{ config, pkgs, ... }: { environment.systemPackages = with pkgs; [ # New system packages ]; programs.firefox = { enable = true; policies = { AppAutoUpdate = false; AllowFileSelectionDialogs = true; AutofillAddressEnabled = true; AutofillCreditCardEnabled = false; CaptivePortal = true; DisableFirefoxAccounts = true; DisableSecurityBypass = { InvalidCertificate = false; SafeBrowsing = false; }; DisableSetDesktopBackground = true; DisableTelemetry = true; ExtensionUpdate = true; FirefoxHome = { Search = true; TopSites = true; SponsoredTopSites = false; Highlights = true; Pocket = false; Stories = false; SponsoredPocket = false; SponsoredStories = false; Snippets = true; Locked = true; }; PictureInPicture = { Enabled = true; Locked = false; }; ExtensionSettings = { "nextcloud-passwords@nextcloud.com" = { installation_mode = "force_installed"; install_url = "https://addons.mozilla.org/firefox/downloads/latest/nextcloud-passwords/latest.xpi"; }; "instapaper@instapaper.com" = { installation_mode = "force_installed"; install_url = "https://addons.mozilla.org/firefox/downloads/latest/instapaper-official/latest.xpi"; }; "weh@mozilla.org" = { installation_mode = "force_installed"; install_url = "https://addons.mozilla.org/firefox/downloads/latest/video-downloadhelper/latest.xpi"; }; }; Preferences = { # Tracking Protection "browser.contentblocking.category" = "strict"; "privacy.trackingprotection.enabled" = true; "privacy.trackingprotection.socialtracking.enabled" = true; # Cookies "network.cookie.cookieBehavior" = 1; # block third-party cookies # Fingerprinting Protection "privacy.resistFingerprinting" = true; "privacy.resistFingerprinting.block_mozAddonManager" = true; # WebRTC IP Leak verhindern "media.peerconnection.enabled" = false; # Telemetrie vollständig deaktivieren "toolkit.telemetry.enabled" = false; "toolkit.telemetry.unified" = false; "toolkit.telemetry.archive.enabled" = false; "datareporting.healthreport.uploadEnabled" = false; "app.shield.optoutstudies.enabled" = false; # SafeBrowsing (lokal behalten, aber keine unnötige Kommunikation) "browser.safebrowsing.downloads.remote.enabled" = false; # HTTPS-Only Mode "dom.security.https_only_mode" = true; # DNS over HTTPS Fallback deaktivieren "network.trr.mode" = 3; "network.trr.uri" = "https://dns.quad9.net/dns-query"; # Referrer reduzieren "network.http.referer.XOriginPolicy" = 2; # Clipboard API nur bei User Interaction "dom.events.asyncClipboard.readText" = false; # WebGL einschränken "webgl.disabled" = true; }; SearchEngines = { Default = "Ecosia"; Add = [ { Name = "Ecosia"; URLTemplate = "https://www.ecosia.org/search?q={searchTerms}"; Method = "GET"; } ]; Remove = [ "Google" "Bing" "Amazon.com" "eBay" ]; }; }; }; }