108 lines
4.3 KiB
Nix
108 lines
4.3 KiB
Nix
{
|
|
pkgs,
|
|
myConfig,
|
|
id,
|
|
name,
|
|
url,
|
|
# Add default proxy parameters (can be overridden when imported)
|
|
proxyHost ? "192.168.68.70",
|
|
proxyPort ? 8888,
|
|
...
|
|
}: {
|
|
inherit id name;
|
|
|
|
# Note: This profile relies on the global tridactylrc logic in default.nix
|
|
# to dynamically set 'newtab' via the TRIDACTYL_NEWTAB environment variable.
|
|
search.force = true;
|
|
search.default = "ddg";
|
|
extensions.force = true;
|
|
extensions.packages = with pkgs.nur.repos.rycee.firefox-addons; [
|
|
ublock-origin
|
|
bitwarden
|
|
tridactyl
|
|
new-tab-override
|
|
pywalfox
|
|
];
|
|
|
|
settings = {
|
|
# --- PROXY / VPN CONFIGURATION ---
|
|
"network.proxy.type" = 1; # 1 = Manual proxy configuration (0 = Direct, 5 = System)
|
|
|
|
# SOCKS5 Proxy Settings (Recommended for VPN tunnels)
|
|
"network.proxy.socks" = proxyHost;
|
|
"network.proxy.socks_port" = proxyPort;
|
|
"network.proxy.socks_version" = 5;
|
|
|
|
# CRITICAL: Prevent DNS leaks by forcing DNS queries through the SOCKS proxy
|
|
"network.proxy.socks_remote_dns" = true;
|
|
"network.proxy.proxy_over_tls" = true;
|
|
|
|
# Optional: If using an HTTP/HTTPS proxy instead of SOCKS5, uncomment these and comment out SOCKS above:
|
|
# "network.proxy.http" = proxyHost;
|
|
# "network.proxy.http_port" = proxyPort;
|
|
# "network.proxy.ssl" = proxyHost;
|
|
# "network.proxy.ssl_port" = proxyPort;
|
|
|
|
# Define what should NOT go through the proxy (local addresses)
|
|
"network.proxy.no_proxies_on" = "localhost, 127.0.0.1, ::1, 192.168.0.0/16, 10.0.0.0/8";
|
|
|
|
# Fail closed: Do NOT fall back to direct connection if the proxy fails
|
|
"network.proxy.failover_timeout" = 1800;
|
|
|
|
# --- New Tab Override ---
|
|
"extensions.newtaboverride@agenedia.com.url" = url;
|
|
"extensions.newtaboverride@agenedia.com.type" = 1; # URL mode
|
|
|
|
# --- Privacy & Hardening ---
|
|
"browser.contentblocking.category" = "strict";
|
|
"privacy.trackingprotection.enabled" = true;
|
|
"privacy.resistFingerprinting" = false; # Note: Spoofs timezone and caps FPS to 60
|
|
"geo.enabled" = false;
|
|
"media.peerconnection.enabled" = false; # Prevents WebRTC IP leaks (Essential for VPN use)
|
|
"network.dns.disablePrefetch" = true;
|
|
"network.prefetch-next" = false;
|
|
|
|
# --- NixOS / Hyprland Integration ---
|
|
"widget.use-xdg-desktop-portal.file-picker" = 1; # Use native file picker
|
|
|
|
# --- UI & Behavior ---
|
|
"browser.toolbars.bookmarks.visibility" = "never";
|
|
"browser.compactmode.show" = true;
|
|
"browser.tabs.closeWindowWithLastTab" = false;
|
|
"extensions.pocket.enabled" = false;
|
|
"extensions.screenshots.disabled" = true;
|
|
"browser.topsites.contile.enabled" = false;
|
|
"browser.formfill.enable" = false;
|
|
"browser.search.suggest.enabled" = false;
|
|
"browser.search.suggest.enabled.private" = false;
|
|
"browser.urlbar.suggest.searches" = false;
|
|
"browser.urlbar.showSearchSuggestionsFirst" = false;
|
|
"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
|
|
"browser.newtabpage.activity-stream.feeds.snippets" = false;
|
|
"browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
|
|
"browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false;
|
|
"browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false;
|
|
"browser.newtabpage.activity-stream.section.highlights.includeVisited" = false;
|
|
"browser.newtabpage.activity-stream.showSponsored" = false;
|
|
"browser.newtabpage.activity-stream.system.showSponsored" = false;
|
|
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
|
|
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
|
|
"extensions.autoDisableScopes" = 0; # Enable extensions by default
|
|
|
|
# --- Homepage & Navigation ---
|
|
"browser.startup.page" = 1; # Always open the homepage
|
|
"browser.startup.homepage" = url;
|
|
"browser.newtab.url" = url; # Try to set newtab to homepage
|
|
"browser.sessionstore.resume_from_crash" = false; # Always start fresh
|
|
"browser.sessionstore.max_tabs_undo" = 0; # Disable undo close tab
|
|
|
|
# --- DNS over HTTPS ---
|
|
# Note: When using SOCKS5 remote DNS, Trr (DoH) can conflict or bypass your VPN's internal DNS.
|
|
# Mode 5 disables DoH explicitly so the SOCKS proxy handles all DNS resolution cleanly.
|
|
"network.trr.mode" = 5;
|
|
};
|
|
|
|
# Optional: Keep your userChrome block here if you want the autohide UI applied to this profile too
|
|
# userChrome = '' ... '';
|
|
}
|