From a558c558f0480d42a7d004556e746b1130388482 Mon Sep 17 00:00:00 2001
From: Atridad Lahiji <me@atri.dad>
Date: Mon, 16 Feb 2026 16:08:23 -0700
Subject: [PATCH] Ok finally

---
 modules/librewolf.nix | 86 ++++++++++++++++++-------------------------
 1 file changed, 35 insertions(+), 51 deletions(-)

diff --git a/modules/librewolf.nix b/modules/librewolf.nix
index 42002c2..df1e784 100644
--- a/modules/librewolf.nix
+++ b/modules/librewolf.nix
@@ -1,90 +1,74 @@
 { pkgs, ... }:
 
 let
-  # 1. Policies (Extensions & Locks)
-  # policies.json is best for installing extensions and hard-locking features.
-  policiesJson = builtins.toJSON {
+  policies = {
     policies = {
       DisableTelemetry = true;
       DisableFirefoxStudies = true;
       DisablePocket = true;
       DisableFirefoxAccounts = true;
+      OfferToSaveLogins = false;
+      DisableSafeBrowsing = true;
+
+      FirefoxHome = {
+        Search = true;
+        TopSites = true;
+        SponsoredTopSites = false;
+        Highlights = false;
+        Pocket = false;
+        SponsoredPocket = false;
+      };
+
+      SanitizeOnShutdown = {
+        Cache = true;
+        Cookies = false;
+        History = false;
+        Sessions = true;
+        SiteSettings = false;
+        OfflineApps = true;
+      };
 
       ExtensionSettings = {
-        # Bitwarden
         "{446900e4-71c2-419f-a6a7-df9c091e268b}" = {
           install_url = "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi";
           installation_mode = "force_installed";
         };
-        # Floccus
         "floccus@handmadeideas.org" = {
           install_url = "https://addons.mozilla.org/firefox/downloads/latest/floccus/latest.xpi";
           installation_mode = "force_installed";
         };
-        # uBlock Origin
         "uBlock0@raymondhill.net" = {
           install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
           installation_mode = "force_installed";
         };
       };
+
+      Preferences = {
+        "browser.startup.homepage" = "about:home";
+        "extensions.autoDisableScopes" = 0;
+        "browser.toolbars.bookmarks.visibility" = "always";
+        "network.cookie.cookieBehavior" = 1;
+        "extensions.activeThemeID" = "firefox-alpenglow@mozilla.org";
+        "privacy.resistFingerprinting" = true;
+        "browser.ml.chat.enabled" = false;
+        "browser.ml.chat.sidebar" = false;
+        "browser.tabs.groups.smart.userEnabled" = false;
+      };
     };
   };
 
-  policiesFile = pkgs.writeText "librewolf-policies.json" policiesJson;
-
-  # 2. User Preferences (user.js)
-  # These are applied to the profile directly.
-  # This avoids code-signing issues with modifying the App Bundle.
-  userJs = pkgs.writeText "user.js" ''
-    // Force Alpenglow Theme
-    user_pref("extensions.activeThemeID", "firefox-alpenglow@mozilla.org");
-
-    // UI Tweaks
-    user_pref("sidebar.revamp", true);
-    user_pref("sidebar.verticalTabs", true);
-    user_pref("sidebar.main.tools", "bookmarks,history,tabs");
-    user_pref("sidebar.visibility", "always");
-
-    // Privacy
-    user_pref("privacy.clearOnShutdown.cookies", false);
-    user_pref("privacy.clearOnShutdown.history", false);
-  '';
-
+  policiesFile = pkgs.writeText "librewolf-policies.json" (builtins.toJSON policies);
 in
 {
-  # Activation script to apply both Policies (System) and user.js (Profile)
   system.activationScripts.postActivation.text = ''
-    # 1. Apply Policies to the App Bundle (Distribution folder is usually safe to modify)
-    # We check both standard locations
     for APP_DIR in "/Applications/LibreWolf.app" "$HOME/Applications/LibreWolf.app"; do
       if [ -d "$APP_DIR" ]; then
-        echo ">>> Setting LibreWolf policies in $APP_DIR..."
         DIST_DIR="$APP_DIR/Contents/Resources/distribution"
         mkdir -p "$DIST_DIR"
         cp -f ${policiesFile} "$DIST_DIR/policies.json"
         chmod 644 "$DIST_DIR/policies.json"
+        echo "Applied LibreWolf policies to $APP_DIR"
       fi
     done
-
-    # 2. Apply user.js to the User Profile
-    # LibreWolf profiles are in ~/Library/Application Support/LibreWolf/Profiles/
-    LIBREWOLF_DATA="$HOME/Library/Application Support/LibreWolf/Profiles"
-    if [ -d "$LIBREWOLF_DATA" ]; then
-      # Find the default release profile (usually ends in .default-release or .default)
-      PROFILE_DIR=$(find "$LIBREWOLF_DATA" -maxdepth 1 -type d -name "*.default-release" | head -n 1)
-
-      # Fallback to *.default if release not found
-      if [ -z "$PROFILE_DIR" ]; then
-        PROFILE_DIR=$(find "$LIBREWOLF_DATA" -maxdepth 1 -type d -name "*.default" | head -n 1)
-      fi
-
-      if [ -n "$PROFILE_DIR" ]; then
-        echo ">>> Updating LibreWolf profile: $PROFILE_DIR"
-        # We cat the file to ensure we don't mess up symlinks or permissions logic
-        cat ${userJs} > "$PROFILE_DIR/user.js"
-      else
-        echo ">>> Warning: Could not find a default LibreWolf profile to apply user.js"
-      fi
-    fi
   '';
 }