Files
nixos/apps/firefox/profiles/vpn-proxy.nix
T
2026-07-05 16:33:54 -05:00

108 lines
4.3 KiB
Nix

{
pkgs,
myConfig,
id,
name,
url,
# Add default proxy parameters (can be overridden when imported)
proxyHost ? "192.168.68.70",
proxyPort ? 8888,
...
}: {
inherit id name;
# Note: This profile relies on the global tridactylrc logic in default.nix
# to dynamically set 'newtab' via the TRIDACTYL_NEWTAB environment variable.
search.force = true;
search.default = "ddg";
extensions.force = true;
extensions.packages = with pkgs.nur.repos.rycee.firefox-addons; [
ublock-origin
bitwarden
tridactyl
new-tab-override
pywalfox
];
settings = {
# --- PROXY / VPN CONFIGURATION ---
"network.proxy.type" = 1; # 1 = Manual proxy configuration (0 = Direct, 5 = System)
# SOCKS5 Proxy Settings (Recommended for VPN tunnels)
"network.proxy.socks" = proxyHost;
"network.proxy.socks_port" = proxyPort;
"network.proxy.socks_version" = 5;
# CRITICAL: Prevent DNS leaks by forcing DNS queries through the SOCKS proxy
"network.proxy.socks_remote_dns" = true;
"network.proxy.proxy_over_tls" = true;
# Optional: If using an HTTP/HTTPS proxy instead of SOCKS5, uncomment these and comment out SOCKS above:
# "network.proxy.http" = proxyHost;
# "network.proxy.http_port" = proxyPort;
# "network.proxy.ssl" = proxyHost;
# "network.proxy.ssl_port" = proxyPort;
# Define what should NOT go through the proxy (local addresses)
"network.proxy.no_proxies_on" = "localhost, 127.0.0.1, ::1, 192.168.0.0/16, 10.0.0.0/8";
# Fail closed: Do NOT fall back to direct connection if the proxy fails
"network.proxy.failover_timeout" = 1800;
# --- New Tab Override ---
"extensions.newtaboverride@agenedia.com.url" = url;
"extensions.newtaboverride@agenedia.com.type" = 1; # URL mode
# --- Privacy & Hardening ---
"browser.contentblocking.category" = "strict";
"privacy.trackingprotection.enabled" = true;
"privacy.resistFingerprinting" = false; # Note: Spoofs timezone and caps FPS to 60
"geo.enabled" = false;
"media.peerconnection.enabled" = false; # Prevents WebRTC IP leaks (Essential for VPN use)
"network.dns.disablePrefetch" = true;
"network.prefetch-next" = false;
# --- NixOS / Hyprland Integration ---
"widget.use-xdg-desktop-portal.file-picker" = 1; # Use native file picker
# --- UI & Behavior ---
"browser.toolbars.bookmarks.visibility" = "never";
"browser.compactmode.show" = true;
"browser.tabs.closeWindowWithLastTab" = false;
"extensions.pocket.enabled" = false;
"extensions.screenshots.disabled" = true;
"browser.topsites.contile.enabled" = false;
"browser.formfill.enable" = false;
"browser.search.suggest.enabled" = false;
"browser.search.suggest.enabled.private" = false;
"browser.urlbar.suggest.searches" = false;
"browser.urlbar.showSearchSuggestionsFirst" = false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
"browser.newtabpage.activity-stream.feeds.snippets" = false;
"browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
"browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false;
"browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false;
"browser.newtabpage.activity-stream.section.highlights.includeVisited" = false;
"browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.system.showSponsored" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
"extensions.autoDisableScopes" = 0; # Enable extensions by default
# --- Homepage & Navigation ---
"browser.startup.page" = 1; # Always open the homepage
"browser.startup.homepage" = url;
"browser.newtab.url" = url; # Try to set newtab to homepage
"browser.sessionstore.resume_from_crash" = false; # Always start fresh
"browser.sessionstore.max_tabs_undo" = 0; # Disable undo close tab
# --- DNS over HTTPS ---
# Note: When using SOCKS5 remote DNS, Trr (DoH) can conflict or bypass your VPN's internal DNS.
# Mode 5 disables DoH explicitly so the SOCKS proxy handles all DNS resolution cleanly.
"network.trr.mode" = 5;
};
# Optional: Keep your userChrome block here if you want the autohide UI applied to this profile too
# userChrome = '' ... '';
}