From c192c1f2ad4ecb4058c231dc455fbfc738917bcd Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Thu, 21 Aug 2025 17:46:28 -0700 Subject: split-up firefox configuration Ensure we install the bin package, so that we can use the 1password extension (we need a signed binary for that). --- flake.lock | 66 +++++++++++++++++++++++------------- flake.nix | 4 +-- flake/overlays.nix | 1 + home/profiles/mac.nix | 2 +- home/programs/firefox.nix | 45 ------------------------ home/programs/firefox/bookmarks.nix | 19 +++++++++++ home/programs/firefox/containers.nix | 17 ++++++++++ home/programs/firefox/default.nix | 28 +++++++++++++++ home/programs/firefox/extensions.nix | 7 ++++ home/programs/firefox/policies.nix | 31 +++++++++++++++++ home/programs/firefox/settings.nix | 9 +++++ home/programs/onepassword.nix | 7 +++- profiles/programs/home-manager.nix | 1 + 13 files changed, 165 insertions(+), 72 deletions(-) delete mode 100644 home/programs/firefox.nix create mode 100644 home/programs/firefox/bookmarks.nix create mode 100644 home/programs/firefox/containers.nix create mode 100644 home/programs/firefox/default.nix create mode 100644 home/programs/firefox/extensions.nix create mode 100644 home/programs/firefox/policies.nix create mode 100644 home/programs/firefox/settings.nix diff --git a/flake.lock b/flake.lock index 6c69e8f..dcd7228 100644 --- a/flake.lock +++ b/flake.lock @@ -107,28 +107,6 @@ "type": "github" } }, - "firefox-addons": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "dir": "pkgs/firefox-addons", - "lastModified": 1755702597, - "narHash": "sha256-Z56emoVLFBhX/WcoXWiXienLX8jHrBExyqQjNd5/r0k=", - "owner": "rycee", - "repo": "nur-expressions", - "rev": "2dcb371b407ba4009e27a8e8adf88e6f93d40bfb", - "type": "gitlab" - }, - "original": { - "dir": "pkgs/firefox-addons", - "owner": "rycee", - "repo": "nur-expressions", - "type": "gitlab" - } - }, "flake-compat": { "flake": false, "locked": { @@ -165,6 +143,27 @@ "type": "github" } }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "gitignore": { "inputs": { "nixpkgs": [ @@ -276,6 +275,27 @@ "type": "github" } }, + "nur": { + "inputs": { + "flake-parts": "flake-parts_2", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1755787749, + "narHash": "sha256-WiPoEu+INsUx7/Qhi833roT2aOuqS4BNFYjkZdXbuO4=", + "owner": "nix-community", + "repo": "NUR", + "rev": "203c285f8ad8faf047660044bd40049dfe98974d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, "pre-commit-hooks": { "inputs": { "flake-compat": "flake-compat", @@ -304,11 +324,11 @@ "darwin": "darwin_2", "disko": "disko", "emacs-overlay": "emacs-overlay", - "firefox-addons": "firefox-addons", "flake-parts": "flake-parts", "home-manager": "home-manager_2", "nixpkgs": "nixpkgs", "nixpkgsUnstable": "nixpkgsUnstable", + "nur": "nur", "pre-commit-hooks": "pre-commit-hooks", "treefmt-nix": "treefmt-nix" } diff --git a/flake.nix b/flake.nix index c19122e..eb12b3d 100644 --- a/flake.nix +++ b/flake.nix @@ -41,8 +41,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - firefox-addons = { - url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; + nur = { + url = "github:nix-community/NUR"; inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/flake/overlays.nix b/flake/overlays.nix index e38f0e5..504fdfd 100644 --- a/flake/overlays.nix +++ b/flake/overlays.nix @@ -15,6 +15,7 @@ overlays = [ inputs.agenix.overlays.default inputs.emacs-overlay.overlay + inputs.nur.overlays.default self.overlays.default ]; }; diff --git a/home/profiles/mac.nix b/home/profiles/mac.nix index 79ab6cb..2e61198 100644 --- a/home/profiles/mac.nix +++ b/home/profiles/mac.nix @@ -7,7 +7,7 @@ "${self}/home/programs/emacs" "${self}/home/programs/eza.nix" "${self}/home/programs/fd.nix" - "${self}/home/programs/firefox.nix" + "${self}/home/programs/firefox" "${self}/home/programs/fish.nix" "${self}/home/programs/gh.nix" "${self}/home/programs/git.nix" diff --git a/home/programs/firefox.nix b/home/programs/firefox.nix deleted file mode 100644 index 5733aa4..0000000 --- a/home/programs/firefox.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ pkgs, inputs, ... }: -{ - programs.firefox = { - enable = true; - policies = { - DisablePocket = true; - AppAutoUpdate = false; # managed by nix - DontCheckDefaultBrowser = true; - DisableTelemetry = true; - EnableTrackingProtection = { - Value = true; - Cryptomining = true; - Fingerprinting = true; - EmailTracking = true; - }; - DisableSetDesktopBackground = true; - OfferToSaveLogins = false; - PasswordManagerEnabled = false; - FirefoxHome = { - TopSites = false; - SponsoredTopSites = false; - Highlights = false; - Pocket = false; - SponsoredPocket = false; - Snippets = false; - }; - }; - profiles = { - franck = { - isDefault = true; - settings = { - "browser.tabs.groups.enabled" = true; - "browser.urlbar.trimURLs" = false; # show the complete URL - "sidebar.revamp" = true; - "sidebar.revamp.round-content-area" = true; - "sidebar.verticalTabs" = true; # vertical tabs - }; - extensions = with inputs.firefox-addons.packages.${pkgs.system}; [ - sponsorblock - ublock-origin - ]; - }; - }; - }; -} diff --git a/home/programs/firefox/bookmarks.nix b/home/programs/firefox/bookmarks.nix new file mode 100644 index 0000000..ede02bd --- /dev/null +++ b/home/programs/firefox/bookmarks.nix @@ -0,0 +1,19 @@ +{ + force = true; + settings = [ + { + name = "main"; + toolbar = true; + bookmarks = [ + { + name = "hackernews"; + url = "https://news.ycombinator.com/"; + } + { + name = "lobsters"; + url = "https://lobste.rs/"; + } + ]; + } + ]; +} diff --git a/home/programs/firefox/containers.nix b/home/programs/firefox/containers.nix new file mode 100644 index 0000000..c96ec1c --- /dev/null +++ b/home/programs/firefox/containers.nix @@ -0,0 +1,17 @@ +{ + personal = { + color = "red"; + icon = "tree"; + id = 1; + }; + work = { + color = "pink"; + icon = "briefcase"; + id = 2; + }; + google = { + color = "blue"; + id = 3; + icon = "circle"; + }; +} diff --git a/home/programs/firefox/default.nix b/home/programs/firefox/default.nix new file mode 100644 index 0000000..61fd457 --- /dev/null +++ b/home/programs/firefox/default.nix @@ -0,0 +1,28 @@ +{ pkgs, ... }: +let + extensions = import ./extensions.nix { inherit pkgs; }; + containers = import ./containers.nix; + settings = import ./settings.nix; + bookmarks = import ./bookmarks.nix; + policies = import ./policies.nix; +in +{ + programs.firefox = { + enable = true; + # we want to use a signed binary so that extensions like 1password work with it + package = pkgs.firefox-bin; + inherit policies; + profiles = { + franck = { + isDefault = true; + containersForce = false; + inherit containers; + inherit settings; + inherit bookmarks; + extensions = { + packages = extensions; + }; + }; + }; + }; +} diff --git a/home/programs/firefox/extensions.nix b/home/programs/firefox/extensions.nix new file mode 100644 index 0000000..9f641c9 --- /dev/null +++ b/home/programs/firefox/extensions.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +with pkgs.nur.repos.rycee.firefox-addons; +[ + consent-o-matic + sponsorblock + ublock-origin +] diff --git a/home/programs/firefox/policies.nix b/home/programs/firefox/policies.nix new file mode 100644 index 0000000..4fba91b --- /dev/null +++ b/home/programs/firefox/policies.nix @@ -0,0 +1,31 @@ +{ + DisablePocket = true; + DisableFirefoxStudies = true; + AppAutoUpdate = false; # Disable automatic application update + ManualAppUpdateOnly = true; # No update prompts + DontCheckDefaultBrowser = true; + + DisableTelemetry = true; + EnableTrackingProtection = { + Value = true; + Cryptomining = true; + Fingerprinting = true; + EmailTracking = true; + }; + DisableSetDesktopBackground = true; + OfferToSaveLogins = false; + OfferToSaveLoginsDefault = false; + + NoDefaultBookmarks = true; + + PasswordManagerEnabled = false; # we use 1password + + FirefoxHome = { + TopSites = false; + SponsoredTopSites = false; + Highlights = false; + Pocket = false; + SponsoredPocket = false; + Snippets = false; + }; +} diff --git a/home/programs/firefox/settings.nix b/home/programs/firefox/settings.nix new file mode 100644 index 0000000..304c99f --- /dev/null +++ b/home/programs/firefox/settings.nix @@ -0,0 +1,9 @@ +{ + "browser.tabs.groups.enabled" = true; # https://support.mozilla.org/en-US/kb/tab-groups + "browser.tabs.groups.smart.enabled" = true; # https://support.mozilla.org/en-US/kb/tab-groups + "browser.toolbars.bookmarks.visibility" = "never"; # don't show bookmark tabs + "browser.urlbar.trimURLs" = false; # show the complete URL + "sidebar.main.tools" = "aichat,history,bookmarks"; + "sidebar.revamp" = true; + "sidebar.verticalTabs" = true; # vertical tabs +} diff --git a/home/programs/onepassword.nix b/home/programs/onepassword.nix index f364a9e..6f7b7f5 100644 --- a/home/programs/onepassword.nix +++ b/home/programs/onepassword.nix @@ -1,4 +1,4 @@ -{ ... }: +{ pkgs, ... }: { programs.onepassword = { enable = true; @@ -6,4 +6,9 @@ { account = "my.1password.com"; } # All keys from personal account ]; }; + + # install the extension for firefox + programs.firefox.profiles.franck.extensions.packages = [ + pkgs.nur.repos.rycee.firefox-addons.onepassword-password-manager + ]; } diff --git a/profiles/programs/home-manager.nix b/profiles/programs/home-manager.nix index c01ccb7..738987a 100644 --- a/profiles/programs/home-manager.nix +++ b/profiles/programs/home-manager.nix @@ -27,6 +27,7 @@ nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.emacs-overlay.overlay + inputs.nur.overlays.default self.overlays.default ]; nixpkgs.config.allowUnfree = true; -- cgit v1.2.3