From 811eeb98bed7a6945ba9bb31f812dcf37204d24e Mon Sep 17 00:00:00 2001 From: Ryan Reed Date: Fri, 7 Jul 2023 23:39:07 -0400 Subject: [PATCH] Replacing custom user.js with Arkenfox user.js and user-overrides.js --- .chezmoiexternal.toml | 4 + .../run_after_update-arkenfox-profile.sh.tmpl | 8 + README.md | 24 +- .../user-overrides.js.tmpl | 131 +++++++++ .../user.js.tmpl | 272 ------------------ 5 files changed, 148 insertions(+), 291 deletions(-) create mode 100644 .chezmoiscripts/run_after_update-arkenfox-profile.sh.tmpl create mode 100644 private_dot_mozilla/private_firefox/private_personal-profile.default/user-overrides.js.tmpl delete mode 100644 private_dot_mozilla/private_firefox/private_personal-profile.default/user.js.tmpl diff --git a/.chezmoiexternal.toml b/.chezmoiexternal.toml index c959525..4165769 100644 --- a/.chezmoiexternal.toml +++ b/.chezmoiexternal.toml @@ -3,3 +3,7 @@ url = "https://github.com/tmux-plugins/tpm/archive/master.tar.gz" exact = true stripComponents = 1 +[".mozilla/firefox/personal-profile.default/updater.sh"] + type = "file" + url = "https://raw.githubusercontent.com/arkenfox/user.js/master/updater.sh" + refreshPeriod = "168h" # Weekly diff --git a/.chezmoiscripts/run_after_update-arkenfox-profile.sh.tmpl b/.chezmoiscripts/run_after_update-arkenfox-profile.sh.tmpl new file mode 100644 index 0000000..e51b111 --- /dev/null +++ b/.chezmoiscripts/run_after_update-arkenfox-profile.sh.tmpl @@ -0,0 +1,8 @@ +{{ if (and (eq .chezmoi.os "linux") (hasKey . "firefox")) -}} +#!/usr/bin/env bash + +rsync -a {{ .chezmoi.homeDir }}/.mozilla/firefox/personal-profile.default/* {{ .chezmoi.homeDir }}/.mozilla/firefox/{{ .firefox.profile_name }}/. + +cd {{ .chezmoi.homeDir }}/.mozilla/firefox/personal-profile.default +/usr/bin/env bash updater.sh -p {{ .chezmoi.homeDir }}/.mozilla/firefox/{{ .firefox.profile_name }}/ -o {{ .chezmoi.homeDir }}/.mozilla/firefox/personal-profile.default/user-overrides.js -d -s +{{ end -}} diff --git a/README.md b/README.md index 6f62e79..475ca6f 100644 --- a/README.md +++ b/README.md @@ -73,7 +73,7 @@ See the configuration file for enabling | Application | Min Version | Notes | | ----------- | ----------- | ----- | -| Firefox | ??? | Configures more secure and private `profile.js` settings | +| Firefox | ??? | Configures the `user-overrides.js` for use within [Arkenfox's user.js](https://github.com/arkenfox/user.js) profile (Does NOT download the arkenfox profile. Must be done manually via the updater/installer | # Chezmoi Configuration File (Optional) @@ -87,6 +87,7 @@ Create the chezmoi configuration at `~/.config/chezmoi/chezmoi.toml`: [data.firefox] enabled = true bookmarks = "/home/user/bookmarks.html" + profile_name = "a5bcdefg.default-release" [data.fonts] enabled = true @@ -113,26 +114,11 @@ chezmoi apply -v -n # Remove -n to actually apply ## Mozilla Firefox -I utilize various [user.js](private_dot_mozilla/private_firefox/private_personal-profile.default/user.js.tmpl) and [userChrome.css](private_dot_mozilla/private_firefox/private_personal-profile.default/chrome/userChrome.css) tweaks. These are setup within `~/.mozilla/firefox/personal-profile.default/`. +I utilize various [user-overrides.js](private_dot_mozilla/private_firefox/private_personal-profile.default/user-overrides.js.tmpl) and [userChrome.css](private_dot_mozilla/private_firefox/private_personal-profile.default/chrome/userChrome.css) tweaks. -Because of how firefox creates profile directories with randomish names, the best method is to: +A script is run on chezmoi apply, `.chezmoiscripts/run_after_sync-firefox-profile.sh.tmpl`, which rsyncs `~/.mozilla/firefox/personal-profile.default/` to the profile configured within `~/.mozilla/firefox//` (`firefox.profile_name` in `chezmoi.toml`) -1. **Make Sure Firefox is Closed** -2. Rename your current profile to `personal-profile.default` -3. Symlink `personal-profile.default` to your original directory's name - -For example: - -``` -mv ~/.mozilla/firefox/yyaabb123.default ~/.mozilla/firefox/personal-profile.default -ln -s ~/.mozilla/firefox/personal-profile.default ~/.mozilla/firefox/yyaabb123.default -``` - -Renaming the profile (`firefox -p`), renaming the directory, and modifying `profiles.ini` isn't enough either. You would need to check the profile directory for any files where the path is hardcoded. - -Unfortunately, it can't be automated with Chezmoi. Chezmoi can NOT add files to the symlink directory. It will delete the symlink and create just the directory needed. - -The above implementation seems to get around these issues. +This allows for the use of [Arkenfox's user.js](https://github.com/arkenfox/user.js) along with the overrides. This does NOT run the Arkenfox `updater.sh` script so this still needs to be done. Will look into in the future. ## Tmux diff --git a/private_dot_mozilla/private_firefox/private_personal-profile.default/user-overrides.js.tmpl b/private_dot_mozilla/private_firefox/private_personal-profile.default/user-overrides.js.tmpl new file mode 100644 index 0000000..be9b14c --- /dev/null +++ b/private_dot_mozilla/private_firefox/private_personal-profile.default/user-overrides.js.tmpl @@ -0,0 +1,131 @@ +/* + * name: Personal Arkenfox User.js Overrides + * date: 07 Jul 2023 + * modified: 07 Jul 2023 + */ + +/*** [SECTION 0000]: CUSTOM UNDEFINED SETTINGS ***/ + +/* Allow for loading of userChrome.css and userContent.css */ +user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); + +/* Fill SVG Color */ +user_pref("svg.context-properties.content.enabled", true); + +/* CSS Blur Filter - 88 Above */ +user_pref("layout.css.backdrop-filter.enabled", true); + +/* Restore Compact Mode - 89 Above */ +user_pref("browser.compactmode.show", true); + +/* Enable closetab to always be displayed */ +user_pref("browser.tabs.tabMinWidth", 0); +user_pref("browser.tabs.tabClipWidth", 0); + +// PREF: Don't trim HTTP off of URLs in the address bar. +user_pref("browser.urlbar.trimURLs", false); + +// PREF: Disable Pocket +user_pref("browser.pocket.enabled", false); +user_pref("extensions.pocket.enabled", false); + + +{{ if (hasKey . "firefox") }} +/* Chezmoi defined configs */ + +{{ if (hasKey .firefox "bookmarks") }} +/* PREF: Export bookmarks to HTML automatically when closing Firefox (disabled) */ +user_pref("browser.bookmarks.autoExportHTML", true); +user_pref("browser.bookmarks.file", {{ .firefox.bookmarks | quote }}); +user_pref("browser.bookmarks.max_backups", 5); +{{- end }} + +{{- end }} + + +/*** [SECTION 0100]: STARTUP ***/ + +/* 0102: set startup page [SETUP-CHROME] + * 0=blank, 1=home, 2=last visited page, 3=resume previous sessio + * [SETTING] Home>New Windows and Tabs>Homepage and new windows ***/ +user_pref("browser.startup.page", 3); + +/* 0103: set HOME+NEWWINDOW page + * about:home=Firefox Home (default, see 0105), custom URL, about:blank + * [SETTING] Home>New Windows and Tabs>Homepage and new windows ***/ +user_pref("browser.startup.homepage", "about:home"); + +/* 0104: set NEWTAB page + * true=Firefox Home (default, see 0105), false=blank page + * [SETTING] Home>New Windows and Tabs>New tabs ***/ +user_pref("browser.newtabpage.enabled", true); + + +/*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/ + +/* 0801: disable location bar using search + * Don't leak URL typos to a search engine, give an error message instead + * Examples: "secretplace,com", "secretplace/com", "secretplace com", "secret place.com" + * [NOTE] This does not affect explicit user action such as using search buttons in the + * dropdown, or using keyword search shortcuts you configure in options (e.g. "d" for DuckDuckGo) + * [SETUP-CHROME] Override this if you trust and use a privacy respecting search engine ***/ +user_pref("keyword.enabled", true); + + +/*** [SECTION 1000]: DISK AVOIDANCE ***/ + +/* 1006: disable favicons in shortcuts + * URL shortcuts use a cached randomly named .ico file which is stored in your + * profile/shortcutCache directory. The .ico remains after the shortcut is deleted + * If set to false then the shortcuts use a generic Firefox icon ***/ +user_pref("browser.shell.shortcutFavicons", true); + + +/*** [SECTION 1600]: HEADERS / REFERERS + full URI: https://example.com:8888/foo/bar.html?id=1234 + scheme+host+port+path: https://example.com:8888/foo/bar.html + scheme+host+port: https://example.com:8888 + [1] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ +***/ + +/* 1601: control when to send a cross-origin referer + * 0=always (default), 1=only if base domains match, 2=only if hosts match + * [SETUP-WEB] Breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram + * If "2" is too strict, then override to "0" and use Smart Referer extension (Strict mode + add exceptions) ***/ +user_pref("network.http.referer.XOriginPolicy", 0); + + +/*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/ + +/** SANITIZE ON SHUTDOWN: IGNORES "ALLOW" SITE EXCEPTIONS ***/ +/* 2811: set/enforce what items to clear on shutdown (if 2810 is true) [SETUP-CHROME] + * [NOTE] If "history" is true, downloads will also be cleared + * [NOTE] "sessions": Active Logins: refers to HTTP Basic Authentication [1], not logins via cookies + * [1] https://en.wikipedia.org/wiki/Basic_access_authentication ***/ +user_pref("privacy.clearOnShutdown.cache", false); // [DEFAULT: true] +user_pref("privacy.clearOnShutdown.history", false); // [DEFAULT: true] +user_pref("privacy.clearOnShutdown.sessions", false); // [DEFAULT: true] + + +/** SANITIZE ON SHUTDOWN: RESPECTS "ALLOW" SITE EXCEPTIONS FF103+ ***/ +/* 2815: set "Cookies" and "Site Data" to clear on shutdown (if 2810 is true) [SETUP-CHROME] + * [NOTE] Exceptions: A "cookie" block permission also controls "offlineApps" (see note below). + * serviceWorkers require an "Allow" permission. For cross-domain logins, add exceptions for + * both sites e.g. https://www.youtube.com (site) + https://accounts.google.com (single sign on) + * [NOTE] "offlineApps": Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache) + * [WARNING] Be selective with what sites you "Allow", as they also disable partitioning (1767271) + * [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow (when on the website in question) + * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/ +user_pref("privacy.clearOnShutdown.cookies", false); // Cookies + +/** SANITIZE MANUAL: IGNORES "ALLOW" SITE EXCEPTIONS ***/ +/* 2820: reset default items to clear with Ctrl-Shift-Del [SETUP-CHROME] + * This dialog can also be accessed from the menu History>Clear Recent History + * Firefox remembers your last choices. This will reset them when you start Firefox + * [NOTE] Regardless of what you set "downloads" to, as soon as the dialog + * for "Clear Recent History" is opened, it is synced to the same as "history" ***/ +// user_pref("privacy.cpd.cache", false); // [DEFAULT: true] +// user_pref("privacy.cpd.history", false); // [DEFAULT: true] +// user_pref("privacy.cpd.sessions", false); // [DEFAULT: true] +// user_pref("privacy.cpd.cookies", false); + diff --git a/private_dot_mozilla/private_firefox/private_personal-profile.default/user.js.tmpl b/private_dot_mozilla/private_firefox/private_personal-profile.default/user.js.tmpl deleted file mode 100644 index 34c5789..0000000 --- a/private_dot_mozilla/private_firefox/private_personal-profile.default/user.js.tmpl +++ /dev/null @@ -1,272 +0,0 @@ -/* - My custom defined user.js browser settings for Firefox - - ln -s ~/data/configs/browser.configs/user.js ~/.mozilla/firefox//user.js - - Many of the following are taken from various user.js hardening profiles. - Primarily https://github.com/pyllyukko/user.js/blob/master/user.js -*/ - -/******************************************************************************* - * SECTION: History Related * - *******************************************************************************/ -// PREF: Clear various settings when Firefox closes -// user_pref("privacy.clearOnShutdown.cookies", true); -user_pref("privacy.clearOnShutdown.downloads", true); -user_pref("privacy.clearOnShutdown.formdata", true); -user_pref("privacy.clearOnShutdown.offlineApps", true); -user_pref("privacy.sanitize.sanitizeOnShutdown", true); -// user_pref("privacy.clearOnShutdown.cache", true); -// user_pref("privacy.clearOnShutdown.history", true); -// user_pref("privacy.clearOnShutdown.sessions", true); -// user_pref("privacy.clearOnShutdown.openWindows", true); - -// PREF: Clear everything but "Site Preferences" in "Clear Recent History" -user_pref("privacy.cpd.offlineApps", true); -// user_pref("privacy.cpd.cache", true); -// user_pref("privacy.cpd.cookies", true); -user_pref("privacy.cpd.downloads", true); -user_pref("privacy.cpd.formdata", true); -// user_pref("privacy.cpd.history", true); -// user_pref("privacy.cpd.sessions", true); - -// PREF: Set time range to "Everything" as default in "Clear Recent History" -user_pref("privacy.sanitize.timeSpan", 0); - -// PREF: Disable password manager (use an external password manager!) -user_pref("signon.rememberSignons", false); - -// PREF: Require manual intervention to autofill known username/passwords sign-in forms -user_pref("signon.autofillForms", false); - - - -/******************************************************************************* - * SECTION: UI/Theme related * - *******************************************************************************/ -// Allow for loading of userChrome.css and userContent.css -user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); - -// Fill SVG Color -user_pref("svg.context-properties.content.enabled", true); - -// CSS Blur Filter - 88 Above -user_pref("layout.css.backdrop-filter.enabled", true); - -// Restore Compact Mode - 89 Above -user_pref("browser.compactmode.show", true); - -// Enable closetab to always be displayed -user_pref("browser.tabs.tabMinWidth", 0); -user_pref("browser.tabs.tabClipWidth", 0); - - - -/******************************************************************************* - * SECTION: Omni-Bar Related * - *******************************************************************************/ -// PREF: Don't trim HTTP off of URLs in the address bar. -user_pref("browser.urlbar.trimURLs", false); - -// PREF: Do not submit invalid URIs entered in the address bar to the default search engine -// This breaks searching in the omnibar without a shortcut -// user_pref("keyword.enabled", false); - -// PREF: Don't try to guess domain names when entering an invalid domain name in URL bar -user_pref("browser.fixup.alternate.enabled", false); - -// PREF: When browser.fixup.alternate.enabled is enabled, strip password from 'user:password@...' URLs -user_pref("browser.fixup.hide_user_pass", true); - -// PREF: Disable Displaying Javascript in History URLs -user_pref("browser.urlbar.filter.javascript", true); - -// PREF: Disable "Provide search suggestions" in the omni bar (not history suggestions) -user_pref("browser.search.suggest.enabled", false); - -// PREF: Disable "Show search suggestions in location bar results" -user_pref("browser.urlbar.suggest.searches", false); - -// PREF: Disable form autofill, don't save information entered in web page forms and the Search Bar -// user_pref("browser.formfill.enable", false); - -// PREF: Disable inline autocomplete in URL bar -// user_pref("browser.urlbar.autoFill", false); -// user_pref("browser.urlbar.autoFill.typed", false); - -// PREF: Disable URL bar autocomplete and history/bookmarks suggestions dropdown -// user_pref("browser.urlbar.autocomplete.enabled", false); - -// PREF: Disable Firefox Suggest -// https://support.mozilla.org/en-US/kb/navigate-web-faster-firefox-suggest -user_pref("browser.urlbar.groupLabels.enabled", false); - - -/******************************************************************************* - * SECTION: Misc * - *******************************************************************************/ -// PREF: When browser pings are enabled, only allow pinging the same host as the origin page -user_pref("browser.send_pings.require_same_host", true); - -// PREF: Disable remote debugging -user_pref("devtools.debugger.remote-enabled", false); -user_pref("devtools.chrome.enabled", false); -user_pref("devtools.debugger.force-local", true); - -// PREF: Do not automatically send selection to clipboard on some Linux platforms -user_pref("clipboard.autocopy", false); - -{{ if (hasKey . "firefox") }} -// Chezmoi defined configs - -{{ if (hasKey .firefox "bookmarks") }} -// PREF: Export bookmarks to HTML automatically when closing Firefox (disabled) -user_pref("browser.bookmarks.autoExportHTML", true); -user_pref("browser.bookmarks.file", {{ .firefox.bookmarks | quote }}); -user_pref("browser.bookmarks.max_backups", 5); -{{- end }} - -{{- end }} - -// PREF: Do not check if Firefox is the default browser -user_pref("browser.shell.checkDefaultBrowser", false); - -// PREF: Disable Pocket -user_pref("browser.pocket.enabled", false); -user_pref("extensions.pocket.enabled", false); - -// PREF: Restore previous session on startup -user_pref("browser.startup.page", 3); - -// PREF: Do not create screenshots of visited pages (relates to the "new tab page" feature) -user_pref("browser.pagethumbnails.capturing_disabled", true); - -user_pref("browser.discovery.enabled", false); - -/* 0320: disable about:addons' Recommendations pane (uses Google Analytics) ***/ -/* 0321: disable recommendations in about:addons' Extensions and Themes panes [FF68+] ***/ -user_pref("extensions.getAddons.showPane", false); // [HIDDEN PREF] -user_pref("extensions.htmlaboutaddons.recommendations.enabled", false); - -// Disable various parts of the new tab page -user_pref("browser.newtabpage.activity-stream.default.sites", ""); // Remove default topsites (not your custom sites) -user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false); -user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); -user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); -user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false); -user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); -user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); -user_pref("browser.newtabpage.activity-stream.telemetry", false); - -// PREF: Disable Extension recommendations (Firefox >= 65) -user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); -user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); - -// PREF: Disable downloading homepage snippets/messages from Mozilla -user_pref("browser.aboutHomeSnippets.updateUrl", ""); - -// Disable about:config warning -user_pref("browser.aboutConfig.showWarning", false); - - -/******************************************************************************* - * SECTION: Privacy and Security Related * - *******************************************************************************/ -// PREF: Enable Firefox Tracking Protection -user_pref("privacy.trackingprotection.enabled", true); -user_pref("privacy.trackingprotection.pbmode.enabled", true); - -// PREF: Enable insecure password warnings (login forms in non-HTTPS pages) -user_pref("security.insecure_password.ui.enabled", true); - -// PREF: Send DNS request through SOCKS when SOCKS proxying is in use -user_pref("network.proxy.socks_remote_dns", true); - -// PREF: Don't monitor OS online/offline connection state -user_pref("network.manage-offline-status", false); - -// PREF: Disable "Autofill addresses" -user_pref("extensions.formautofill.addresses.enabled", false); - -// PREF: Disable "Autofill credit cards" -user_pref("extensions.formautofill.creditCards.enabled", false); - -// PREF: Disable collection/sending of the health report (healthreport.sqlite*) -user_pref("datareporting.healthreport.uploadEnabled", false); -user_pref("datareporting.healthreport.service.enabled", false); -user_pref("datareporting.policy.dataSubmissionEnabled", false); - -// "Allow Firefox to make personalized extension recommendations" -user_pref("browser.discovery.enabled", false); - -// PREF: Disable Shield/Heartbeat/Normandy (Mozilla user rating telemetry) -user_pref("app.normandy.enabled", false); -user_pref("app.normandy.api_url", ""); -user_pref("extensions.shield-recipe-client.enabled", false); -user_pref("app.shield.optoutstudies.enabled", false); - -// PREF: Disable Mozilla telemetry/experiments -user_pref("toolkit.telemetry.enabled", false); -user_pref("toolkit.telemetry.unified", false); -user_pref("toolkit.telemetry.archive.enabled", false); -user_pref("toolkit.telemetry.server", "data:,"); -user_pref("toolkit.telemetry.newProfilePing.enabled", false); -user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // [FF55+] -user_pref("toolkit.telemetry.updatePing.enabled", false); // [FF56+] -user_pref("toolkit.telemetry.bhrPing.enabled", false); // [FF57+] Background Hang Reporter -user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // [FF57+] -user_pref("toolkit.telemetry.coverage.opt-out", true); -user_pref("toolkit.coverage.opt-out", true); // [FF64+] [HIDDEN PREF] -user_pref("toolkit.coverage.endpoint.base", ""); -user_pref("experiments.supported", false); -user_pref("experiments.enabled", false); -user_pref("experiments.manifest.uri", ""); -user_pref("browser.ping-centre.telemetry", false); - -// PREF: Disable face detection -user_pref("camera.control.face_detection.enabled", false); - - -// Geo based settings -// PREF: Disable GeoIP lookup on your address to set default search engine region -user_pref("browser.search.countryCode", "US"); -user_pref("browser.search.region", "US"); -user_pref("browser.search.geoip.url", ""); - -// Disable using the OS's locator -user_pref("geo.provider.ms-windows-location", false); // [WINDOWS] -user_pref("geo.provider.use_corelocation", false); // [MAC] -user_pref("geo.provider.use_gpsd", false); // [LINUX] - -user_pref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); - - -// PREF: Don't use Mozilla-provided location-specific search engines -user_pref("browser.search.geoSpecificDefaults", false); - -// PREF: Do not automatically send selection to clipboard on some Linux platforms -user_pref("clipboard.autocopy", false); - -// PREF: Don't reveal build ID -user_pref("general.buildID.override", "20100101"); -user_pref("browser.startup.homepage_override.buildID", "20100101"); - -// PREF: Opt-out of add-on metadata updates -user_pref("extensions.getAddons.cache.enabled", false); - -// PREF: Disable sending Firefox crash reports to Mozilla servers -user_pref("breakpad.reportURL", ""); - -// PREF: Disable sending reports of tab crashes to Mozilla (about:tabcrashed), don't nag user about unsent crash reports -user_pref("browser.tabs.crashReporting.sendReport", false); -user_pref("browser.crashReports.unsubmittedCheck.enabled", false); - -// PREF: Disable FlyWeb (discovery of LAN/proximity IoT devices that expose a Web interface) -user_pref("dom.flyweb.enabled", false); - -// PREF: Disable Firefox Hello metrics collection -user_pref("loop.logDomains", false); - -// PREF: Disable autoupdate -user_pref("app.update.auto", false); // Non-Windows -user_pref("app.update.background.scheduling.enabled", false); // Windows