feat(hm/conf/firefox): Use the policy.json file for configs

author: Soispha <soispha@vhack.eu> 2023-10-21 22:30:59 +0200
committer: Soispha <soispha@vhack.eu> 2023-10-21 22:30:59 +0200
commit: 27a254a27df47cac88ce8053b4efe575cf9c481e (patch)
tree: 5441124451062b275592bf798e9da88f10851f26 /hm/soispha/conf/firefox
parent: fix(hm/conf/firefox/scr/extensions): Add required 'default_area' (diff)
download: nixos-config-27a254a27df47cac88ce8053b4efe575cf9c481e.zip
10 files changed, 360 insertions, 135 deletions
diff --git a/hm/soispha/conf/firefox/config/bookmarks/default.nix b/hm/soispha/conf/firefox/config/bookmarks/default.nix
index 8315cffd..c612bf4d 100644
--- a/hm/soispha/conf/firefox/config/bookmarks/default.nix
+++ b/hm/soispha/conf/firefox/config/bookmarks/default.nix
@@ -1,21 +1,31 @@
-[
-  {
-    name = "Feed - Piped";
-    url = "https://piped.video/feed";
-  }
+{
+  lib,
+  pkgs,
+  ...
+}: let
+  bookmarks = [
+    {
+      name = "Feed - Piped";
+      url = "https://piped.video/feed";
+    }
 
-  {
-    name = "DeepL Translate";
-    url = "https://www.deepl.com/translator";
-  }
+    {
+      name = "DeepL Translate";
+      url = "https://www.deepl.com/translator";
+    }
 
-  {
-    name = "Nix lib";
-    url = "https://teu5us.github.io/nix-lib.html";
-  }
+    {
+      name = "Nix lib";
+      url = "https://teu5us.github.io/nix-lib.html";
+    }
 
-  {
-    name = "Nixpkgs manual";
-    url = "https://ryantm.github.io/nixpkgs/";
-  }
-]
+    {
+      name = "Nixpkgs manual";
+      url = "https://ryantm.github.io/nixpkgs/";
+    }
+  ];
+
+  mkBookmarksFile = (import ./lib.nix) {inherit lib pkgs;};
+  bookmarks_file = mkBookmarksFile bookmarks;
+in
+  bookmarks_file
diff --git a/hm/soispha/conf/firefox/functions/bookmarks/default.nix b/hm/soispha/conf/firefox/config/bookmarks/lib.nix
index d1d89dd2..d1d89dd2 100644
--- a/hm/soispha/conf/firefox/functions/bookmarks/default.nix
+++ b/hm/soispha/conf/firefox/config/bookmarks/lib.nix
diff --git a/hm/soispha/conf/firefox/config/extensions/native_messaging_hosts/default.nix b/hm/soispha/conf/firefox/config/extensions/native_messaging_hosts/default.nix
new file mode 100644
index 00000000..053b6465
--- /dev/null
+++ b/hm/soispha/conf/firefox/config/extensions/native_messaging_hosts/default.nix
@@ -0,0 +1,28 @@
+{
+  pkgs,
+  video_pause,
+  ...
+}: let
+  video_pause_ext = import ./video-pauser.nix {inherit pkgs video_pause;};
+in
+  /*
+  ++ lib.optional (cfg.enableBrowserpass or false) (lib.getBin browserpass)
+  ++ lib.optional (cfg.enableBukubrow or false) bukubrow
+  ++ lib.optional (cfg.enableTridactylNative or false) tridactyl-native
+  ++ lib.optional (cfg.enableGnomeExtensions or false) gnome-browser-connector
+  ++ lib.optional (cfg.enableUgetIntegrator or false) uget-integrator
+  ++ lib.optional (cfg.enablePlasmaBrowserIntegration or false) plasma5Packages.plasma-browser-integration
+  ++ lib.optional (cfg.enableFXCastBridge or false) fx-cast-bridge
+  ++ lib.optional (cfg.enableKeePassXC or false) keepassxc
+
+
+  mkdir -p $out/lib/mozilla/native-messaging-hosts
+  for ext in ${toString nativeMessagingHosts}; do
+      ln -sLt $out/lib/mozilla/native-messaging-hosts $ext/lib/mozilla/native-messaging-hosts/*
+  done
+  */
+  with pkgs; [
+    video_pause_ext
+    tridactyl-native
+    keepassxc
+  ]
diff --git a/hm/soispha/conf/firefox/config/extensions/native_messaging_hosts/video-pauser.nix b/hm/soispha/conf/firefox/config/extensions/native_messaging_hosts/video-pauser.nix
new file mode 100644
index 00000000..a652b596
--- /dev/null
+++ b/hm/soispha/conf/firefox/config/extensions/native_messaging_hosts/video-pauser.nix
@@ -0,0 +1,46 @@
+{
+  pkgs,
+  video_pause,
+  ...
+}: let
+  extensions = builtins.fromJSON (builtins.readFile ../extensions.json);
+  inherit (extensions) video-pauser;
+in
+  /*
+  mkdir -p $out/lib/mozilla/native-messaging-hosts
+  for ext in ${toString nativeMessagingHosts}; do
+      ln -sLt $out/lib/mozilla/native-messaging-hosts $ext/lib/mozilla/native-messaging-hosts/*
+  done
+  */
+  pkgs.stdenv.mkDerivation {
+    inherit (video-pauser) pname version;
+    buildInputs = [
+      video_pause
+    ];
+    buildPhase = ''
+      mkdir -p $out/share/
+      cat << EOF > $out/share/"${video-pauser.pname}".json
+      {
+        "name": "${video-pauser.pname}",
+        "description": "Stop a video with a native hotkey",
+        "path": "${video_pause}/bin/video_pause",
+        "type": "stdio",
+        "allowed_extensions": ["${video-pauser.addonId}"]
+      }
+      EOF
+
+      nativeMessagingPaths="$(cat << EOF
+        lib/mozilla/native-messaging-hosts
+        lib/librewolf/native-messaging-hosts
+        etc/opt/chrome/native-messaging-hosts
+        etc/chromium/native-messaging-hosts
+        etc/vivaldi/native-messaging-hosts
+      EOF
+      )"
+
+      cat "$nativeMessagingPaths" | while read -r path; do
+        mkdir -p $out/$path;
+        cp $out/share/"${video-pauser.pname}".json $out/$path/
+      done
+    '';
+  }
diff --git a/hm/soispha/conf/firefox/config/policies/default.nix b/hm/soispha/conf/firefox/config/policies/default.nix
new file mode 100644
index 00000000..ada281d8
--- /dev/null
+++ b/hm/soispha/conf/firefox/config/policies/default.nix
@@ -0,0 +1,141 @@
+{
+  config,
+  extensions,
+  ...
+}: let
+  locals = [
+    "en-CA"
+    "de"
+    "sv-SE"
+  ];
+in {
+  policies = let
+    mkAllowedExtension = extension: {
+      name = extension.addonId;
+      value = {
+        installation_mode = "normal_installed";
+        updates_disabled = true;
+        inherit (extension) default_area;
+        install_url = "file://${builtins.fetchurl {
+          inherit
+            (extension)
+            url
+            sha256
+            ;
+        }}";
+      };
+    };
+    allowedExtensions =
+      builtins.listToAttrs
+      (builtins.map mkAllowedExtension (builtins.attrValues
+          extensions));
+
+    mkBlockedExtension = id: {
+      name = id;
+      value = {
+        install_mode = "blocked";
+      };
+    };
+    blockedExtensions = builtins.listToAttrs (builtins.map mkBlockedExtension [
+      # these are the default search engines
+      "addons-search-detection@mozilla.com"
+      "amazon@search.mozilla.org"
+      "bing@search.mozilla.org"
+      "ddg@search.mozilla.org"
+      "google@search.mozilla.org"
+      "wikipedia@search.mozilla.org"
+    ]);
+
+    language_packs = builtins.listToAttrs (builtins.map
+      (
+        lang: {
+          name = "langpack-${lang}@firefox.mozilla.org";
+          value = {
+            installation_mode = "normal_installed";
+            install_url = "https://releases.mozilla.org/pub/firefox/releases/${config.soispha.firefox.package_version}/linux-x86_64/xpi/${lang}.xpi";
+          };
+        }
+      )
+      locals);
+  in {
+    # NOTE: See https://mozilla.github.io/policy-templates for documentation <2023-10-21>
+
+    # NixOS manages this already
+    DisableAppUpdate = true;
+
+    DisableFirefoxAccounts = true;
+    DisableFirefoxScreenshots = true;
+
+    # KeepassXC does this for me
+    DisableMasterPasswordCreation = true;
+
+    # I use a self-hosted services for that
+    DisablePocket = true;
+
+    # I don't want to lose my data
+    DisableProfileRefresh = true;
+
+    DisplayBookmarksToolbar = "newtab";
+    DisplayMenuBar = "default-off";
+
+    DNSOverHTTPS = {
+      Enabled = true;
+      Locked = false;
+    };
+    # The concept of a "default browser" does not apply to my NixOS config
+    DontCheckDefaultBrowser = true;
+
+    EnableTrackingProtection = {
+      Value = true;
+      Locked = false;
+      Cryptomining = true;
+      Fingerprinting = true;
+      EmailTracking = true;
+    };
+
+    EncryptedMediaExtensions = {
+      # I want a _free_ config (and I can always just run another browser)
+      Enabled = false;
+      Locked = true;
+    };
+
+    ExtensionSettings =
+      {
+        "*" = {
+          blocked_install_message = ''
+            You can't install a extension manually,
+            please specify it in your NixOS configuration
+          '';
+          installation_mode = "blocked";
+        };
+      }
+      // allowedExtensions
+      // blockedExtensions
+      // language_packs;
+    ExtensionUpdate = false;
+
+    # TODO: Add handlers for the default file types <2023-10-21>
+    # Handlers = {
+    # };
+
+    HardwareAcceleration = true;
+
+    InstallAddonsPermission = {
+      Allowed = [];
+      Default = false;
+    };
+
+    # KeepassXC and such things
+    OfferToSaveLogins = false;
+    PasswordManagerEnable = false;
+
+    PDFjs = {
+      Enabled = true;
+      # Don't honor documents right to be un-copy-able
+      EnablePermissions = false;
+    };
+
+    SearchBar = "unified";
+    RequestedLocales = locals;
+  };
+}
diff --git a/hm/soispha/conf/firefox/config/prefs/default.nix b/hm/soispha/conf/firefox/config/prefs/default.nix
index 6bcaf76f..80c6d274 100644
--- a/hm/soispha/conf/firefox/config/prefs/default.nix
+++ b/hm/soispha/conf/firefox/config/prefs/default.nix
@@ -2,11 +2,9 @@
   pkgs,
   config,
   user_js,
-  lib,
+  bookmarks,
   ...
 }: let
-  bookmarks = import ../bookmarks;
-  firefoxBookmarksFile = (import ../../functions/bookmarks) {inherit lib pkgs;};
   user_js_override = pkgs.writeText "user.override.js" (builtins.readFile ./override.js);
 in
   pkgs.runCommand "user.js" {} ''
@@ -16,7 +14,7 @@ in
 
     cat << EOF >> $out/user.js;
     // My bookmarks
-    user_pref("browser.bookmarks.file", "${toString (firefoxBookmarksFile bookmarks)}");
+    user_pref("browser.bookmarks.file", "${toString bookmarks}");
     user_pref("browser.startup.homepage", "file:///home/dt/home.html"); // 0103 // TODO: add this from a flake
     user_pref("browser.download.dir", "${config.xdg.userDirs.download}");
     EOF
diff --git a/hm/soispha/conf/firefox/default.nix b/hm/soispha/conf/firefox/default.nix
index d35b7256..7ebcbbb4 100644
--- a/hm/soispha/conf/firefox/default.nix
+++ b/hm/soispha/conf/firefox/default.nix
@@ -6,88 +6,113 @@
   video_pause,
   ...
 }: let
+  extensions =
+    builtins.fromJSON (builtins.readFile
+      ./config/extensions/extensions.json);
+
   userChrome = builtins.readFile ./config/chrome/userChrome.css;
+  bookmarks = (import ./config/bookmarks/default.nix) {
+    inherit
+      pkgs
+      lib
+      ;
+  };
+  engines = (import ./config/search/engines) {inherit pkgs;};
 
-  user_js_nix = (import ./config/prefs) {inherit pkgs lib config user_js;};
+  native_messaging_hosts = (import ./config/extensions/native_messaging_hosts) {inherit pkgs video_pause;};
 
-  extensions = builtins.map buildFirefoxXpiAddon (
-    lib.attrValues (
-      lib.importJSON ./config/extensions/extensions.json
-    )
-  );
-  engines = (import ./config/search/engines) {inherit pkgs;};
+  policies = (import ./config/policies) {inherit config extensions;};
+
+  search = {
+    default = "Brave Search";
+    force = true;
 
-  # source: https://gitlab.com/rycee/nur-expressions/-/blob/master/pkgs/firefox-addons/default.nix
-  buildFirefoxXpiAddon = (import ./functions/extensions) {inherit pkgs;};
+    inherit engines;
+  };
 
-  video-pauser = (import ./functions/extensions/video-pauser.nix) {inherit pkgs video_pause;};
+  prefConfig = builtins.readFile "${
+    (import ./config/prefs) {inherit pkgs lib config bookmarks user_js;}
+  }/user.js";
 
+  # Package {{{
+  package = import ./package.nix {
+    inherit config lib pkgs;
+    extraPolicies = policies;
+    extraNativeMessagingHosts = native_messaging_hosts;
+  };
+  # }}}
+
+  # Profiles {{{
   profiles = {
     "default" = {
-      inherit extensions search extraConfig bookmarks userChrome;
+      inherit search userChrome;
       isDefault = true;
       id = 0;
       name = "default";
-    };
-    "clean" = {
-      isDefault = false;
-      id = 1;
-      name = "clean";
+      extraConfig = prefConfig;
     };
   };
 
   taskwarriorProfiles = import ../taskwarrior/firefox {
     inherit
-      extensions
-      userChrome
-      extraConfig
-      bookmarks
-      search
-      lib
       config
+      lib
+      # options
+
+      prefConfig
+      search
+      userChrome
       ;
     profile_size = builtins.length (builtins.attrNames profiles);
   };
-
-  search = {
-    default = "Brave Search";
-    force = true;
-
-    inherit engines;
-  };
-
-  bookmarks = [];
-  extraConfig = builtins.readFile "${user_js_nix}/user.js";
+  # }}}
 in {
-  home.packages = [
-    pkgs.tridactyl-native
-  ];
-  home.sessionVariables = {
-    # improve touch input & make scrolling smother
-    MOZ_USE_XINPUT2 = "1";
-    # improve wayland support
-    MOZ_ENABLE_WAYLAND = 1;
-  };
-  xdg.mimeApps = {
-    enable = true;
-    defaultApplications = {
-      "text/html" = ["firefox.desktop"];
-      "x-scheme-handler/http" = ["firefox.desktop"];
-      "x-scheme-handler/https" = ["firefox.desktop"];
-      "x-scheme-handler/about" = ["firefox.desktop"];
-      "x-scheme-handler/unknown" = ["firefox.desktop"];
+  options.soispha.firefox = {
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.firefox;
+      description = "Firefox package to use.";
+      defaultText = lib.literalExpression "pkgs.firefox";
+      relatedPackages = [
+        "firefox"
+        "firefox-beta-bin"
+        "firefox-bin"
+        "firefox-devedition-bin"
+        "firefox-esr"
+      ];
+    };
+    package_version = lib.mkOption {
+      type = lib.types.str;
+      default = pkgs.firefox.version;
+      description = "Firefox version to use";
     };
   };
-  programs.firefox = {
-    enable = true;
-    package = pkgs.firefox-wayland.override {
-      extraNativeMessagingHosts = [video-pauser];
-      cfg = {
-        enableTridactylNative = true;
+
+  config = {
+    soispha.firefox.package = package;
+    soispha.firefox.package_version = pkgs.firefox.version;
+    home.sessionVariables = {
+      # improve touch input & make scrolling smother
+      MOZ_USE_XINPUT2 = "1";
+      # improve wayland support
+      MOZ_ENABLE_WAYLAND = 1;
+    };
+    xdg.mimeApps = {
+      enable = true;
+      defaultApplications = {
+        "text/html" = ["firefox.desktop"];
+        "x-scheme-handler/http" = ["firefox.desktop"];
+        "x-scheme-handler/https" = ["firefox.desktop"];
+        "x-scheme-handler/about" = ["firefox.desktop"];
+        "x-scheme-handler/unknown" = ["firefox.desktop"];
       };
     };
-    profiles =
-      profiles
-      // taskwarriorProfiles;
+    programs.firefox = {
+      enable = true;
+      inherit (config.soispha.firefox) package;
+      profiles =
+        profiles
+        // taskwarriorProfiles;
+    };
   };
 }
diff --git a/hm/soispha/conf/firefox/functions/extensions/default.nix b/hm/soispha/conf/firefox/functions/extensions/default.nix
deleted file mode 100644
index b84461c7..00000000
--- a/hm/soispha/conf/firefox/functions/extensions/default.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{pkgs, ...}: {
-  pname,
-  version,
-  addonId,
-  url,
-  sha256,
-  #meta,
-  ...
-}:
-pkgs.stdenv.mkDerivation {
-  name = "${pname}-${version}";
-
-  #inherit meta;
-
-  src = builtins.fetchurl {inherit url sha256;};
-
-  preferLocalBuild = true;
-  allowSubstitutes = true;
-
-  buildCommand = ''
-    dst="$out/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"
-    mkdir -p "$dst"
-    install -v -m644 "$src" "$dst/${addonId}.xpi"
-  '';
-}
diff --git a/hm/soispha/conf/firefox/functions/extensions/video-pauser.nix b/hm/soispha/conf/firefox/functions/extensions/video-pauser.nix
deleted file mode 100644
index c4c5238f..00000000
--- a/hm/soispha/conf/firefox/functions/extensions/video-pauser.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{
-  pkgs,
-  video_pause,
-  ...
-}:
-pkgs.runCommand "video_pause_native_messaging" {} ''
-  install -d $out/share/
-  cat << EOF > $out/share/video_pauser.json
-  {
-    "name": "video_pauser",
-    "description": "Pause your Videos with a single key stroke!",
-    "path": "${video_pause}/bin/video_pause",
-    "type": "stdio",
-    "allowed_extensions": ["video-pauser@addons.vhack.eu"]
-  }
-  EOF
-
-  nativeMessagingPaths=(
-    /lib/mozilla/native-messaging-hosts
-    /etc/opt/chrome/native-messaging-hosts
-    /etc/chromium/native-messaging-hosts
-    /etc/vivaldi/native-messaging-hosts
-    /lib/librewolf/native-messaging-hosts
-  )
-
-  for manifestDir in "''${nativeMessagingPaths[@]}"; do
-    install -d $out$manifestDir
-    ln -s $out/share/video_pauser.json $out$manifestDir/
-  done
-''
diff --git a/hm/soispha/conf/firefox/package.nix b/hm/soispha/conf/firefox/package.nix
new file mode 100644
index 00000000..8f9d09c0
--- /dev/null
+++ b/hm/soispha/conf/firefox/package.nix
@@ -0,0 +1,32 @@
+# taken from the NixOS Firefox module: https://github.com/NixOS/nixpkgs/blob/7c9cc5a6e5d38010801741ac830a3f8fd667a7a0/nixos/modules/programs/firefox.nix
+{
+  config,
+  lib,
+  pkgs,
+  # options
+  autoConfig ? "",
+  extraNativeMassagingHosts ? [],
+  wrapperConfig ? {},
+  extraPolicies ? {},
+  base_package ? pkgs.firefox,
+  ...
+}: let
+  pkg = base_package.override (old: {
+    inherit extraPolicies;
+    extraPrefs = autoConfig;
+    extraNativeMessagingHosts =
+      old.extraNativeMessagingHosts
+      or []
+      ++ extraNativeMassagingHosts;
+    cfg = let
+      # copy-pasted from the wrapper; TODO: figure out fix
+      applicationName = base_package.binaryName or (lib.getName base_package);
+
+      oldCfg = old.cfg or {};
+      nixpkgsConfig = pkgs.config.${applicationName} or {};
+      optionConfig = wrapperConfig;
+    in
+      oldCfg // nixpkgsConfig // optionConfig;
+  });
+in
+  pkg
author	Soispha <soispha@vhack.eu>	2023-10-21 22:30:59 +0200
committer	Soispha <soispha@vhack.eu>	2023-10-21 22:30:59 +0200
commit	27a254a27df47cac88ce8053b4efe575cf9c481e (patch)
tree	5441124451062b275592bf798e9da88f10851f26 /hm/soispha/conf/firefox
parent	fix(hm/conf/firefox/scr/extensions): Add required 'default_area' (diff)
download	nixos-config-27a254a27df47cac88ce8053b4efe575cf9c481e.zip