From 47408cfce05f8f3856dd41e6647717e0fdf6fbb7 Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Thu, 23 Jan 2025 19:14:25 -0500
Subject: [PATCH] Do not install firefox on neelix.

---
 nix/configuration/hosts/odo/default.nix     |   1 +
 nix/configuration/roles/firefox/default.nix | 229 +++++++++++---------
 2 files changed, 123 insertions(+), 107 deletions(-)

diff --git a/nix/configuration/hosts/odo/default.nix b/nix/configuration/hosts/odo/default.nix
index 4568c08..058a2c5 100644
--- a/nix/configuration/hosts/odo/default.nix
+++ b/nix/configuration/hosts/odo/default.nix
@@ -36,6 +36,7 @@
   me.chromium.enable = true;
   me.docker.enable = true;
   me.emacs_flavor = "full";
+  me.firefox.enable = true;
   me.graphical = true;
   me.graphics_card_type = "amd";
   me.sway.enable = true;
diff --git a/nix/configuration/roles/firefox/default.nix b/nix/configuration/roles/firefox/default.nix
index 4d387bb..dc72a3e 100644
--- a/nix/configuration/roles/firefox/default.nix
+++ b/nix/configuration/roles/firefox/default.nix
@@ -8,114 +8,129 @@
 {
   imports = [ ];
 
-  programs.firefox = {
-    enable = true;
-    package = (pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true; }) { });
-    languagePacks = [ "en-US" ];
-    preferences = {
-      # "identity.sync.tokenserver.uri": "https://ffsync.fizz.buzz/token/1.0/sync/1.5";
-      "media.hardware-video-decoding.force-enabled" = true;
-      "media.ffmpeg.vaapi.enabled" = true;
-      "doh-rollout.doorhanger-decision" = "UIDisabled";
-      "dom.security.https_only_mode" = true;
-      "dom.security.https_only_mode_ever_enabled" = true;
-      "extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
-      # Disable ads
-      "extensions.pocket.enabled" = false;
-      "browser.newtabpage.activity-stream.showSponsored" = false;
-      "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
-      "browser.newtabpage.activity-stream.feeds.section.topstories" = false;
-      "browser.newtabpage.pinned" = "[]";
-      "browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
-      "browser.topsites.contile.enabled" = false;
-      # Disable cache when devtools are open.
-      "devtools.cache.disabled" = true;
-      # Do not track header.
-      "privacy.donottrackheader.enabled" = true;
-      # Tell websites not to share or sell my data.
-      "privacy.globalprivacycontrol.enabled" = true;
-      # Disable "studies" (slice testing)
-      "app.shield.optoutstudies.enabled" = false;
-      # Disable attribution which is used by advertisers to track you.
-      "dom.private-attribution.submission.enabled" = false;
-      # Disable battery status, used to track users.
-      "dom.battery.enabled" = false;
-
-      # Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
-      #
-      # This breaks copying from BigQuery https://github.com/microsoft/monaco-editor/issues/1540
-      # dom.event.clipboardevents.enabled: false
-
-      # Isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.
-      "privacy.firstparty.isolate" = true;
-      # Do not preload URLs that auto-complete in the address bar.
-      "browser.urlbar.speculativeConnect.enabled" = false;
-      # Do not resist fingerprinting because that tells websites to use light mode.
-      # https://bugzilla.mozilla.org/show_bug.cgi?id=1732114
-      "privacy.resistFingerprinting" = false; # (default false)
-      # Instead, enable fingerprinting protection, which allows configuring an override.
-      "privacy.fingerprintingProtection" = true;
-      # Allow sending dark mode preference to websites.
-      # Allow sending timezone to websites.
-      "privacy.fingerprintingProtection.overrides" =
-        "+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked";
-      # Disable weather on new tab page
-      "browser.newtabpage.activity-stream.showWeather" = false;
-    };
-    # Check about:policies#documentation and https://mozilla.github.io/policy-templates/ for options.
-    policies = {
-      DisableTelemetry = true;
-      DisplayBookmarksToolbar = "newtab";
-
-      # Check about:support for extension/add-on ID strings.
-      # Valid strings for installation_mode are "allowed", "blocked",
-      # "force_installed" and "normal_installed".
-      ExtensionSettings = {
-        # "*".installation_mode = "blocked"; # blocks all addons except the ones specified below
-        "uBlock0@raymondhill.net" = {
-          install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
-          installation_mode = "force_installed";
-        };
-        "firefox@teleparty.com" = {
-          install_url = "https://addons.mozilla.org/firefox/downloads/latest/netflix-party-is-now-teleparty/latest.xpi";
-          installation_mode = "normal_installed";
-        };
-        "@ublacklist" = {
-          install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublacklist/latest.xpi";
-          installation_mode = "normal_installed";
-        };
-        "@react-devtools" = {
-          install_url = "https://addons.mozilla.org/firefox/downloads/latest/react-devtools/latest.xpi";
-          installation_mode = "normal_installed";
-        };
-      };
+  options.me = {
+    firefox.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install firefox.";
     };
   };
 
-  environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
-    hideMounts = true;
-    users.talexander = {
-      directories = [
-        {
-          directory = ".mozilla";
-          user = "talexander";
-          group = "talexander";
-          mode = "0700";
-        }
-      ];
-    };
-  };
-  environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
-    hideMounts = true;
-    users.talexander = {
-      directories = [
-        {
-          directory = ".cache/mozilla";
-          user = "talexander";
-          group = "talexander";
-          mode = "0700";
-        }
-      ];
-    };
-  };
+  config = lib.mkIf config.me.firefox.enable (
+    lib.mkMerge [
+      (lib.mkIf config.me.graphical {
+        programs.firefox = {
+          enable = true;
+          package = (pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true; }) { });
+          languagePacks = [ "en-US" ];
+          preferences = {
+            # "identity.sync.tokenserver.uri": "https://ffsync.fizz.buzz/token/1.0/sync/1.5";
+            "media.hardware-video-decoding.force-enabled" = true;
+            "media.ffmpeg.vaapi.enabled" = true;
+            "doh-rollout.doorhanger-decision" = "UIDisabled";
+            "dom.security.https_only_mode" = true;
+            "dom.security.https_only_mode_ever_enabled" = true;
+            "extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
+            # Disable ads
+            "extensions.pocket.enabled" = false;
+            "browser.newtabpage.activity-stream.showSponsored" = false;
+            "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
+            "browser.newtabpage.activity-stream.feeds.section.topstories" = false;
+            "browser.newtabpage.pinned" = "[]";
+            "browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
+            "browser.topsites.contile.enabled" = false;
+            # Disable cache when devtools are open.
+            "devtools.cache.disabled" = true;
+            # Do not track header.
+            "privacy.donottrackheader.enabled" = true;
+            # Tell websites not to share or sell my data.
+            "privacy.globalprivacycontrol.enabled" = true;
+            # Disable "studies" (slice testing)
+            "app.shield.optoutstudies.enabled" = false;
+            # Disable attribution which is used by advertisers to track you.
+            "dom.private-attribution.submission.enabled" = false;
+            # Disable battery status, used to track users.
+            "dom.battery.enabled" = false;
+
+            # Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
+            #
+            # This breaks copying from BigQuery https://github.com/microsoft/monaco-editor/issues/1540
+            # dom.event.clipboardevents.enabled: false
+
+            # Isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.
+            "privacy.firstparty.isolate" = true;
+            # Do not preload URLs that auto-complete in the address bar.
+            "browser.urlbar.speculativeConnect.enabled" = false;
+            # Do not resist fingerprinting because that tells websites to use light mode.
+            # https://bugzilla.mozilla.org/show_bug.cgi?id=1732114
+            "privacy.resistFingerprinting" = false; # (default false)
+            # Instead, enable fingerprinting protection, which allows configuring an override.
+            "privacy.fingerprintingProtection" = true;
+            # Allow sending dark mode preference to websites.
+            # Allow sending timezone to websites.
+            "privacy.fingerprintingProtection.overrides" =
+              "+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked";
+            # Disable weather on new tab page
+            "browser.newtabpage.activity-stream.showWeather" = false;
+          };
+          # Check about:policies#documentation and https://mozilla.github.io/policy-templates/ for options.
+          policies = {
+            DisableTelemetry = true;
+            DisplayBookmarksToolbar = "newtab";
+
+            # Check about:support for extension/add-on ID strings.
+            # Valid strings for installation_mode are "allowed", "blocked",
+            # "force_installed" and "normal_installed".
+            ExtensionSettings = {
+              # "*".installation_mode = "blocked"; # blocks all addons except the ones specified below
+              "uBlock0@raymondhill.net" = {
+                install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
+                installation_mode = "force_installed";
+              };
+              "firefox@teleparty.com" = {
+                install_url = "https://addons.mozilla.org/firefox/downloads/latest/netflix-party-is-now-teleparty/latest.xpi";
+                installation_mode = "normal_installed";
+              };
+              "@ublacklist" = {
+                install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublacklist/latest.xpi";
+                installation_mode = "normal_installed";
+              };
+              "@react-devtools" = {
+                install_url = "https://addons.mozilla.org/firefox/downloads/latest/react-devtools/latest.xpi";
+                installation_mode = "normal_installed";
+              };
+            };
+          };
+        };
+
+        environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
+          hideMounts = true;
+          users.talexander = {
+            directories = [
+              {
+                directory = ".mozilla";
+                user = "talexander";
+                group = "talexander";
+                mode = "0700";
+              }
+            ];
+          };
+        };
+        environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
+          hideMounts = true;
+          users.talexander = {
+            directories = [
+              {
+                directory = ".cache/mozilla";
+                user = "talexander";
+                group = "talexander";
+                mode = "0700";
+              }
+            ];
+          };
+        };
+      })
+    ]
+  );
 }