From e061c76c83b104d04eb054724316a269dc7b3cf8 Mon Sep 17 00:00:00 2001
From: Tristan Druyen <tristan@vault81.de>
Date: Mon, 25 Mar 2024 18:21:09 +0100
Subject: [PATCH] Update firefox prefs

---
 home-mods/firefox/default.nix | 106 +++++++++++++++++++++++++++++++++-
 1 file changed, 105 insertions(+), 1 deletion(-)

diff --git a/home-mods/firefox/default.nix b/home-mods/firefox/default.nix
index 38e7c4d..148c6ba 100644
--- a/home-mods/firefox/default.nix
+++ b/home-mods/firefox/default.nix
@@ -12,10 +12,34 @@
         isDefault = true;
 
         settings = {
+          # Disable internal passwod manager
+          "signon.rememberSignons" = false;
           # Extensions are managed with Nix, so don't update.
           "extensions.update.autoUpdateDefault" = false;
           "extensions.update.enabled" = false;
 
+          # Default to dark theme in DevTools panel
+          "devtools.theme" = "dark";
+
+          # Reduce search engine noise in the urlbar's completion window. The
+          # shortcuts and suggestions will still work, but Firefox won't clutter
+          # its UI with reminders that they exist.
+          "browser.urlbar.suggest.searches" = true; # Let's hope duckduckgo doesn't sell it all :)
+          "browser.urlbar.shortcuts.bookmarks" = false;
+          "browser.urlbar.shortcuts.history" = false;
+          "browser.urlbar.shortcuts.tabs" = false;
+          "browser.urlbar.showSearchSuggestionsFirst" = false;
+          "browser.urlbar.speculativeConnect.enabled" = false;
+          "browser.urlbar.suggest.quicksuggest.nonsponsored" = false;
+          "browser.urlbar.suggest.quicksuggest.sponsored" = false;
+
+          # Disable some not so useful functionality.
+          "browser.disableResetPrompt" = true; # "Looks like you haven't started Firefox in a while."
+          "browser.onboarding.enabled" = false; # "New to Firefox? Let's get started!" tour
+          "browser.aboutConfig.showWarning" = false; # Warning when opening about:config
+          "extensions.pocket.enabled" = false;
+          "extensions.shield-recipe-client.enabled" = false;
+
           # Sync
           # "services.sync.username" = config.etu.user.email;
 
@@ -25,6 +49,25 @@
 
           "browser.startup.page" = 3; # Restore previous windows and tabs.
 
+          # Security-oriented defaults
+          "security.family_safety.mode" = 0;
+          # https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/
+          "security.pki.sha1_enforcement_level" = 1;
+          # https://github.com/tlswg/tls13-spec/issues/1001
+          "security.tls.enable_0rtt_data" = false;
+          # Use Mozilla geolocation service instead of Google if given permission
+          "geo.provider.network.url" = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
+          "geo.provider.use_gpsd" = false;
+          # https://support.mozilla.org/en-US/kb/extension-recommendations
+          "browser.newtabpage.activity-stream.asrouter.userprefs.cfr" = false;
+          "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false;
+          "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false;
+          "extensions.htmlaboutaddons.recommendations.enabled" = false;
+          "extensions.htmlaboutaddons.discover.enabled" = false;
+          "extensions.htmlaboutaddons.inline-options.enabled" = false;
+          "extensions.getAddons.showPane" = false; # uses Google Analytics
+          "browser.discovery.enabled" = false;
+
           # Privacy enhancements
           "browser.newtabpage.activity-stream.feeds.telemetry" = false;
           "browser.newtabpage.activity-stream.telemetry" = false;
@@ -38,12 +81,73 @@
           # Improve performance
           "gfx.webrender.all" = true;
 
+          # Enable ETP for decent security (makes firefox containers and many
+          # common security/privacy add-ons redundant).
+          "browser.contentblocking.category" = "strict";
+          "privacy.purge_trackers.enabled" = true;
           # Do Not Track header
           "privacy.donottrackheader.enabled" = true;
           "privacy.donottrackheader.value" = 1;
+          # Your customized toolbar settings are stored in
+          # 'browser.uiCustomization.state'. This tells firefox to sync it between
+          # machines. WARNING: This may not work across OSes. Since I use NixOS on
+          # all the machines I use Firefox on, this is no concern to me.
+          "services.sync.prefs.sync.browser.uiCustomization.state" = true;
 
           # Enable userChrome customisations
-          # "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
+          "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
+
+          # Reduce File IO / SSD abuse
+          # Otherwise, Firefox bombards the HD with writes. Not so nice for SSDs.
+          # This forces it to write every 15 minutes, rather than 15 seconds.
+          "browser.sessionstore.interval" = "900000";
+          # Disable battery API
+          "dom.battery.enabled" = false;
+          # Disable "beacon" asynchronous HTTP transfers (used for analytics)
+          "beacon.enabled" = false;
+          # Disable pinging URIs specified in HTML <a> ping= attributes
+          "browser.send_pings" = false;
+          # Disable gamepad API to prevent USB device enumeration
+          "dom.gamepad.enabled" = false;
+          # Don't try to guess domain names when entering an invalid domain name in URL bar
+          "browser.fixup.alternate.enabled" = false;
+
+          # Disable telemetry
+          "toolkit.telemetry.unified" = false;
+          "toolkit.telemetry.enabled" = false;
+          "toolkit.telemetry.server" = "data:,";
+          "toolkit.telemetry.archive.enabled" = false;
+          "toolkit.telemetry.coverage.opt-out" = true;
+          "toolkit.coverage.opt-out" = true;
+          "toolkit.coverage.endpoint.base" = "";
+          "experiments.supported" = false;
+          "experiments.enabled" = false;
+          "experiments.manifest.uri" = "";
+          "browser.ping-centre.telemetry" = false;
+          # https://mozilla.github.io/normandy/
+          "app.normandy.enabled" = false;
+          "app.normandy.api_url" = "";
+          "app.shield.optoutstudies.enabled" = false;
+          # Disable health reports (basically more telemetry)
+          # https://support.mozilla.org/en-US/kb/firefox-health-report-understand-your-browser-perf
+          # https://gecko.readthedocs.org/en/latest/toolkit/components/telemetry/telemetry/preferences.html
+          "datareporting.healthreport.uploadEnabled" = false;
+          "datareporting.healthreport.service.enabled" = false;
+          "datareporting.policy.dataSubmissionEnabled" = false;
+
+          # Disable crash reports
+          "breakpad.reportURL" = "";
+          "browser.tabs.crashReporting.sendReport" = false;
+          "browser.crashReports.unsubmittedCheck.autoSubmit2" = false; # don't submit backlogged reports
+
+          # Disable Form autofill
+          # https://wiki.mozilla.org/Firefox/Features/Form_Autofill
+          "browser.formfill.enable" = false;
+          "extensions.formautofill.addresses.enabled" = false;
+          "extensions.formautofill.available" = "off";
+          "extensions.formautofill.creditCards.available" = false;
+          "extensions.formautofill.creditCards.enabled" = false;
+          "extensions.formautofill.heuristics.enabled" = false;
         };
 
         extensions = with config.nur.repos.rycee.firefox-addons; [