nixos/desktop-environment/browser.nix

{ config, pkgs, ... }:
{
    environment.systemPackages = with pkgs; [
        # New system packages
    ];

    programs.firefox = {
        enable = true;
        policies = {
            AppAutoUpdate = false;
            AllowFileSelectionDialogs = true;
            AutofillAddressEnabled = true;
            AutofillCreditCardEnabled = false;
            CaptivePortal = true;
            DisableFirefoxAccounts = true;
            DisableSecurityBypass = {
                InvalidCertificate = false;
                SafeBrowsing = false;
            };
            DisableSetDesktopBackground = true;
            DisableTelemetry = true;
            ExtensionUpdate = true;
            FirefoxHome = {
                Search = true;
                TopSites = true;
                SponsoredTopSites = false;
                Highlights = true;
                Pocket = false;
                Stories = false;
                SponsoredPocket = false;
                SponsoredStories = false;
                Snippets = true;
                Locked = true;
            };
            PictureInPicture = {
                Enabled = true;
                Locked = false;
                };
            ExtensionSettings = {
                "nextcloud-passwords@nextcloud.com" = {
                    installation_mode = "force_installed";
                    install_url = "https://addons.mozilla.org/firefox/downloads/latest/nextcloud-passwords/latest.xpi";
                };

                "instapaper@instapaper.com" = {
                    installation_mode = "force_installed";
                    install_url = "https://addons.mozilla.org/firefox/downloads/latest/instapaper-official/latest.xpi";
                };

                "weh@mozilla.org" = {
                    installation_mode = "force_installed";
                    install_url = "https://addons.mozilla.org/firefox/downloads/latest/video-downloadhelper/latest.xpi";
                };
            };
            Preferences = {
              # Tracking Protection
              "browser.contentblocking.category" = "strict";
              "privacy.trackingprotection.enabled" = true;
              "privacy.trackingprotection.socialtracking.enabled" = true;

              # Cookies
              "network.cookie.cookieBehavior" = 1; # block third-party cookies

              # Fingerprinting Protection
              "privacy.resistFingerprinting" = true;
              "privacy.resistFingerprinting.block_mozAddonManager" = true;

              # WebRTC IP Leak verhindern
              "media.peerconnection.enabled" = false;

              # Telemetrie vollständig deaktivieren
              "toolkit.telemetry.enabled" = false;
              "toolkit.telemetry.unified" = false;
              "toolkit.telemetry.archive.enabled" = false;
              "datareporting.healthreport.uploadEnabled" = false;
              "app.shield.optoutstudies.enabled" = false;

              # SafeBrowsing (lokal behalten, aber keine unnötige Kommunikation)
              "browser.safebrowsing.downloads.remote.enabled" = false;

              # HTTPS-Only Mode
              "dom.security.https_only_mode" = true;

              # DNS over HTTPS Fallback deaktivieren
              "network.trr.mode" = 3;
              "network.trr.uri" = "https://dns.quad9.net/dns-query";

              # Referrer reduzieren
              "network.http.referer.XOriginPolicy" = 2;

              # Clipboard API nur bei User Interaction
              "dom.events.asyncClipboard.readText" = false;

              # WebGL einschränken
              "webgl.disabled" = true;
            };
            SearchEngines = {
              Default = "Ecosia";

              Add = [
                {
                  Name = "Ecosia";
                  URLTemplate = "https://www.ecosia.org/search?q={searchTerms}";
                  Method = "GET";
                }
              ];

              Remove = [ "Google" "Bing" "Amazon.com" "eBay" ];
            };

        };
    };
    }