NixOS/modules/apps/internet.nix

{
  config,
  lib,
  pkgs,
  ...
}:
let
  krisp-patcher =
    pkgs.writers.writePython3Bin "krisp-patcher"
      {
        libraries = builtins.attrValues {
          inherit (pkgs.python3Packages)
            capstone
            pyelftools
            ;
        };
        flakeIgnore = [
          "E501" # line too long (82 > 79 characters)
          "F403" # 'from module import *' used; unable to detect undefined names
          "F405" # name may be undefined, or defined from star imports: module
        ];
      }
      (
        builtins.readFile (
          pkgs.fetchurl {
            url = "https://pastebin.com/raw/8tQDsMVd";
            sha256 = "sha256-IdXv0MfRG1/1pAAwHLS2+1NESFEz2uXrbSdvU9OvdJ8=";
          }
        )
      );
in
{
  options.my.apps.internet.enable = lib.mkEnableOption "enable";
  config = lib.mkIf config.my.apps.internet.enable {
    home-manager.users.jawz.programs.librewolf = {
      enable = true;
      languagePacks = [
        "en-CA"
        "es-MX"
        "it"
      ];
      policies.DisabledFirefoxAccounts = false;
      profiles.jawz = {
        id = 0;
        name = "jawz";
        path = "jawz";
        settings = {
          # Enable custom userChrome.css (for GNOME theme)
          "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
          # Enables Firefox GNOME Theme SVG icons
          "svg.context-properties.content.enabled" = true;
          # GNOME theme refinements
          "gnomeTheme.hideSingleTab" = true;
          "gnomeTheme.bookmarksToolbarUnderTabs" = true;
          "gnomeTheme.allTabsButtonOnOverflow" = true;
          # Normal UI density
          "browser.uidensity" = 0;
          "browser.toolbars.bookmarks.visibility" = "never";
          "general.autoScroll" = true;
          # Tabs
          "browser.sessionstore.resume_from_crash" = true;
          "browser.sessionstore.max_tabs_undo" = 50;
          "browser.startup.page" = 3;
          # DRM
          "media.eme.enabled" = true;
          # Prevents private windows from using dark theme
          "browser.theme.dark-private-windows" = false;
          # Enables rounded corners on the main window
          "widget.gtk.rounded-bottom-corners.enabled" = true;
          # General privacy & fingerprinting
          "privacy.sanitize.sanitizeOnShutdown" = false;
          "privacy.clearOnShutdown_v2.browsingHistoryAndDownloads" = false;
          "privacy.resistFingerprinting" = false; # You explicitly disabled this
          "privacy.fingerprintingProtection" = true;
          "privacy.query_stripping.enabled" = true;
          "privacy.query_stripping.enabled.pbmode" = true;
          "privacy.trackingprotection.enabled" = true;
          "privacy.trackingprotection.socialtracking.enabled" = true;
          "privacy.trackingprotection.emailtracking.enabled" = true;
          "privacy.bounceTrackingProtection.mode" = 1;
          "privacy.clearSiteData.cookiesAndStorage" = false;
          "privacy.clearSiteData.historyFormDataAndDownloads" = true;
          # Do Not Track
          "privacy.donottrackheader.enabled" = true;
          # GPC (Global Privacy Control)
          "privacy.globalprivacycontrol.was_ever_enabled" = true;
          # DNS-over-HTTPS (LibreDNS with adblock)
          "network.trr.mode" = 2;
          "network.trr.uri" = "https://doh.libredns.gr/noads";
          # Prevent predictive browsing
          "network.prefetch-next" = false;
          "network.predictor.enabled" = false;
          "network.http.speculative-parallel-limit" = 0;
          # Referrer sanitization
          "network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation" = true;
          # Partitioning and isolation
          "network.cookie.cookieBehavior.optInPartitioning" = true;
          # HTTPS-only
          "dom.security.https_only_mode_ever_enabled" = true;
          # Disable captive portal checks
          "network.captive-portal-service.enabled" = false;
          "network.connectivity-service.enabled" = false;
          # Permissions tightening
          "permissions.delegation.enabled" = false;
          # Disable safe browsing remote lookups (relies on Google)
          "browser.safebrowsing.downloads.remote.enabled" = false;
          "browser.safebrowsing.downloads.remote.block_potentially_unwanted" = false;
          "browser.safebrowsing.downloads.remote.block_uncommon" = false;
          # Enable anti-cookie tracking + purge trackers
          "privacy.annotate_channels.strict_list.enabled" = true;
        };
      };
    };
    programs.geary.enable = true;
    users.users.jawz.packages = builtins.attrValues {
      inherit krisp-patcher;
      inherit (pkgs)
        thunderbird # email client
        warp # transfer files with based ppl
        brave # crypto-browser that at least somewhat integrates with gtk
        # nextcloud-client # self-hosted google-drive alternative
        fragments # beautiful torrent client
        tor-browser-bundle-bin # dark web, so dark!
        telegram-desktop # furry chat
        nicotine-plus # remember Ares?
        discord # :3
        vdhcoapp # video download helper assistant
        nextcloud-talk-desktop # nextcloud talk client
        fractal # matrix client
        ;
    };
  };
}