{ pkgs, ... }:

let
  policies = {
    policies = {
      DisableTelemetry = true;
      DisableFirefoxStudies = true;
      DisablePocket = true;
      DisableFirefoxAccounts = true;
      OfferToSaveLogins = false;
      EnableTrackingProtection = true;

      FirefoxHome = {
        Search = true;
        TopSites = true;
        SponsoredTopSites = false;
        Highlights = false;
        Pocket = false;
        SponsoredPocket = false;
      };

      SanitizeOnShutdown = {
        Cache = true;
        Cookies = false;
        History = false;
        Sessions = true;
        SiteSettings = false;
        OfflineApps = true;
      };

      SearchEngines = {
        Default = "Searx Search";
        Remove = [
          "Google"
          "Bing"
          "Perplexity"
          "Wikipedia (en)"
        ];
        Add = [
          {
            Name = "Searx Search";
            URLTemplate = "https://search.atri.dad/search?q={searchTerms}";
            Method = "GET";
            IconURL = "https://search.atri.dad/favicon.ico";
            Alias = "searx";
            Description = "Searx (search.atri.dad)";
          }
          {
            Name = "DuckDuckGo";
            URLTemplate = "https://duckduckgo.com/?q={searchTerms}";
            SuggestURLTemplate = "https://duckduckgo.com/ac/?q={searchTerms}&type=list";
            Method = "GET";
            IconURL = "https://duckduckgo.com/favicon.ico";
            Alias = "ddg";
            Description = "DuckDuckGo";
          }
        ];
      };

      ExtensionSettings = {
        "{446900e4-71c2-419f-a6a7-df9c091e268b}" = {
          install_url = "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi";
          installation_mode = "force_installed";
        };
        "floccus@handmadeideas.org" = {
          install_url = "https://addons.mozilla.org/firefox/downloads/latest/floccus/latest.xpi";
          installation_mode = "force_installed";
        };
        "uBlock0@raymondhill.net" = {
          install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
          installation_mode = "force_installed";
        };
      };

      Preferences = {
        "browser.startup.homepage" = "about:home";
        "extensions.autoDisableScopes" = 0;
        "browser.toolbars.bookmarks.visibility" = "always";
        "network.cookie.cookieBehavior" = 1;
        "extensions.activeThemeID" = "firefox-alpenglow@mozilla.org";
        "privacy.resistFingerprinting" = true;
        "browser.ml.chat.enabled" = false;
        "browser.ml.chat.sidebar" = false;
        "browser.tabs.groups.smart.userEnabled" = false;
        "browser.safebrowsing.malware.enabled" = false;
        "browser.safebrowsing.phishing.enabled" = false;
        "browser.safebrowsing.blockedURIs.enabled" = false;
        "browser.safebrowsing.downloads.enabled" = false;
        "browser.safebrowsing.provider.google4.gethashURL" = "";
        "browser.safebrowsing.provider.google4.updateURL" = "";
        "browser.safebrowsing.provider.google.gethashURL" = "";
        "browser.safebrowsing.provider.google.updateURL" = "";
        "browser.newtabpage.activity-stream.newtabWallpapers.wallpaper" = "dark-mountain";
      };
    };
  };

  policiesFile = pkgs.writeText "librewolf-policies.json" (builtins.toJSON policies);
in
{
  system.activationScripts.postActivation.text = ''
    for APP_DIR in "/Applications/LibreWolf.app" "$HOME/Applications/LibreWolf.app"; do
      if [ -d "$APP_DIR" ]; then
        DIST_DIR="$APP_DIR/Contents/Resources/distribution"
        mkdir -p "$DIST_DIR"
        cp -f ${policiesFile} "$DIST_DIR/policies.json"
        chmod 644 "$DIST_DIR/policies.json"
        echo "Applied LibreWolf policies to $APP_DIR"
        xattr -dr com.apple.quarantine /Applications/LibreWolf.app
      fi
    done
  '';
}