13 files changed, 165 insertions, 72 deletions

diff --git a/flake.lock b/flake.lock
index 6c69e8f..dcd7228 100644
--- a/flake.lock
+++ b/flake.lock
@@ -107,28 +107,6 @@
         "type": "github"
       }
     },
-    "firefox-addons": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "dir": "pkgs/firefox-addons",
-        "lastModified": 1755702597,
-        "narHash": "sha256-Z56emoVLFBhX/WcoXWiXienLX8jHrBExyqQjNd5/r0k=",
-        "owner": "rycee",
-        "repo": "nur-expressions",
-        "rev": "2dcb371b407ba4009e27a8e8adf88e6f93d40bfb",
-        "type": "gitlab"
-      },
-      "original": {
-        "dir": "pkgs/firefox-addons",
-        "owner": "rycee",
-        "repo": "nur-expressions",
-        "type": "gitlab"
-      }
-    },
     "flake-compat": {
       "flake": false,
       "locked": {
@@ -165,6 +143,27 @@
         "type": "github"
       }
     },
+    "flake-parts_2": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "nur",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1733312601,
+        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
     "gitignore": {
       "inputs": {
         "nixpkgs": [
@@ -276,6 +275,27 @@
         "type": "github"
       }
     },
+    "nur": {
+      "inputs": {
+        "flake-parts": "flake-parts_2",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1755787749,
+        "narHash": "sha256-WiPoEu+INsUx7/Qhi833roT2aOuqS4BNFYjkZdXbuO4=",
+        "owner": "nix-community",
+        "repo": "NUR",
+        "rev": "203c285f8ad8faf047660044bd40049dfe98974d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "NUR",
+        "type": "github"
+      }
+    },
     "pre-commit-hooks": {
       "inputs": {
         "flake-compat": "flake-compat",
@@ -304,11 +324,11 @@
         "darwin": "darwin_2",
         "disko": "disko",
         "emacs-overlay": "emacs-overlay",
-        "firefox-addons": "firefox-addons",
         "flake-parts": "flake-parts",
         "home-manager": "home-manager_2",
         "nixpkgs": "nixpkgs",
         "nixpkgsUnstable": "nixpkgsUnstable",
+        "nur": "nur",
         "pre-commit-hooks": "pre-commit-hooks",
         "treefmt-nix": "treefmt-nix"
       }
diff --git a/flake.nix b/flake.nix
index c19122e..eb12b3d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -41,8 +41,8 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    firefox-addons = {
-      url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
+    nur = {
+      url = "github:nix-community/NUR";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
diff --git a/flake/overlays.nix b/flake/overlays.nix
index e38f0e5..504fdfd 100644
--- a/flake/overlays.nix
+++ b/flake/overlays.nix
@@ -15,6 +15,7 @@
         overlays = [
           inputs.agenix.overlays.default
           inputs.emacs-overlay.overlay
+          inputs.nur.overlays.default
           self.overlays.default
         ];
       };
diff --git a/home/profiles/mac.nix b/home/profiles/mac.nix
index 79ab6cb..2e61198 100644
--- a/home/profiles/mac.nix
+++ b/home/profiles/mac.nix
@@ -7,7 +7,7 @@
     "${self}/home/programs/emacs"
     "${self}/home/programs/eza.nix"
     "${self}/home/programs/fd.nix"
-    "${self}/home/programs/firefox.nix"
+    "${self}/home/programs/firefox"
     "${self}/home/programs/fish.nix"
     "${self}/home/programs/gh.nix"
     "${self}/home/programs/git.nix"
diff --git a/home/programs/firefox.nix b/home/programs/firefox.nix
deleted file mode 100644
index 5733aa4..0000000
--- a/home/programs/firefox.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{ pkgs, inputs, ... }:
-{
-  programs.firefox = {
-    enable = true;
-    policies = {
-      DisablePocket = true;
-      AppAutoUpdate = false; # managed by nix
-      DontCheckDefaultBrowser = true;
-      DisableTelemetry = true;
-      EnableTrackingProtection = {
-        Value = true;
-        Cryptomining = true;
-        Fingerprinting = true;
-        EmailTracking = true;
-      };
-      DisableSetDesktopBackground = true;
-      OfferToSaveLogins = false;
-      PasswordManagerEnabled = false;
-      FirefoxHome = {
-        TopSites = false;
-        SponsoredTopSites = false;
-        Highlights = false;
-        Pocket = false;
-        SponsoredPocket = false;
-        Snippets = false;
-      };
-    };
-    profiles = {
-      franck = {
-        isDefault = true;
-        settings = {
-          "browser.tabs.groups.enabled" = true;
-          "browser.urlbar.trimURLs" = false; # show the complete URL
-          "sidebar.revamp" = true;
-          "sidebar.revamp.round-content-area" = true;
-          "sidebar.verticalTabs" = true; # vertical tabs
-        };
-        extensions = with inputs.firefox-addons.packages.${pkgs.system}; [
-          sponsorblock
-          ublock-origin
-        ];
-      };
-    };
-  };
-}
diff --git a/home/programs/firefox/bookmarks.nix b/home/programs/firefox/bookmarks.nix
new file mode 100644
index 0000000..ede02bd
--- /dev/null
+++ b/home/programs/firefox/bookmarks.nix
@@ -0,0 +1,19 @@
+{
+  force = true;
+  settings = [
+    {
+      name = "main";
+      toolbar = true;
+      bookmarks = [
+        {
+          name = "hackernews";
+          url = "https://news.ycombinator.com/";
+        }
+        {
+          name = "lobsters";
+          url = "https://lobste.rs/";
+        }
+      ];
+    }
+  ];
+}
diff --git a/home/programs/firefox/containers.nix b/home/programs/firefox/containers.nix
new file mode 100644
index 0000000..c96ec1c
--- /dev/null
+++ b/home/programs/firefox/containers.nix
@@ -0,0 +1,17 @@
+{
+  personal = {
+    color = "red";
+    icon = "tree";
+    id = 1;
+  };
+  work = {
+    color = "pink";
+    icon = "briefcase";
+    id = 2;
+  };
+  google = {
+    color = "blue";
+    id = 3;
+    icon = "circle";
+  };
+}
diff --git a/home/programs/firefox/default.nix b/home/programs/firefox/default.nix
new file mode 100644
index 0000000..61fd457
--- /dev/null
+++ b/home/programs/firefox/default.nix
@@ -0,0 +1,28 @@
+{ pkgs, ... }:
+let
+  extensions = import ./extensions.nix { inherit pkgs; };
+  containers = import ./containers.nix;
+  settings = import ./settings.nix;
+  bookmarks = import ./bookmarks.nix;
+  policies = import ./policies.nix;
+in
+{
+  programs.firefox = {
+    enable = true;
+    # we want to use a signed binary so that extensions like 1password work with it
+    package = pkgs.firefox-bin;
+    inherit policies;
+    profiles = {
+      franck = {
+        isDefault = true;
+        containersForce = false;
+        inherit containers;
+        inherit settings;
+        inherit bookmarks;
+        extensions = {
+          packages = extensions;
+        };
+      };
+    };
+  };
+}
diff --git a/home/programs/firefox/extensions.nix b/home/programs/firefox/extensions.nix
new file mode 100644
index 0000000..9f641c9
--- /dev/null
+++ b/home/programs/firefox/extensions.nix
@@ -0,0 +1,7 @@
+{ pkgs, ... }:
+with pkgs.nur.repos.rycee.firefox-addons;
+[
+  consent-o-matic
+  sponsorblock
+  ublock-origin
+]
diff --git a/home/programs/firefox/policies.nix b/home/programs/firefox/policies.nix
new file mode 100644
index 0000000..4fba91b
--- /dev/null
+++ b/home/programs/firefox/policies.nix
@@ -0,0 +1,31 @@
+{
+  DisablePocket = true;
+  DisableFirefoxStudies = true;
+  AppAutoUpdate = false; # Disable automatic application update
+  ManualAppUpdateOnly = true; # No update prompts
+  DontCheckDefaultBrowser = true;
+
+  DisableTelemetry = true;
+  EnableTrackingProtection = {
+    Value = true;
+    Cryptomining = true;
+    Fingerprinting = true;
+    EmailTracking = true;
+  };
+  DisableSetDesktopBackground = true;
+  OfferToSaveLogins = false;
+  OfferToSaveLoginsDefault = false;
+
+  NoDefaultBookmarks = true;
+
+  PasswordManagerEnabled = false; # we use 1password
+
+  FirefoxHome = {
+    TopSites = false;
+    SponsoredTopSites = false;
+    Highlights = false;
+    Pocket = false;
+    SponsoredPocket = false;
+    Snippets = false;
+  };
+}
diff --git a/home/programs/firefox/settings.nix b/home/programs/firefox/settings.nix
new file mode 100644
index 0000000..304c99f
--- /dev/null
+++ b/home/programs/firefox/settings.nix
@@ -0,0 +1,9 @@
+{
+  "browser.tabs.groups.enabled" = true; # https://support.mozilla.org/en-US/kb/tab-groups
+  "browser.tabs.groups.smart.enabled" = true; # https://support.mozilla.org/en-US/kb/tab-groups
+  "browser.toolbars.bookmarks.visibility" = "never"; # don't show bookmark tabs
+  "browser.urlbar.trimURLs" = false; # show the complete URL
+  "sidebar.main.tools" = "aichat,history,bookmarks";
+  "sidebar.revamp" = true;
+  "sidebar.verticalTabs" = true; # vertical tabs
+}
diff --git a/home/programs/onepassword.nix b/home/programs/onepassword.nix
index f364a9e..6f7b7f5 100644
--- a/home/programs/onepassword.nix
+++ b/home/programs/onepassword.nix
@@ -1,4 +1,4 @@
-{ ... }:
+{ pkgs, ... }:
 {
   programs.onepassword = {
     enable = true;
@@ -6,4 +6,9 @@
       { account = "my.1password.com"; } # All keys from personal account
     ];
   };
+
+  # install the extension for firefox
+  programs.firefox.profiles.franck.extensions.packages = [
+    pkgs.nur.repos.rycee.firefox-addons.onepassword-password-manager
+  ];
 }
diff --git a/profiles/programs/home-manager.nix b/profiles/programs/home-manager.nix
index c01ccb7..738987a 100644
--- a/profiles/programs/home-manager.nix
+++ b/profiles/programs/home-manager.nix
@@ -27,6 +27,7 @@
       nixpkgs.overlays = [
         inputs.agenix.overlays.default
         inputs.emacs-overlay.overlay
+        inputs.nur.overlays.default
         self.overlays.default
       ];
       nixpkgs.config.allowUnfree = true;