nix: add nur overlay

hosts: add nur module
flake.nix: add nur
2024-01-07 17:51:31 -05:00 · 2024-01-07 17:51:23 -05:00 · 2024-01-07 17:51:00 -05:00 · 2024-01-07 17:50:45 -05:00 · 2024-01-07 17:50:34 -05:00 · 2024-01-07 17:50:16 -05:00
12 changed files with 736 additions and 204 deletions
--- a/flake.lock
+++ b/flake.lock
@ -5,11 +5,11 @@
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1703934913,
-        "narHash": "sha256-ICPSBWQBPVthW1uXxFizOfuNU3SEf+rf/tfJD89mWRk=",
+        "lastModified": 1704549352,
+        "narHash": "sha256-fUwtVfjpkEtpQE2xwCTIgtmJzJSegFvNKsoZABDMvX4=",
        "owner": "Aylur",
        "repo": "ags",
-        "rev": "6a892994287b52ee3014dedfb41cec9fb675875b",
+        "rev": "dcb24f887efc3d0dbf291c75da05b19221bfdee4",
        "type": "github"
      },
      "original": {
@ -162,11 +162,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1701473968,
-        "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=",
+        "lastModified": 1704152458,
+        "narHash": "sha256-DS+dGw7SKygIWf9w4eNBUZsK+4Ug27NwEWmn2tnbycg=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5",
+        "rev": "88a2cd8166694ba0b6cb374700799cec53aef527",
        "type": "github"
      },
      "original": {
@ -197,11 +197,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1704276313,
-        "narHash": "sha256-4eD4RaAKHLj0ztw5pQcNFs3hGpxrsYb0e9Qir+Ute+w=",
+        "lastModified": 1704498488,
+        "narHash": "sha256-yINKdShHrtjdiJhov+q0s3Y3B830ujRoSbHduUNyKag=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "4d8f90205c6c90be2e81d94d0e5eedf71c1ba34e",
+        "rev": "51e44a13acea71b36245e8bd8c7db53e0a3e61ee",
        "type": "github"
      },
      "original": {
@ -219,11 +219,11 @@
        "xdph": "xdph"
      },
      "locked": {
-        "lastModified": 1704230318,
-        "narHash": "sha256-aYjwKz4ybEEGqG45xFlnQbb0eN5GUxj9NMRcEYBPT3w=",
+        "lastModified": 1704647751,
+        "narHash": "sha256-w2Tg80tZKn9eIzcOs1SlIYvYiqb7I7t516+QMwmkzkY=",
        "owner": "hyprwm",
        "repo": "Hyprland",
-        "rev": "1512b81126dd115f089fd21244692d92034c78f8",
+        "rev": "9f2bde925bde09b4820a2cef369e9ddd930a746b",
        "type": "github"
      },
      "original": {
@ -239,11 +239,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1704241842,
-        "narHash": "sha256-PsccT6JJYCnQM8vQI9SO6ZT3oEoluT983rbcnoYTGEk=",
+        "lastModified": 1704501043,
+        "narHash": "sha256-ZjaDk2zx2210KQgzbNmx7Ang1kkxIFdfN1tWGjK/gVc=",
        "owner": "hyprwm",
        "repo": "hyprland-plugins",
-        "rev": "cf817ebadd003ad27383ef08c1c310a6bae82930",
+        "rev": "23708e7ad859d02902b58abae518abc5c11b4172",
        "type": "github"
      },
      "original": {
@ -277,6 +277,24 @@
        "type": "github"
      }
    },
+    "hyprlang": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_4"
+      },
+      "locked": {
+        "lastModified": 1704287638,
+        "narHash": "sha256-TuRXJGwtK440AXQNl5eiqmQqY4LZ/9+z/R7xC0ie3iA=",
+        "owner": "hyprwm",
+        "repo": "hyprlang",
+        "rev": "6624f2bb66d4d27975766e81f77174adbe58ec97",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hyprwm",
+        "repo": "hyprlang",
+        "type": "github"
+      }
+    },
    "nh": {
      "inputs": {
        "nixpkgs": [
@ -300,14 +318,14 @@
    "nix-gaming": {
      "inputs": {
        "flake-parts": "flake-parts_2",
-        "nixpkgs": "nixpkgs_4"
+        "nixpkgs": "nixpkgs_5"
      },
      "locked": {
-        "lastModified": 1704244428,
-        "narHash": "sha256-n3KZlxx1QS3919I1O77OhBouUeetlLpmQQcIx3dqAso=",
+        "lastModified": 1704590450,
+        "narHash": "sha256-9wUJ0irPrkukEUiqjXQev961l0sa0vgNlu9SW4GDV+E=",
        "owner": "fufexan",
        "repo": "nix-gaming",
-        "rev": "bd7442917422de061bcf61323b07abbb93bdb766",
+        "rev": "7a393401bd9212a5635e82dede0198d3e9602d41",
        "type": "github"
      },
      "original": {
@ -323,11 +341,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1703992163,
-        "narHash": "sha256-709CGmwU34dxv8DjSpRBZ+HibVJIVaFcA4JH+GFnhyM=",
+        "lastModified": 1704596958,
+        "narHash": "sha256-BK3Ohsz7m8X6qVKFxDtr8KVcHipfr5hYE9PDIJevHbQ=",
        "owner": "Mic92",
        "repo": "nix-index-database",
-        "rev": "d6510ce144f5da7dd9bac667ba3d5a4946c00d11",
+        "rev": "f46800ac5a6e9f892fe36e50821c5d85794ecc62",
        "type": "github"
      },
      "original": {
@ -355,11 +373,11 @@
    "nixpkgs-lib": {
      "locked": {
        "dir": "lib",
-        "lastModified": 1701253981,
-        "narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=",
+        "lastModified": 1703961334,
+        "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58",
+        "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
        "type": "github"
      },
      "original": {
@ -388,11 +406,11 @@
    },
    "nixpkgs-stable_2": {
      "locked": {
-        "lastModified": 1703950681,
-        "narHash": "sha256-veU5bE4eLOmi7aOzhE7LfZXcSOONRMay0BKv01WHojo=",
+        "lastModified": 1704290814,
+        "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "0aad9113182747452dbfc68b93c86e168811fa6c",
+        "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
        "type": "github"
      },
      "original": {
@ -420,11 +438,11 @@
    },
    "nixpkgs_3": {
      "locked": {
-        "lastModified": 1703438236,
-        "narHash": "sha256-aqVBq1u09yFhL7bj1/xyUeJjzr92fXVvQSSEx6AdB1M=",
+        "lastModified": 1704194953,
+        "narHash": "sha256-RtDKd8Mynhe5CFnVT8s0/0yqtWFMM9LmCzXv/YKxnq4=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "5f64a12a728902226210bf01d25ec6cbb9d9265b",
+        "rev": "bd645e8668ec6612439a9ee7e71f7eac4099d4f6",
        "type": "github"
      },
      "original": {
@ -436,11 +454,27 @@
    },
    "nixpkgs_4": {
      "locked": {
-        "lastModified": 1703499205,
-        "narHash": "sha256-lF9rK5mSUfIZJgZxC3ge40tp1gmyyOXZ+lRY3P8bfbg=",
+        "lastModified": 1702645756,
+        "narHash": "sha256-qKI6OR3TYJYQB3Q8mAZ+DG4o/BR9ptcv9UnRV2hzljc=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "40c3c94c241286dd2243ea34d3aef8a488f9e4d0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_5": {
+      "locked": {
+        "lastModified": 1704161960,
+        "narHash": "sha256-QGua89Pmq+FBAro8NriTuoO/wNaUtugt29/qqA8zeeM=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "e1fa12d4f6c6fe19ccb59cac54b5b3f25e160870",
+        "rev": "63143ac2c9186be6d9da6035fa22620018c85932",
        "type": "github"
      },
      "original": {
@ -450,13 +484,13 @@
        "type": "github"
      }
    },
-    "nixpkgs_5": {
+    "nixpkgs_6": {
      "locked": {
-        "lastModified": 1703961334,
-        "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
+        "lastModified": 1704194953,
+        "narHash": "sha256-RtDKd8Mynhe5CFnVT8s0/0yqtWFMM9LmCzXv/YKxnq4=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
+        "rev": "bd645e8668ec6612439a9ee7e71f7eac4099d4f6",
        "type": "github"
      },
      "original": {
@ -466,6 +500,21 @@
        "type": "github"
      }
    },
+    "nur": {
+      "locked": {
+        "lastModified": 1704645857,
+        "narHash": "sha256-YRFry+uleoeDKs0kr039eVCN5XSCOuUbgbyKMJRXeFY=",
+        "owner": "nix-community",
+        "repo": "NUR",
+        "rev": "e72bc8a4fff841c6a131fe40471e4ae401f31096",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "NUR",
+        "type": "github"
+      }
+    },
    "root": {
      "inputs": {
        "ags": "ags",
@ -478,7 +527,8 @@
        "nh": "nh",
        "nix-gaming": "nix-gaming",
        "nix-index-database": "nix-index-database",
-        "nixpkgs": "nixpkgs_5",
+        "nixpkgs": "nixpkgs_6",
+        "nur": "nur",
        "sops-nix": "sops-nix"
      }
    },
@ -490,11 +540,11 @@
        "nixpkgs-stable": "nixpkgs-stable_2"
      },
      "locked": {
-        "lastModified": 1703991717,
-        "narHash": "sha256-XfBg2dmDJXPQEB8EdNBnzybvnhswaiAkUeeDj7fa/hQ=",
+        "lastModified": 1704596510,
+        "narHash": "sha256-tupdwwg1WeX2hNMOQrvtyafTaTVty0QC/gQp7yaYJic=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "cfdbaf68d00bc2f9e071f17ae77be4b27ff72fa6",
+        "rev": "f5fbcc0f50e7fc60c4f806fa7a09abccf0826d8a",
        "type": "github"
      },
      "original": {
@ -576,6 +626,7 @@
          "hyprland",
          "hyprland-protocols"
        ],
+        "hyprlang": "hyprlang",
        "nixpkgs": [
          "hyprland",
          "nixpkgs"
@ -586,11 +637,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1703514399,
-        "narHash": "sha256-VRr5Xc4S/VPr/gU3fiOD3vSIL2+GJ+LUrmFTWTwnTz4=",
+        "lastModified": 1704400467,
+        "narHash": "sha256-IsEAKBCorRlN53FwFAMbyGLRsPVu/ZrWEJtCwykPds8=",
        "owner": "hyprwm",
        "repo": "xdg-desktop-portal-hyprland",
-        "rev": "0a318a7a217a6402b0b705837cd5b50b0e94b31b",
+        "rev": "1c802128f6cc3db29a8ef01552b1a22f894eeefd",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -9,6 +9,7 @@
    ags.url = "github:Aylur/ags";
    nix-gaming.url = "github:fufexan/nix-gaming";
    attic.url = "github:zhaofengli/attic";
+    nur.url = "github:nix-community/NUR";
    hyprland-plugins = {
      url = "github:hyprwm/hyprland-plugins";
      inputs.hyprland.follows = "hyprland";
--- a/home/firefox/default.nix
+++ b/home/firefox/default.nix
@ -0,0 +1,107 @@
+{pkgs, ...}: {
+  programs.firefox = {
+    enable = true;
+    policies = {
+      DisablePocket = true;
+      DisplayBookmarksToolbar = true;
+      DontCheckDefaultBrowser = true;
+      OfferToSaveLogins = false;
+      NoDefaultBookmarks = true;
+      PasswordManagerEnable = false;
+      DNSOverHTTPS = {
+        Enabled = true;
+      };
+    };
+    profiles.notohh = {
+      id = 0;
+      isDefault = true;
+      name = "notohh";
+      settings = {
+        "browser.search.separatePrivateDefault" = false;
+        "browser.search.separatePrivateDefault.ui.enabled" = true;
+        "browser.startup.homepage" = "http://dashboard.internal.flake.sh/";
+        "network.trr.mode" = 2;
+      };
+      extraConfig = builtins.readFile ./user.js/betterfox.js;
+      search = {
+        default = "SearXNG";
+        engines = {
+          "SearXNG" = {
+            urls = [
+              {
+                template = "http://100.121.201.47:8100";
+                params = [
+                  {
+                    name = "q";
+                    value = "{searchTerms}";
+                  }
+                ];
+              }
+            ];
+            definedAliases = ["@sx"];
+          };
+          "Nix Packages" = {
+            urls = [
+              {
+                template = "https://search.nixos.org/packages";
+                params = [
+                  {
+                    name = "type";
+                    value = "packages";
+                  }
+                  {
+                    name = "query";
+                    value = "{searchTerms}";
+                  }
+                ];
+              }
+            ];
+            icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+            definedAliases = ["@np"];
+          };
+          "Bing".metaData.hidden = true;
+          "Google".metaData.hidden = true;
+          "Amazon.com".metaData.hidden = true;
+          "eBay".metaData.hidden = true;
+          "DuckDuckGo".metaData.hidden = true;
+        };
+      };
+      extensions = with pkgs.nur.repos.rycee.firefox-addons; [
+        # security
+        bitwarden
+        ublock-origin
+        canvasblocker
+
+        #leisure
+        darkreader
+        mal-sync
+
+        #utility
+        new-tab-override
+        sponsorblock
+        return-youtube-dislikes
+
+        #misc
+        tokyo-night-v2
+      ];
+    };
+  };
+  xdg.mimeApps = {
+    enable = true;
+    defaultApplications = {
+      "x-scheme-handler/discord-409416265891971072" = ["discord-409416265891971072.desktop"];
+      "x-scheme-handler/discord-402572971681644545" = ["discord-402572971681644545.desktop"];
+      "x-scheme-handler/discord-696343075731144724" = ["discord-696343075731144724.desktop"];
+      "x-scheme-handler/http" = ["firefox.desktop"];
+      "x-scheme-handler/https" = ["firefox.desktop"];
+      "x-scheme-handler/chrome" = ["firefox.desktop"];
+      "text/html" = ["firefox.desktop"];
+      "application/x-extension-htm" = ["firefox.desktop"];
+      "application/x-extension-html" = ["firefox.desktop"];
+      "application/x-extension-shtml" = ["firefox.desktop"];
+      "application/xhtml+xml" = ["firefox.desktop"];
+      "application/x-extension-xhtml" = ["firefox.desktop"];
+      "application/x-extension-xht" = ["firefox.desktop"];
+    };
+  };
+}
--- a/home/firefox/user.js/betterfox.js
+++ b/home/firefox/user.js/betterfox.js
@ -0,0 +1,255 @@
+//
+/* You may copy+paste this file and use it as it is.
+ *
+ * If you make changes to your about:config while the program is running, the
+ * changes will be overwritten by the user.js when the application restarts.
+ *
+ * To make lasting changes to preferences, you will have to edit the user.js.
+ */
+
+/****************************************************************************
+ * Betterfox                                                                *
+ * "Ad meliora"                                                             *
+ * version: 119                                                             *
+ * url: https://github.com/yokoffing/Betterfox                              *
+****************************************************************************/
+
+/****************************************************************************
+ * SECTION: FASTFOX                                                         *
+****************************************************************************/
+/** GENERAL ***/
+user_pref("content.notify.interval", 100000);
+
+/** GFX ***/
+user_pref("gfx.canvas.accelerated.cache-items", 4096);
+user_pref("gfx.canvas.accelerated.cache-size", 512);
+user_pref("gfx.content.skia-font-cache-size", 20);
+
+/** DISK CACHE ***/
+user_pref("browser.cache.jsbc_compression_level", 3);
+
+/** MEDIA CACHE ***/
+user_pref("media.memory_cache_max_size", 65536);
+user_pref("media.cache_readahead_limit", 7200);
+user_pref("media.cache_resume_threshold", 3600);
+
+/** IMAGE CACHE ***/
+user_pref("image.mem.decode_bytes_at_a_time", 32768);
+
+/** NETWORK ***/
+user_pref("network.buffer.cache.size", 262144);
+user_pref("network.buffer.cache.count", 128);
+user_pref("network.http.max-connections", 1800);
+user_pref("network.http.max-persistent-connections-per-server", 10);
+user_pref("network.http.max-urgent-start-excessive-connections-per-host", 5);
+user_pref("network.http.pacing.requests.enabled", false);
+user_pref("network.dnsCacheExpiration", 3600);
+user_pref("network.dns.max_high_priority_threads", 8);
+user_pref("network.ssl_tokens_cache_capacity", 10240);
+
+/** SPECULATIVE LOADING ***/
+user_pref("network.dns.disablePrefetch", true);
+user_pref("network.prefetch-next", false);
+user_pref("network.predictor.enabled", false);
+
+/** EXPERIMENTAL ***/
+user_pref("layout.css.grid-template-masonry-value.enabled", true);
+user_pref("dom.enable_web_task_scheduling", true);
+user_pref("layout.css.has-selector.enabled", true);
+user_pref("dom.security.sanitizer.enabled", true);
+
+/****************************************************************************
+ * SECTION: SECUREFOX                                                       *
+****************************************************************************/
+/** TRACKING PROTECTION ***/
+user_pref("browser.contentblocking.category", "strict");
+user_pref("urlclassifier.trackingSkipURLs", "*.reddit.com, *.twitter.com, *.twimg.com, *.tiktok.com");
+user_pref("urlclassifier.features.socialtracking.skipURLs", "*.instagram.com, *.twitter.com, *.twimg.com");
+user_pref("network.cookie.sameSite.noneRequiresSecure", true);
+user_pref("browser.download.start_downloads_in_tmp_dir", true);
+user_pref("browser.helperApps.deleteTempFileOnExit", true);
+user_pref("browser.uitour.enabled", false);
+user_pref("privacy.globalprivacycontrol.enabled", true);
+user_pref("privacy.globalprivacycontrol.functionality.enabled", true);
+
+/** OCSP & CERTS / HPKP ***/
+user_pref("security.OCSP.enabled", 0);
+user_pref("security.remote_settings.crlite_filters.enabled", true);
+user_pref("security.pki.crlite_mode", 2);
+
+/** SSL / TLS ***/
+user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
+user_pref("browser.xul.error_pages.expert_bad_cert", true);
+user_pref("security.tls.enable_0rtt_data", false);
+
+/** DISK AVOIDANCE ***/
+user_pref("browser.privatebrowsing.forceMediaMemoryCache", true);
+user_pref("browser.sessionstore.interval", 60000);
+
+/** SHUTDOWN & SANITIZING ***/
+user_pref("privacy.history.custom", true);
+
+/** SEARCH / URL BAR ***/
+user_pref("browser.search.separatePrivateDefault.ui.enabled", true);
+user_pref("browser.urlbar.update2.engineAliasRefresh", true);
+user_pref("browser.search.suggest.enabled", false);
+user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false);
+user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false);
+user_pref("browser.formfill.enable", false);
+user_pref("security.insecure_connection_text.enabled", true);
+user_pref("security.insecure_connection_text.pbmode.enabled", true);
+user_pref("network.IDN_show_punycode", true);
+
+/** HTTPS-FIRST POLICY ***/
+user_pref("dom.security.https_first", true);
+
+/** PASSWORDS ***/
+user_pref("signon.rememberSignons", false);
+user_pref("signon.formlessCapture.enabled", false);
+user_pref("signon.privateBrowsingCapture.enabled", false);
+user_pref("network.auth.subresource-http-auth-allow", 1);
+user_pref("editor.truncate_user_pastes", false);
+
+/** ADDRESS + CREDIT CARD MANAGER ***/
+user_pref("extensions.formautofill.addresses.enabled", false);
+user_pref("extensions.formautofill.creditCards.enabled", false);
+
+/** MIXED CONTENT + CROSS-SITE ***/
+user_pref("security.mixed_content.block_display_content", true);
+user_pref("security.mixed_content.upgrade_display_content", true);
+user_pref("security.mixed_content.upgrade_display_content.image", true);
+user_pref("pdfjs.enableScripting", false);
+user_pref("extensions.postDownloadThirdPartyPrompt", false);
+
+/** HEADERS / REFERERS ***/
+user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
+
+/** CONTAINERS ***/
+user_pref("privacy.userContext.ui.enabled", true);
+
+/** WEBRTC ***/
+user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true);
+user_pref("media.peerconnection.ice.default_address_only", true);
+
+/** SAFE BROWSING ***/
+user_pref("browser.safebrowsing.downloads.remote.enabled", false);
+
+/** MOZILLA ***/
+user_pref("permissions.default.desktop-notification", 2);
+user_pref("permissions.default.geo", 2);
+user_pref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%");
+user_pref("permissions.manager.defaultsUrl", "");
+user_pref("webchannel.allowObject.urlWhitelist", "");
+
+/** TELEMETRY ***/
+user_pref("datareporting.policy.dataSubmissionEnabled", false);
+user_pref("datareporting.healthreport.uploadEnabled", false);
+user_pref("toolkit.telemetry.unified", false);
+user_pref("toolkit.telemetry.enabled", false);
+user_pref("toolkit.telemetry.server", "data:,");
+user_pref("toolkit.telemetry.archive.enabled", false);
+user_pref("toolkit.telemetry.newProfilePing.enabled", false);
+user_pref("toolkit.telemetry.shutdownPingSender.enabled", false);
+user_pref("toolkit.telemetry.updatePing.enabled", false);
+user_pref("toolkit.telemetry.bhrPing.enabled", false);
+user_pref("toolkit.telemetry.firstShutdownPing.enabled", false);
+user_pref("toolkit.telemetry.coverage.opt-out", true);
+user_pref("toolkit.coverage.opt-out", true);
+user_pref("toolkit.coverage.endpoint.base", "");
+user_pref("browser.ping-centre.telemetry", false);
+user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
+user_pref("browser.newtabpage.activity-stream.telemetry", false);
+
+/** EXPERIMENTS ***/
+user_pref("app.shield.optoutstudies.enabled", false);
+user_pref("app.normandy.enabled", false);
+user_pref("app.normandy.api_url", "");
+
+/** CRASH REPORTS ***/
+user_pref("breakpad.reportURL", "");
+user_pref("browser.tabs.crashReporting.sendReport", false);
+user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false);
+
+/** DETECTION ***/
+user_pref("captivedetect.canonicalURL", "");
+user_pref("network.captive-portal-service.enabled", false);
+user_pref("network.connectivity-service.enabled", false);
+
+/****************************************************************************
+ * SECTION: PESKYFOX                                                        *
+****************************************************************************/
+/** MOZILLA UI ***/
+user_pref("browser.privatebrowsing.vpnpromourl", "");
+user_pref("extensions.getAddons.showPane", false);
+user_pref("extensions.htmlaboutaddons.recommendations.enabled", false);
+user_pref("browser.discovery.enabled", false);
+user_pref("browser.shell.checkDefaultBrowser", false);
+user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false);
+user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false);
+user_pref("browser.preferences.moreFromMozilla", false);
+user_pref("browser.tabs.tabmanager.enabled", false);
+user_pref("browser.aboutConfig.showWarning", false);
+user_pref("browser.aboutwelcome.enabled", false);
+
+/** THEME ADJUSTMENTS ***/
+user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true);
+user_pref("browser.compactmode.show", true);
+user_pref("browser.display.focus_ring_on_anything", true);
+user_pref("browser.display.focus_ring_style", 0);
+user_pref("browser.display.focus_ring_width", 0);
+user_pref("layout.css.prefers-color-scheme.content-override", 2);
+user_pref("browser.privateWindowSeparation.enabled", false); // WINDOWS
+
+/** COOKIE BANNER HANDLING ***/
+user_pref("cookiebanners.service.mode", 1);
+user_pref("cookiebanners.service.mode.privateBrowsing", 1);
+user_pref("cookiebanners.service.enableGlobalRules", true);
+
+/** FULLSCREEN NOTICE ***/
+user_pref("full-screen-api.transition-duration.enter", "0 0");
+user_pref("full-screen-api.transition-duration.leave", "0 0");
+user_pref("full-screen-api.warning.delay", -1);
+user_pref("full-screen-api.warning.timeout", 0);
+
+/** URL BAR ***/
+user_pref("browser.urlbar.suggest.calculator", true);
+user_pref("browser.urlbar.unitConversion.enabled", true);
+user_pref("browser.urlbar.trending.featureGate", false);
+
+/** NEW TAB PAGE ***/
+user_pref("browser.newtabpage.activity-stream.feeds.topsites", false);
+user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
+
+/*** POCKET ***/
+user_pref("extensions.pocket.enabled", false);
+
+/** DOWNLOADS ***/
+user_pref("browser.download.useDownloadDir", false);
+user_pref("browser.download.always_ask_before_handling_new_types", true);
+user_pref("browser.download.manager.addToRecentDocs", false);
+
+/** PDF ***/
+user_pref("browser.download.open_pdf_attachments_inline", true);
+
+/** TAB BEHAVIOR ***/
+user_pref("browser.bookmarks.openInTabClosesMenu", false);
+user_pref("browser.menu.showViewImageInfo", true);
+user_pref("findbar.highlightAll", true);
+user_pref("layout.word_select.eat_space_to_next_word", false);
+
+/****************************************************************************
+ * START: MY OVERRIDES                                                      *
+****************************************************************************/
+// visit https://github.com/yokoffing/Betterfox/wiki/Common-Overrides
+// visit https://github.com/yokoffing/Betterfox/wiki/Optional-Hardening
+// Enter your personal overrides below this line:
+
+/****************************************************************************
+ * SECTION: SMOOTHFOX                                                       *
+****************************************************************************/
+// visit https://github.com/yokoffing/Betterfox/blob/main/Smoothfox.js
+// Enter your scrolling overrides below this line:
+
+/****************************************************************************
+ * END: BETTERFOX                                                           *
+****************************************************************************/
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -7,6 +7,7 @@ inputs: let
  anyrunModule = inputs.anyrun.homeManagerModules.default;
  agsModule = inputs.ags.homeManagerModules.default;
  atticModule = inputs.attic.nixosModules.atticd;
+  nurModule = inputs.nur.nixosModules.nur;
  inherit (inputs.nixpkgs.lib) nixosSystem;
 in {
  tsuki = nixosSystem {
@ -17,6 +18,7 @@ in {
      sopsModule
      hmModule
      atticModule
+      nurModule
      {
        home-manager = {
          useGlobalPkgs = true;
--- a/hosts/haru/services/adguardhome/adguardhome.nix
+++ b/hosts/haru/services/adguardhome/adguardhome.nix
@ -0,0 +1,27 @@
+_: {
+  imports = [
+    ./filters.nix
+    ./rewrites.nix
+  ];
+  networking.firewall.allowedTCPPorts = [53 443 80 3000];
+  networking.firewall.allowedUDPPorts = [53];
+  services.adguardhome = {
+    enable = true;
+    openFirewall = true;
+    mutableSettings = true;
+    settings = {
+      bind_port = 3000;
+      bind_host = "0.0.0.0";
+      statistics = {
+        enabled = true;
+        ignored = [
+          "youporn.com"
+          "pornhub.com"
+          "xvideos.com"
+          "onlyfans.com"
+          "fansly.com"
+        ];
+      };
+    };
+  };
+}
--- a/hosts/haru/services/adguardhome/filters.nix
+++ b/hosts/haru/services/adguardhome/filters.nix
@ -0,0 +1,170 @@
+_: {
+  services.adguardhome.settings = {
+    filters = [
+      {
+        name = "blocklistproject";
+        enabled = true;
+        url = "https://blocklistproject.github.io/Lists/ads.txt";
+        id = 1;
+      }
+      {
+        name = "StevenBlack";
+        enabled = true;
+        url = "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts";
+        id = 2;
+      }
+      {
+        name = "adaway";
+        enabled = true;
+        url = "https://adaway.org/hosts.txt";
+        id = 3;
+      }
+      {
+        name = "v.fire.blog";
+        enabled = true;
+        url = "https://v.firebog.net/hosts/AdguardDNS.txt";
+        id = 4;
+      }
+      {
+        name = "v.fire.blog";
+        enabled = true;
+        url = "https://v.firebog.net/hosts/Admiral.txt";
+        id = 5;
+      }
+      {
+        name = "anudeepND";
+        enabled = true;
+        url = "https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt";
+        id = 6;
+      }
+      {
+        name = "simple_ad";
+        enabled = true;
+        url = "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt";
+        id = 7;
+      }
+      {
+        name = "v.fire.blog";
+        enabled = true;
+        url = "https://v.firebog.net/hosts/Easylist.txt";
+        id = 8;
+      }
+      {
+        name = "pgl.yoyo.org";
+        enabled = true;
+        url = "https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext";
+        id = 9;
+      }
+      {
+        name = "UncheckyAds";
+        enabled = true;
+        url = "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts";
+        id = 10;
+      }
+      {
+        name = "bigdargon";
+        enabled = true;
+        url = "https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts";
+        id = 11;
+      }
+      {
+        name = "v.fire.blog";
+        enabled = true;
+        url = "https://v.firebog.net/hosts/Easyprivacy.txt";
+        id = 12;
+      }
+      {
+        name = "v.fire.blog";
+        enabled = true;
+        url = "https://v.firebog.net/hosts/Prigent-Ads.txt";
+        id = 13;
+      }
+      {
+        name = "FadeMind";
+        enabled = true;
+        url = "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts";
+        id = 14;
+      }
+      {
+        name = "crazy-max";
+        enabled = true;
+        url = "https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt";
+        id = 15;
+      }
+      {
+        name = "hostfiles.frogeye.fr";
+        enabled = true;
+        url = "https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt";
+        id = 16;
+      }
+      {
+        name = "DandelionSprout";
+        enabled = true;
+        url = "https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt";
+        id = 17;
+      }
+      {
+        name = "osint.digitalside.it";
+        enabled = true;
+        url = "https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt";
+        id = 18;
+      }
+      {
+        name = "simple_malvertising";
+        enabled = true;
+        url = "https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt";
+        id = 19;
+      }
+      {
+        name = "v.fire.blog";
+        enabled = true;
+        url = "https://v.firebog.net/hosts/Prigent-Crypto.txt";
+        id = 20;
+      }
+      {
+        name = "FadeMind";
+        enabled = true;
+        url = "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts";
+        id = 21;
+      }
+      {
+        name = "v.fire.blog";
+        enabled = true;
+        url = "https://v.firebog.net/hosts/RPiList-Phishing.txt";
+        id = 22;
+      }
+      {
+        name = "v.fire.blog";
+        enabled = true;
+        url = "https://v.firebog.net/hosts/RPiList-Malware.txt";
+        id = 23;
+      }
+      {
+        name = "zerodot1.gitlab.io";
+        enabled = true;
+        url = "https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser";
+        id = 24;
+      }
+      {
+        name = "StevenBlack";
+        enabled = true;
+        url = "https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-only/hosts";
+        id = 25;
+      }
+    ];
+    whitelist_filters = [
+      {
+        name = "whitelist";
+        enabled = true;
+        url = "https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt";
+        id = 1;
+      }
+      {
+        name = "whitelist - optionals";
+        enabled = true;
+        url = "https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/optional-list.txt";
+        id = 1;
+      }
+    ];
+  };
+}
--- a/hosts/haru/services/adguardhome/rewrites.nix
+++ b/hosts/haru/services/adguardhome/rewrites.nix
@ -0,0 +1,74 @@
+_: {
+  services.adguardhome.settings = {
+    dns.rewrites = [
+      {
+        domain = "adguardhome.internal.flake.sh";
+        answer = "192.168.1.103";
+      }
+      {
+        domain = "dashboard.internal.flake.sh";
+        answer = "192.168.1.98";
+      }
+      {
+        domain = "truenas.internal.flake.sh";
+        answer = "192.168.1.199";
+      }
+      {
+        domain = "assistant.internal.flake.sh";
+        answer = "192.168.1.189";
+      }
+      {
+        domain = "udm.internal.flake.s";
+        answer = "192.168.1.1";
+      }
+      {
+        domain = "pve.internal.flake.sh";
+        answer = "192.168.1.37";
+      }
+      {
+        domain = "pbs.internal.flake.sh";
+        answer = "192.168.1.38";
+      }
+      {
+        domain = "jellyfin.internal.flake.sh";
+        answer = "192.168.1.98";
+      }
+      {
+        domain = "jellyseerr.internal.flake.sh";
+        answer = "192.168.1.98";
+      }
+      {
+        domain = "sonarr.internal.flake.sh";
+        answer = "192.168.1.54";
+      }
+      {
+        domain = "radarr.internal.flake.sh";
+        answer = "192.168.1.54";
+      }
+      {
+        domain = "whisparr.internal.flake.sh";
+        answer = "192.168.1.54";
+      }
+      {
+        domain = "prowlarr.internal.flake.sh";
+        answer = "192.168.1.54";
+      }
+      {
+        domain = "stash.internal.flake.sh";
+        answer = "192.168.1.98";
+      }
+      {
+        domain = "nextcloud.internal.flake.sh";
+        answer = "192.168.1.199";
+      }
+      {
+        domain = "wallos.internal.flake.sh";
+        answer = "192.168.1.98";
+      }
+      {
+        domain = "synology.internal.flake.sh";
+        answer = "192.168.1.71";
+      }
+    ];
+  };
+}
--- a/hosts/haru/services/blocky.nix
+++ b/hosts/haru/services/blocky.nix
@ -1,138 +0,0 @@
-{pkgs, ...}: {
-  networking.firewall.allowedTCPPorts = [53 4000];
-  networking.firewall.allowedUDPPorts = [53];
-
-  environment.systemPackages = [pkgs.blocky];
-
-  services.blocky = {
-    enable = true;
-    settings = {
-      connectIPVersion = "v4";
-      upstreamTimeout = "30s";
-      startVerifyUpstream = false;
-      minTlsServeVersion = "1.2";
-      log = {
-        level = "debug";
-        privacy = true;
-      };
-      ports = {
-        dns = 53;
-        http = 4000;
-        https = 443;
-      };
-      upstream.default = [
-        "1.1.1.1"
-        "1.0.0.1"
-        "9.9.9.9"
-        "https://1.1.1.1/dns-query"
-        "https://dns.quad9.net/dns-query"
-        "https://dns-unfiltered.adguard.com/dns-query"
-      ];
-      blocking = {
-        loading = {
-          strategy = "fast";
-          concurrency = 8;
-        };
-        blackLists = {
-          ads = [
-            "https://blocklistproject.github.io/Lists/ads.txt"
-            "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
-            "https://adaway.org/hosts.txt"
-            "https://v.firebog.net/hosts/AdguardDNS.txt"
-            "https://v.firebog.net/hosts/Admiral.txt"
-            "https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt"
-            "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
-            "https://v.firebog.net/hosts/Easylist.txt"
-            "https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext"
-            "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts"
-            "https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts"
-          ];
-          tracking = [
-            "https://v.firebog.net/hosts/Easyprivacy.txt"
-            "https://v.firebog.net/hosts/Prigent-Ads.txt"
-            "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts"
-            "https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt"
-            "https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt"
-          ];
-          malicious = [
-            "https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt"
-            "https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt"
-            "https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt"
-            "https://v.firebog.net/hosts/Prigent-Crypto.txt"
-            "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts"
-            "https://v.firebog.net/hosts/RPiList-Phishing.txt"
-            "https://v.firebog.net/hosts/RPiList-Malware.txt"
-          ];
-          misc = [
-            "https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser"
-            "https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-only/hosts"
-          ];
-        };
-        whiteLists = {
-          default = [
-            "https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt"
-            "https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/optional-list.txt"
-          ];
-        };
-        clientGroupsBlock = {
-          default = [
-            "ads"
-            "tracking"
-            "malicious"
-            "misc"
-          ];
-        };
-      };
-      customDNS = {
-        customTTL = "1h";
-        mapping = {
-          # infra
-
-          "truenas.internal.flake.sh" = "192.168.1.199";
-          "assistant.internal.flake.sh" = "192.168.1.189";
-          "dashboard.internal.flake.sh" = "192.168.1.98";
-          "udm.internal.flake.sh" = "192.168.1.1";
-          "pve.internal.flake.sh" = "192.168.1.37";
-          "pbs.internal.flake.sh" = "192.168.1.38";
-
-          # media
-
-          "jellyfin.internal.flake.sh" = "192.168.1.98";
-          "jellyseerr.internal.flake.sh" = "192.168.1.98";
-          "sonarr.internal.flake.sh" = "192.168.1.54";
-          "radarr.internal.flake.sh" = "192.168.1.54";
-          "readarr.internal.flake.sh" = "192.168.1.54";
-          "whisparr.internal.flake.sh" = "192.168.1.54";
-          "prowlarr.internal.flake.sh" = "192.168.1.54";
-          "stash.internal.flake.sh" = "192.168.1.98";
-          "nextcloud.internal.flake.sh" = "192.168.1.199";
-
-          # misc
-
-          "wallos.internal.flake.sh" = "192.168.1.98";
-          "synology.internal.flake.sh" = "192.168.1.71";
-        };
-      };
-      redis = {
-        address = "100.94.214.100:6381";
-        password = "blocky";
-        database = 2;
-        required = false;
-        connectionAttempts = 10;
-        connectionCooldown = "5s";
-      };
-      caching = {
-        minTime = "2h";
-        maxTime = "12h";
-        maxItemsCount = 0;
-        prefetching = true;
-        prefetchExpires = "2h";
-        prefetchThreshold = 5;
-      };
-      prometheus = {
-        enable = true;
-        path = "/metrics";
-      };
-    };
-  };
-}
--- a/hosts/haru/services/default.nix
+++ b/hosts/haru/services/default.nix
@ -1,5 +1,5 @@
 _: {
  imports = [
-    ./blocky.nix
+    ./adguardhome/adguardhome.nix
  ];
 }
--- a/hosts/tsuki/home.nix
+++ b/hosts/tsuki/home.nix
@ -5,6 +5,7 @@
 }: {
  imports = [
    ../../home
+    ../../home/firefox
    ../../home/ags
    ../../home/anyrun
    ../../home/cava
@ -25,7 +26,6 @@
    username = "notoh";
    homeDirectory = "/home/notoh";
    packages = with pkgs; [
-      floorp
      chromium
      discord
      cinny-desktop
@ -127,23 +127,4 @@
        IdentityFile ~/.ssh/notohh-git
    '';
  };
-
-  xdg.mimeApps = {
-    enable = true;
-    defaultApplications = {
-      "x-scheme-handler/discord-409416265891971072" = ["discord-409416265891971072.desktop"];
-      "x-scheme-handler/discord-402572971681644545" = ["discord-402572971681644545.desktop"];
-      "x-scheme-handler/discord-696343075731144724" = ["discord-696343075731144724.desktop"];
-      "x-scheme-handler/http" = ["floorp.desktop"];
-      "x-scheme-handler/https" = ["floorp.desktop"];
-      "x-scheme-handler/chrome" = ["floorp.desktop"];
-      "text/html" = ["floorp.desktop"];
-      "application/x-extension-htm" = ["floorp.desktop"];
-      "application/x-extension-html" = ["floorp.desktop"];
-      "application/x-extension-shtml" = ["floorp.desktop"];
-      "application/xhtml+xml" = ["floorp.desktop"];
-      "application/x-extension-xhtml" = ["floorp.desktop"];
-      "application/x-extension-xht" = ["floorp.desktop"];
-    };
-  };
 }
--- a/modules/nix.nix
+++ b/modules/nix.nix
@ -1,9 +1,11 @@
 {
  lib,
  pkgs,
+  inputs,
  ...
 }: {
  nixpkgs = {
+    overlays = [inputs.nur.overlay];
    config = {
      allowUnfree = true;
      permittedInsecurePackages = lib.optional (pkgs.obsidian.version == "1.5.3") "electron-25.9.0";
Author	SHA1	Message	Date
notohh	08e84f0138	nix: add nur overlay Some checks are pending fmt check / check (push) Waiting to run flake check / check (push) Successful in 4m6s deploy systems / deploy (push) Successful in 36m16s	2024-01-07 17:51:31 -05:00
notohh	9e54caa429	hosts: add nur module	2024-01-07 17:51:23 -05:00
notohh	5bf057ea9c	flake.nix: add nur	2024-01-07 17:51:00 -05:00
notohh	084550f934	tsuki: use firefox	2024-01-07 17:50:45 -05:00
notohh	5b880684d9	haru: switch to adguard	2024-01-07 17:50:34 -05:00
notohh	0e68e5ac9c	home: init firefox	2024-01-07 17:50:16 -05:00