195 lines
7.3 KiB
Nix
195 lines
7.3 KiB
Nix
{ tablet ? false }:
|
|
{
|
|
settings = {
|
|
# data privacy
|
|
"browser.discovery.enabled" = false;
|
|
"dom.security.https_only_mode" = true;
|
|
|
|
# no autofill
|
|
"extensions.formautofill.addresses.enabled" = false;
|
|
"extensions.formautofill.creditCards.enabled" = false;
|
|
|
|
# stop fonts
|
|
"browser.display.use_document_fonts" = 0;
|
|
|
|
# dont show about:config warning
|
|
"browser.aboutConfig.showWarning" = false;
|
|
|
|
# dont offer to save passwords
|
|
"signon.rememberSignons" = false;
|
|
|
|
# home page
|
|
"browser.startup.homepage" = "about:blank";
|
|
|
|
# blank new tab
|
|
"browser.newtabpage.enabled" = false;
|
|
|
|
# compact density
|
|
"browser.uidensity" = if tablet then 2 else 1;
|
|
|
|
# userChrome
|
|
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
|
|
|
|
# dont draw tabs in titlebar
|
|
"browser.tabs.drawInTitlebar" = false;
|
|
|
|
# autoscroll middleclick
|
|
"general.autoScroll" = true;
|
|
|
|
# dont paste on middlemouse
|
|
"middlemouse.paste" = false;
|
|
|
|
# menu bar
|
|
"ui.key.menuAccessKeyFocuses" = false;
|
|
|
|
# use desktop file picker
|
|
"widget.use-xdg-desktop-portal.file-picker" = 1;
|
|
|
|
# sidebar at right
|
|
"sidebar.position_start" = false;
|
|
|
|
# new sidebar
|
|
"sidebar.revamp" = true;
|
|
"sidebar.verticalTabs" = true;
|
|
"browser.tabs.hoverPreview.enabled" = false;
|
|
"browser.tabs.hoverPreview.showThumbnails" = false;
|
|
"browser.tabs.groups.hoverPreview.enabled" = false;
|
|
|
|
# disable pocket
|
|
"extensions.pocket.enabled" = false;
|
|
|
|
# browser links should be new tab
|
|
"browser.link.open_newwindow.restriction" = 0;
|
|
|
|
# allow custom search enginers
|
|
"browser.urlbar.update2.engineAliasRefresh" = true;
|
|
|
|
# force enable hardware accel
|
|
"media.hardware-video-decoding.force-enabled" = true;
|
|
|
|
# vaapi
|
|
"media.ffmpeg.vaapi.enabled" = true;
|
|
|
|
# downloads
|
|
# ask to save or open
|
|
"browser.download.always_ask_before_handling_new_types" = true;
|
|
# always ask download location
|
|
"browser.download.useDownloadDir" = false;
|
|
# download to tmp dir, NOT Downloads (seriously Mozilla?)
|
|
"browser.download.start_downloads_in_tmp_dir" = true;
|
|
|
|
# widevine
|
|
"browser.eme.ui.enabled" = false;
|
|
"media.eme.enabled" = false;
|
|
|
|
# media control keys
|
|
"media.hardwaremediakeys.enabled" = false;
|
|
|
|
# restore tabs on startup
|
|
"browser.startup.page" = 3;
|
|
|
|
# do not trim http
|
|
"browser.urlbar.trimURLs" = false;
|
|
|
|
# open in new tabs
|
|
"browser.tabs.loadBookmarksInTabs" = true;
|
|
"browser.search.openintab" = false;
|
|
"browser.urlbar.openintab" = false;
|
|
|
|
# AI
|
|
"browser.ml.chat.page" = false;
|
|
|
|
/* Arkenfox Begin */
|
|
|
|
/* 0320: disable recommendation pane in about:addons (uses Google Analytics) ***/
|
|
"extensions.getAddons.showPane" = false;
|
|
|
|
/* 0321: disable recommendations in about:addons' Extensions and Themes panes [FF68+] ***/
|
|
"extensions.htmlaboutaddons.recommendations.enabled" = false;
|
|
|
|
/* 0330: disable new data submission [FF41+]
|
|
* If disabled, no policy is shown or upload takes place, ever
|
|
* [1] https://bugzilla.mozilla.org/1195552 ***/
|
|
"datareporting.policy.dataSubmissionEnabled" = false;
|
|
|
|
/* 0340: disable Studies
|
|
* [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to install and run studies ***/
|
|
"app.shield.optoutstudies.enabled" = false;
|
|
|
|
/* 0341: disable Normandy/Shield [FF60+]
|
|
* Shield is a telemetry system that can push and test "recipes"
|
|
* [1] https://mozilla.github.io/normandy/ ***/
|
|
"app.normandy.enabled" = false;
|
|
"app.normandy.api_url" = "";
|
|
|
|
/* 0350: disable Crash Reports ***/
|
|
"breakpad.reportURL" = "";
|
|
"browser.tabs.crashReporting.sendReport" = false;
|
|
|
|
/* 0351: enforce no submission of backlogged Crash Reports [FF58+]
|
|
* [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send backlogged crash reports ***/
|
|
"browser.crashReports.unsubmittedCheck.autoSubmit2" = false;
|
|
|
|
/* 0403: disable SB checks for downloads (remote)
|
|
* To verify the safety of certain executable files, Firefox may submit some information about the
|
|
* file, including the name, origin, size and a cryptographic hash of the contents, to the Google
|
|
* Safe Browsing service which helps Firefox determine whether or not the file should be blocked
|
|
* [SETUP-SECURITY] If you do not understand this, or you want this protection, then override this ***/
|
|
"browser.safebrowsing.downloads.remote.enabled" = false;
|
|
"browser.safebrowsing.downloads.remote.url" = "";
|
|
|
|
/* 1201: require safe negotiation
|
|
* Blocks connections to servers that don't support RFC 5746 [2] as they're potentially vulnerable to a
|
|
* MiTM attack [3]. A server without RFC 5746 can be safe from the attack if it disables renegotiations
|
|
* but the problem is that the browser can't know that. Setting this pref to true is the only way for the
|
|
* browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server
|
|
* [SETUP-WEB] SSL_ERROR_UNSAFE_NEGOTIATION: is it worth overriding this for that one site?
|
|
* [STATS] SSL Labs (May 2024) reports over 99.7% of top sites have secure renegotiation [4]
|
|
* [1] https://wiki.mozilla.org/Security:Renegotiation
|
|
* [2] https://datatracker.ietf.org/doc/html/rfc5746
|
|
* [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
|
|
* [4] https://www.ssllabs.com/ssl-pulse/ ***/
|
|
"security.ssl.require_safe_negotiation" = true;
|
|
/* 1206: disable TLS1.3 0-RTT (round-trip time) [FF51+]
|
|
* This data is not forward secret, as it is encrypted solely under keys derived using
|
|
* the offered PSK. There are no guarantees of non-replay between connections
|
|
* [1] https://github.com/tlswg/tls13-spec/issues/1001
|
|
* [2] https://www.rfc-editor.org/rfc/rfc9001.html#name-replay-attacks-with-0-rtt
|
|
* [3] https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/ ***/
|
|
"security.tls.enable_0rtt_data" = false;
|
|
|
|
/* 2002: force WebRTC inside the proxy [FF70+] ***/
|
|
"media.peerconnection.ice.proxy_only_if_behind_proxy" = true;
|
|
/* 2003: force a single network interface for ICE candidates generation [FF42+]
|
|
* When using a system-wide proxy, it uses the proxy interface
|
|
* [1] https://developer.mozilla.org/docs/Web/API/RTCIceCandidate
|
|
* [2] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/
|
|
"media.peerconnection.ice.default_address_only" = true;
|
|
|
|
/* 2701: enable ETP Strict Mode [FF86+]
|
|
* ETP Strict Mode enables Total Cookie Protection (TCP)
|
|
* [NOTE] Adding site exceptions disables all ETP protections for that site and increases the risk of
|
|
* cross-site state tracking e.g. exceptions for SiteA and SiteB means PartyC on both sites is shared
|
|
* [1] https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/
|
|
* [SETTING] to add site exceptions: Urlbar>ETP Shield
|
|
* [SETTING] to manage site exceptions: Options>Privacy & Security>Enhanced Tracking Protection>Manage Exceptions ***/
|
|
"browser.contentblocking.category" = "strict";
|
|
};
|
|
userChrome = ''
|
|
/* For old sidebar */
|
|
#sidebar-box[sidebarcommand="treestyletab_piro_sakura_ne_jp-sidebar-action"] #sidebar-header {
|
|
display: none;
|
|
}
|
|
|
|
/* Remove sidebar revamp */
|
|
#sidebar-panel-header {
|
|
display: none;
|
|
}
|
|
|
|
/* Allow complete collapse of sidebar revamp */
|
|
#sidebar-main:not([sidebar-launcher-expanded]) {
|
|
width: 0;
|
|
}
|
|
'';
|
|
}
|