diff --git a/nix/configuration/configuration.nix b/nix/configuration/configuration.nix index a6da52f..0411076 100644 --- a/nix/configuration/configuration.nix +++ b/nix/configuration/configuration.nix @@ -10,6 +10,7 @@ ./zfs.nix ./network.nix ./roles/graphics + ./roles/sound ./roles/sway ./roles/firefox ./roles/emacs @@ -86,6 +87,7 @@ mesa-demos # for glxgears TODO move to better role vulkan-tools # for vkcube TODO move to better role xorg.xeyes # to test which windows are using x11 TODO move to better role + ripgrep ]; services.openssh = { diff --git a/nix/configuration/roles/firefox/default.nix b/nix/configuration/roles/firefox/default.nix index e0d8c57..b7ec48b 100644 --- a/nix/configuration/roles/firefox/default.nix +++ b/nix/configuration/roles/firefox/default.nix @@ -3,8 +3,87 @@ { imports = []; - environment.systemPackages = with pkgs; [ - firefox - ]; + programs.firefox = { + enable = true; + package = (pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true;}) {}); + languagePacks = [ "en-US" ]; + preferences = { + # "identity.sync.tokenserver.uri": "https://ffsync.fizz.buzz/token/1.0/sync/1.5"; + "media.hardware-video-decoding.force-enabled" = true; + "media.ffmpeg.vaapi.enabled" = true; + "doh-rollout.doorhanger-decision" = "UIDisabled"; + "dom.security.https_only_mode" = true; + "dom.security.https_only_mode_ever_enabled" = true; + "extensions.activeThemeID" = "firefox-compact-dark@mozilla.org"; + # Disable ads + "extensions.pocket.enabled" = false; + "browser.newtabpage.activity-stream.showSponsored" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + "browser.newtabpage.activity-stream.feeds.section.topstories" = false; + "browser.newtabpage.pinned" = "[]"; + "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; + "browser.topsites.contile.enabled" = false; + # Disable cache when devtools are open. + "devtools.cache.disabled" = true; + # Do not track header. + "privacy.donottrackheader.enabled" = true; + # Tell websites not to share or sell my data. + "privacy.globalprivacycontrol.enabled" = true; + # Disable "studies" (slice testing) + "app.shield.optoutstudies.enabled" = false; + # Disable attribution which is used by advertisers to track you. + "dom.private-attribution.submission.enabled" = false; + # Disable battery status, used to track users. + "dom.battery.enabled" = false; + # Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected. + # + # This breaks copying from BigQuery https://github.com/microsoft/monaco-editor/issues/1540 + # dom.event.clipboardevents.enabled: false + + # Isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains. + "privacy.firstparty.isolate" = true; + # Do not preload URLs that auto-complete in the address bar. + "browser.urlbar.speculativeConnect.enabled" = false; + # Do not resist fingerprinting because that tells websites to use light mode. + # https://bugzilla.mozilla.org/show_bug.cgi?id=1732114 + "privacy.resistFingerprinting" = false; # (default false) + # Instead, enable fingerprinting protection, which allows configuring an override. + "privacy.fingerprintingProtection" = true; + # Allow sending dark mode preference to websites. + # Allow sending timezone to websites. + "privacy.fingerprintingProtection.overrides" = "+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked"; + # Disable weather on new tab page + "browser.newtabpage.activity-stream.showWeather" = false; + }; + # Check about:policies#documentation and https://mozilla.github.io/policy-templates/ for options. + policies = { + DisableTelemetry = true; + DisplayBookmarksToolbar = "newtab"; + + # Check about:support for extension/add-on ID strings. + # Valid strings for installation_mode are "allowed", "blocked", + # "force_installed" and "normal_installed". + ExtensionSettings = { + # "*".installation_mode = "blocked"; # blocks all addons except the ones specified below + "uBlock0@raymondhill.net" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"; + installation_mode = "force_installed"; + }; + "firefox@teleparty.com" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/netflix-party-is-now-teleparty/latest.xpi"; + installation_mode = "normal_installed"; + }; + }; + }; + }; + + environment.persistence."/persist" = { + hideMounts = true; + users.talexander = { + directories = [ + { directory = ".mozilla"; user = "talexander"; group = "talexander"; mode = "0700"; } + ]; + }; + }; } diff --git a/nix/configuration/roles/sound/default.nix b/nix/configuration/roles/sound/default.nix new file mode 100644 index 0000000..656d2fc --- /dev/null +++ b/nix/configuration/roles/sound/default.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, ... }: + +{ + imports = []; + + environment.systemPackages = with pkgs; [ + pavucontrol + ]; + + # rtkit is optional but recommended + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + }; +} diff --git a/nix/configuration/roles/sway/default.nix b/nix/configuration/roles/sway/default.nix index 4fac7e1..95cdc95 100644 --- a/nix/configuration/roles/sway/default.nix +++ b/nix/configuration/roles/sway/default.nix @@ -237,4 +237,14 @@ in ]; }; }; + + xdg = { + portal = { + enable = true; + extraPortals = with pkgs; [ + xdg-desktop-portal-wlr + xdg-desktop-portal-gtk + ]; + }; + }; }