{
  config,
  lib,
  pkgs,
  ...
}:

{
  imports = [ ];

  options.me = {
    firefox.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install firefox.";
    };
  };

  config = lib.mkIf config.me.firefox.enable (
    lib.mkMerge [
      (lib.mkIf config.me.graphical {
        programs.firefox = {
          enable = true;
          package = (pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true; }) { });
          languagePacks = [ "en-US" ];
          preferences = {
            # "identity.sync.tokenserver.uri": "https://ffsync.fizz.buzz/token/1.0/sync/1.5";
            "media.hardware-video-decoding.force-enabled" = true;
            "media.ffmpeg.vaapi.enabled" = true;
            "doh-rollout.doorhanger-decision" = "UIDisabled";
            "dom.security.https_only_mode" = true;
            "dom.security.https_only_mode_ever_enabled" = true;
            "extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
            # Disable ads
            "extensions.pocket.enabled" = false;
            "browser.newtabpage.activity-stream.showSponsored" = false;
            "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
            "browser.newtabpage.activity-stream.feeds.section.topstories" = false;
            "browser.newtabpage.pinned" = "[]";
            "browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
            "browser.topsites.contile.enabled" = false;
            # Disable cache when devtools are open.
            "devtools.cache.disabled" = true;
            # Do not track header.
            "privacy.donottrackheader.enabled" = true;
            # Tell websites not to share or sell my data.
            "privacy.globalprivacycontrol.enabled" = true;
            # Disable "studies" (slice testing)
            "app.shield.optoutstudies.enabled" = false;
            # Disable attribution which is used by advertisers to track you.
            "dom.private-attribution.submission.enabled" = false;
            # Disable battery status, used to track users.
            "dom.battery.enabled" = false;

            # Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
            #
            # This breaks copying from BigQuery https://github.com/microsoft/monaco-editor/issues/1540
            # dom.event.clipboardevents.enabled: false

            # Isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.
            "privacy.firstparty.isolate" = true;
            # Do not preload URLs that auto-complete in the address bar.
            "browser.urlbar.speculativeConnect.enabled" = false;
            # Do not resist fingerprinting because that tells websites to use light mode.
            # https://bugzilla.mozilla.org/show_bug.cgi?id=1732114
            "privacy.resistFingerprinting" = false; # (default false)
            # Instead, enable fingerprinting protection, which allows configuring an override.
            "privacy.fingerprintingProtection" = true;
            # Allow sending dark mode preference to websites.
            # Allow sending timezone to websites.
            "privacy.fingerprintingProtection.overrides" =
              "+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked";
            # Disable weather on new tab page
            "browser.newtabpage.activity-stream.showWeather" = false;
          };
          # Check about:policies#documentation and https://mozilla.github.io/policy-templates/ for options.
          policies = {
            DisableTelemetry = true;
            DisplayBookmarksToolbar = "newtab";

            # Check about:support for extension/add-on ID strings.
            # Valid strings for installation_mode are "allowed", "blocked",
            # "force_installed" and "normal_installed".
            ExtensionSettings = {
              # "*".installation_mode = "blocked"; # blocks all addons except the ones specified below
              "uBlock0@raymondhill.net" = {
                install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
                installation_mode = "force_installed";
              };
              "firefox@teleparty.com" = {
                install_url = "https://addons.mozilla.org/firefox/downloads/latest/netflix-party-is-now-teleparty/latest.xpi";
                installation_mode = "normal_installed";
              };
              "@ublacklist" = {
                install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublacklist/latest.xpi";
                installation_mode = "normal_installed";
              };
              "@react-devtools" = {
                install_url = "https://addons.mozilla.org/firefox/downloads/latest/react-devtools/latest.xpi";
                installation_mode = "normal_installed";
              };
            };
          };
        };

        environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
          hideMounts = true;
          users.talexander = {
            directories = [
              {
                directory = ".mozilla";
                user = "talexander";
                group = "talexander";
                mode = "0700";
              }
            ];
          };
        };
        environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
          hideMounts = true;
          users.talexander = {
            directories = [
              {
                directory = ".cache/mozilla";
                user = "talexander";
                group = "talexander";
                mode = "0700";
              }
            ];
          };
        };
      })
    ]
  );
}