+    lockPref('privacy.trackingprotection.enabled', true);
+    lockPref('privacy.trackingprotection.socialtracking.enabled', true);
+    lockPref('reader.color_scheme', 'dark');
+
+    pref('browser.uiCustomization.state', ${jsString (builtins.toJSON {
+      placements = {
+        widget-overflow-fixed-list = [];
+        nav-bar = [
+          "back-button"
+          "forward-button"
+          "stop-reload-button"
+          "urlbar-container"
+          "downloads-button"
+          "fxa-toolbar-menu-button"
+          "nixos_ff2mpv-browser-action"
+          "nixos_multi_account_containers-browser-action"
+          "nixos_stylus-browser-action"
+          "nixos_styl-us-browser-action"
+          "nixos_multi-account-containers-browser-action"
+        ];
+        toolbar-menubar = [ "menubar-items" ];
+        TabsToolbar = [ "tabbrowser-tabs" "new-tab-button" "alltabs-button" ];
+        PersonalToolbar = [ "import-button" "personal-bookmarks" ];
+      };
+      currentVersion = 17;
+    })});
+  '';
+
+  extraPolicies = {
+    DisableFirefoxAccounts = true;
+    DisableFirefoxStudies = true;
+    DisablePocket = true;
+    DisableSetDesktopBackground = true;
+    DisableTelemetry = true;
+    EnableTrackingProtection.Cryptomining = true;
+    EnableTrackingProtection.Fingerprinting = true;
+    EnableTrackingProtection.Locked = true;
+    EnableTrackingProtection.Value = true;
+    EncryptedMediaExtensions.Enabled = false;
+    EncryptedMediaExtensions.Locked = true;
+    FirefoxHome.Pocket = false;
+    FirefoxHome.Snippets = false;
+    OverrideFirstRunPage = "";
+    UserMessaging.ExtensionRecommendations = false;
+    UserMessaging.SkipOnboarding = false;
+  };
+}
-- 
cgit 1.4.1