Compare commits
7 Commits
580cbd1851
...
e1c510fc64
| Author | SHA1 | Date | |
|---|---|---|---|
|
e1c510fc64 | ||
|
|
e4305c15ac | ||
|
|
5c99e52e09 | ||
|
|
ad7e25dce3 | ||
|
|
1a62299225 | ||
|
|
6e7e52aecf | ||
|
|
a0fa657600 |
12
flake.lock
generated
12
flake.lock
generated
@@ -546,11 +546,11 @@
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1766651565,
|
||||
"narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=",
|
||||
"lastModified": 1768305791,
|
||||
"narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539",
|
||||
"rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -744,11 +744,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1766543224,
|
||||
"narHash": "sha256-96PBoNqh3sPU9t+IXxcB1OjjuQ8HOv42OOh9UtwFHbU=",
|
||||
"lastModified": 1769035606,
|
||||
"narHash": "sha256-I9pKhfhAz3JsGBLIqr9MNycTEQn0Bc3jzf0mKeWLlsE=",
|
||||
"owner": "celenityy",
|
||||
"repo": "Phoenix",
|
||||
"rev": "f09568c8a71af4fe42dd43c6f711c67daf605f1e",
|
||||
"rev": "07d9be8cbf938962f9847b0970274b885ff48792",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
||||
@@ -63,6 +63,7 @@
|
||||
stylix,
|
||||
...
|
||||
}: let
|
||||
phoenix' = (import ./modules/nixos/phoenix.nix) {inherit phoenix;};
|
||||
nix-zulip' = (import "${nix-zulip}/nix/default.nix" {}).output;
|
||||
machines = import ./machines.nix;
|
||||
configuration = machine: modules:
|
||||
@@ -80,7 +81,7 @@
|
||||
impermanence.nixosModules.impermanence
|
||||
nixos-mailserver.nixosModule
|
||||
noshell.nixosModules.default
|
||||
phoenix.nixosModules.default
|
||||
phoenix'.phoenixModule
|
||||
nix-zulip'.nixosModules.zulip
|
||||
{
|
||||
nixpkgs.overlays = [
|
||||
@@ -98,6 +99,7 @@
|
||||
{
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.extraSpecialArgs = {inherit machine;};
|
||||
home-manager.backupFileExtension = "bak";
|
||||
home-manager.users =
|
||||
builtins.mapAttrs
|
||||
(name: value: value)
|
||||
|
||||
@@ -20,7 +20,7 @@
|
||||
./modules/nixos/laptop.nix
|
||||
|
||||
# vpn
|
||||
./modules/nixos/openvpn-client.nix
|
||||
# ./modules/nixos/openvpn-client.nix
|
||||
|
||||
# ly display manager
|
||||
./modules/nixos/ly.nix
|
||||
|
||||
61
modules/nixos/phoenix.nix
Normal file
61
modules/nixos/phoenix.nix
Normal file
@@ -0,0 +1,61 @@
|
||||
{phoenix, ...}: rec {
|
||||
phoenixOverlay = final: prev: {
|
||||
phoenix = (final.callPackage (import "${phoenix}/nix/package.nix")
|
||||
{
|
||||
}).overrideAttrs {
|
||||
patches = [
|
||||
../../patches/0001-autoDisableScopes-unlocked.patch
|
||||
];
|
||||
};
|
||||
withPhoenix = firefoxPackage:
|
||||
firefoxPackage.override {
|
||||
extraPoliciesFiles = ["${final.phoenix}/policies.json"];
|
||||
extraPrefsFiles = ["${final.phoenix}/phoenix.cfg"];
|
||||
};
|
||||
};
|
||||
phoenixModule = {
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
options.programs.firefox.phoenix = {
|
||||
enable =
|
||||
lib.mkEnableOption "Enable privacy & security hardening of Firefox using the Phoenix configs"
|
||||
// {
|
||||
default = true;
|
||||
};
|
||||
firefoxPackages = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
default = ["firefox"];
|
||||
description = "The name of Firefox packages of current pkgs to patch with phoenix config and policy.";
|
||||
};
|
||||
};
|
||||
config = let
|
||||
cfg = config.programs.firefox.phoenix;
|
||||
in
|
||||
lib.mkIf cfg.enable {
|
||||
assertions = [
|
||||
{
|
||||
assertion = !pkgs.stdenv.isDarwin;
|
||||
message = "Phoenix module has not been ported to nix-darwin yet. Contributions welcomed.";
|
||||
}
|
||||
];
|
||||
environment.etc."firefox/defaults/pref/phoenix-desktop.js".source = "${pkgs.phoenix}/pref/phoenix-desktop.js";
|
||||
environment.etc."firefox/phoenix/userjs".source = "${pkgs.phoenix}/userjs";
|
||||
environment.etc."firefox/phoenix/configs".source = "${pkgs.phoenix}/configs";
|
||||
environment.etc."firefox/phoenix/assets".source = "${pkgs.phoenix}/assets";
|
||||
programs.firefox.policies =
|
||||
(builtins.fromJSON (builtins.readFile "${pkgs.phoenix}/policies.json")).policies;
|
||||
nixpkgs.overlays = [
|
||||
phoenixOverlay
|
||||
(
|
||||
final: prev:
|
||||
builtins.listToAttrs (
|
||||
map (p: lib.nameValuePair p (final.withPhoenix prev.${p})) cfg.firefoxPackages
|
||||
)
|
||||
)
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
25
patches/0001-autoDisableScopes-unlocked.patch
Normal file
25
patches/0001-autoDisableScopes-unlocked.patch
Normal file
@@ -0,0 +1,25 @@
|
||||
From 1eeab7cf3b5d41e3e10959ef2ff5298eac86c9fa Mon Sep 17 00:00:00 2001
|
||||
From: andromeda <andromeda@lenovo>
|
||||
Date: Sun, 25 Jan 2026 10:41:03 +0100
|
||||
Subject: [PATCH] autoDisableScopes unlocked
|
||||
|
||||
---
|
||||
build/phoenix-unified.js | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/build/phoenix-unified.js b/build/phoenix-unified.js
|
||||
index e183890e..fd58b176 100644
|
||||
--- a/build/phoenix-unified.js
|
||||
+++ b/build/phoenix-unified.js
|
||||
@@ -2204,7 +2204,7 @@ pref("xpinstall.whitelist.add.NoScript.PBM", "https://noscript.net^privateBrowsi
|
||||
// https://archive.is/DYjAM
|
||||
// https://support.mozilla.org/kb/deploying-firefox-with-extensions
|
||||
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/extensions/internal/AddonSettings.sys.mjs#125
|
||||
-pref("extensions.autoDisableScopes", 15, locked); // [DEFAULT - non-Thunderbird] Defense in depth, ensures sideloaded extensions are always disabled by default...
|
||||
+pref("extensions.autoDisableScopes", 15); // [DEFAULT - non-Thunderbird] Defense in depth, ensures sideloaded extensions are always disabled by default...
|
||||
pref("extensions.enabledScopes", 5); // [HIDDEN]
|
||||
pref("extensions.installDistroAddons", false); // [HIDDEN - non-Android] [DEFAULT - Android]
|
||||
pref("extensions.sideloadScopes", 0); // [HIDDEN]
|
||||
--
|
||||
2.52.0
|
||||
|
||||
@@ -39,6 +39,7 @@ in {
|
||||
pkgs.grim
|
||||
pkgs.jmtpfs
|
||||
pkgs.nix-output-monitor
|
||||
pkgs.npins
|
||||
pkgs.ranger
|
||||
pkgs.rip2
|
||||
pkgs.ripgrep
|
||||
@@ -97,69 +98,18 @@ in {
|
||||
cfg.enableTridactylNative = true;
|
||||
};
|
||||
profiles.${config.home.username} = {
|
||||
extensions.packages = [
|
||||
pkgs.nur.repos.rycee.firefox-addons.tridactyl
|
||||
];
|
||||
search = {
|
||||
default = "ddghtml";
|
||||
privateDefault = "ddghtml";
|
||||
order = [
|
||||
"wiki"
|
||||
"options"
|
||||
"packages"
|
||||
"repos"
|
||||
extensions = {
|
||||
force = true;
|
||||
packages = [
|
||||
pkgs.nur.repos.rycee.firefox-addons.tridactyl
|
||||
];
|
||||
};
|
||||
search = {
|
||||
default = "DuckDuckGo (HTML)";
|
||||
privateDefault = "DuckDuckGo (HTML)";
|
||||
order = [
|
||||
"DuckDuckGo (HTML)"
|
||||
];
|
||||
engines = {
|
||||
"packages" = {
|
||||
urls = [
|
||||
{
|
||||
template = "https://search.nixos.org/packages";
|
||||
params = [
|
||||
{
|
||||
name = "channel";
|
||||
value = "unstable";
|
||||
}
|
||||
{
|
||||
name = "query";
|
||||
value = "{searchTerms}";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
"options" = {
|
||||
urls = [
|
||||
{
|
||||
template = "https://search.nixos.org/options";
|
||||
params = [
|
||||
{
|
||||
name = "channel";
|
||||
value = "unstable";
|
||||
}
|
||||
{
|
||||
name = "query";
|
||||
value = "{searchTerms}";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
"wiki" = {
|
||||
urls = [
|
||||
{
|
||||
template = "https://wiki.nixos.org/w/index.php";
|
||||
params = [
|
||||
{
|
||||
name = "search";
|
||||
value = "{searchTerms}";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
settings = {
|
||||
"extensions.autoDisableScopes" = 0;
|
||||
|
||||
Reference in New Issue
Block a user