From a4f41a03717b9dbea105f4741b4482cb81b7424b Mon Sep 17 00:00:00 2001
From: kenji <kenji@hakase>
Date: Wed, 24 Dec 2025 13:53:02 -0600
Subject: [PATCH] added newtabpage to config.nix

---
 apps/firefox/home.nix | 77 +++++++++++++++++++++++++++----------------
 apps/git/home.nix     |  2 +-
 config.nix            | 21 +++++++++++-
 3 files changed, 69 insertions(+), 31 deletions(-)

diff --git a/apps/firefox/home.nix b/apps/firefox/home.nix
index 1e09fef..fd52c19 100644
--- a/apps/firefox/home.nix
+++ b/apps/firefox/home.nix
@@ -1,4 +1,8 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  myConfig,
+  ...
+}: {
   programs.firefox = {
     enable = true;
     languagePacks = ["en-US"];
@@ -9,26 +13,35 @@
         isDefault = true;
         search.default = "ddg";
 
-        # FIXED: Removed .settings and .force to allow UI interaction
-        bookmarks = [
-          {
-            name = "Toolbar Bookmarks";
-            toolbar = true;
-            bookmarks = [
-              {
-                name = "Home Manager";
-                url = "https://mynixos.com/home-manager/options/programs";
-              }
-              {
-                name = "YouTube";
-                url = "https://youtube.com";
-              }
-            ];
-          }
-        ];
+        # Full declarative mode enabled.
+        # Note: Manual bookmarks added in the UI will be overwritten on next rebuild.
+        bookmarks = {
+          force = true;
+          settings = [
+            {
+              name = "Toolbar Bookmarks";
+              toolbar = true;
+              bookmarks = myConfig.firefox.bookmarks;
+            }
+          ];
+        };
 
         settings = {
+          # --- Privacy & Hardening ---
           "browser.contentblocking.category" = "strict";
+          "privacy.trackingprotection.enabled" = true;
+          "privacy.resistFingerprinting" = true; # Note: Spoofs timezone and caps FPS to 60
+          "geo.enabled" = false;
+          "media.peerconnection.enabled" = false; # Prevents WebRTC IP leaks
+          "network.dns.disablePrefetch" = true;
+          "network.prefetch-next" = false;
+
+          # --- NixOS / Hyprland Integration ---
+          "widget.use-xdg-desktop-portal.file-picker" = 1; # Use native file picker
+
+          # --- UI & Behavior ---
+          "browser.compactmode.show" = true;
+          "browser.tabs.closeWindowWithLastTab" = false;
           "extensions.pocket.enabled" = false;
           "extensions.screenshots.disabled" = true;
           "browser.topsites.contile.enabled" = false;
@@ -46,13 +59,14 @@
           "browser.newtabpage.activity-stream.showSponsored" = false;
           "browser.newtabpage.activity-stream.system.showSponsored" = false;
           "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
+
+          # --- Homepage & Navigation ---
           "browser.startup.homepage" = "https://dash.sakamoto.dev";
-          "browser.newtabpage.pinned" = [
-            {
-              title = "Dashboard";
-              url = "https://dash.sakamoto.dev";
-            }
-          ];
+          "browser.newtabpage.pinned" = myConfig.firefox.newtabpage;
+
+          # --- DNS over HTTPS (Quad9) ---
+          "network.trr.mode" = 2; # Use DoH with system fallback
+          "network.trr.uri" = "https://dns.quad9.net/dns-query";
         };
       };
     };
@@ -62,7 +76,7 @@
       DisableFirefoxStudies = true;
       EnableTrackingProtection = {
         Value = true;
-        Locked = false; # Set to false so you can still adjust via UI
+        Locked = false;
         Cryptomining = true;
         Fingerprinting = true;
       };
@@ -76,11 +90,16 @@
       DisplayBookmarksToolbar = "always";
       SearchBar = "unified";
 
-      /*
-      ---- EXTENSIONS ----
-      */
+      # Power User Messaging
+      UserMessaging = {
+        ExtensionRecommendations = false;
+        SkipOnboarding = true;
+        FeatureRecommendations = false;
+        UrlbarInterventions = false;
+        WhatsNew = false;
+      };
+
       ExtensionSettings = {
-        # Removed the "*" wildcard which was likely locking the Add-on store UI
         "uBlock0@raymondhill.net" = {
           install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
           installation_mode = "force_installed";
diff --git a/apps/git/home.nix b/apps/git/home.nix
index 70b4ac7..87bef05 100644
--- a/apps/git/home.nix
+++ b/apps/git/home.nix
@@ -1,7 +1,7 @@
 {myConfig, ...}: {
   programs.git = {
     enable = true;
-    extraConfig = {
+    settings = {
       user.name = "${myConfig.git.username}";
       user.email = "${myConfig.git.email}";
       init.defaultBranch = "${myConfig.git.defaultBranch}";
diff --git a/config.nix b/config.nix
index 40cc638..ba1c438 100644
--- a/config.nix
+++ b/config.nix
@@ -4,7 +4,7 @@
       username = "kenji";
       hostname = "hakase";
       timezone = "America/Chicago";
-      shell = "fish";
+      shell = "fish"; # FIXME: unassigned variable
     };
     git = {
       username = "kenji";
@@ -12,6 +12,7 @@
       defaultBranch = "master";
     };
     ssh = {
+      # FIXME: anonymize
       extraConfig = ''
         Host macair
           User biscuit
@@ -32,5 +33,23 @@
     hyprland = {
       monitors = ["HDMI-A-1, 1920x1080@120, auto, 1"];
     };
+    firefox = {
+      bookmarks = [
+        {
+          name = "Home Manager";
+          url = "https://mynixos.com/home-manager/options/programs";
+        }
+        {
+          name = "YouTube";
+          url = "https://youtube.com";
+        }
+      ];
+      newtabpage = [
+        {
+          title = "Dashboard";
+          url = "https://dash.sakamoto.dev";
+        }
+      ];
+    };
   };
 }