From 2fc59e29f3c2a1eec066c0f323dd63ec61026588 Mon Sep 17 00:00:00 2001
From: Aaron Bieber <aaron@bolddaemon.com>
Date: Mon, 8 Jul 2024 18:42:57 -0600
Subject: [PATCH] configs/thunderbird: init

---
 configs/thunderbird.nix  | 99 ++++++++++++++++++++++++++++++++++++++++
 hosts/europa/default.nix |  5 +-
 2 files changed, 102 insertions(+), 2 deletions(-)
 create mode 100644 configs/thunderbird.nix

diff --git a/configs/thunderbird.nix b/configs/thunderbird.nix
new file mode 100644
index 0000000..ce19ab0
--- /dev/null
+++ b/configs/thunderbird.nix
@@ -0,0 +1,99 @@
+{ ... }: {
+  programs = {
+    thunderbird = {
+      enable = true;
+      policies = {
+        Cookies = {
+          Allow = [ "https://app.fastmail.com" ];
+          AllowSession = [ "https://app.fastmail.com/" ];
+          Block = [ "*" ];
+          Default = true;
+          AcceptThirdParty = "never";
+          ExpireAtSessionEnd = false;
+          RejectTracker = true;
+          Locked = true;
+        };
+        DisableTelemetry = true;
+        ExtensionSettings = {
+          "*" = {
+            blocked_install_message = "Only install extensions via nix.";
+            install_sources = [ "about:addons" "https://addons.thunderbird.net/" ];
+            installation_mode = "blocked";
+            allowed_types = [ "extension" ];
+          };
+          "uBlock0@raymondhill.net" = {
+            "installation_mode" = "force_installed";
+            "install_url" = "https://addons.thunderbird.net/thunderbird/downloads/latest/ublock-origin/latest.xpi";
+          };
+          "{532269cf-a10e-4396-8613-b5d9a9a516d4}" = {
+            "installation_mode" = "forced_installed";
+            "install_url" = "https://addons.thunderbird.net/thunderbird/downloads/latest/allow-html-temp/latest.xpi";
+          };
+        };
+        NetworkPrediction = true;
+        OfferToSaveLogins = false;
+        PasswordManagerEnabled = false;
+        SearchEngines = {
+          Add = [
+            {
+              Name = "Kagi";
+              URLTemplate = "https://kagi.com/search?q={searchTerms}";
+              Method = "GET";
+              Alias = "k";
+            }
+            {
+              Name = "OpenBSD.app";
+              URLTemplate = "https://openbsd.app/?search={searchTerms}";
+              Method = "GET";
+            }
+          ];
+          Default = "Kagi";
+          Remove = [
+            "Google"
+            "Amazon.com"
+            "Bing"
+            "eBay"
+            "Wikipedia (en)"
+            "DuckDuckGo"
+          ];
+        };
+        PDFjs = {
+          Enabled = false;
+        };
+      };
+      # NOTE: https://github.com/thunderbird/policy-templates/tree/master/templates/central
+      # Items can be found here ^
+      preferences = {
+        "extensions.blocklist.enabled" = true;
+
+        "browser.search.update" = false;
+        "browser.urlbar.suggest.calculator" = true;
+        "browser.urlbar.suggest.quicksuggest.nonsponsored" = false;
+        "browser.urlbar.suggest.quicksuggest.sponsored" = false;
+        "browser.urlbar.suggest.searches" = false;
+        "browser.urlbar.suggest.topsites" = false;
+        "browser.urlbar.suggest.trending" = false;
+        "browser.urlbar.suggest.yelp" = false;
+        "browser.urlbar.trimURLs" = false;
+        "datareporting.healthreport.uploadEnabled" = false;
+        "devtools.cache.disabled" = true;
+        "dom.block_download_insecure" = false;
+        "extensions.pocket.enabled" = false;
+        "extensions.screenshots.disabled" = true;
+        "geo.enabled" = false;
+        "geo.provider.network.url" = "";
+        "geo.provider.use_geoclue" = false;
+        "network.dns.disablePrefetch" = true;
+        "network.http.speculative-parallel-limit" = 0;
+        "network.IDN_show_punycode" = true;
+        "network.predictor.enabled" = false;
+        "network.prefetch-next" = false;
+        "security.OCSP.enabled" = 0;
+        "security.ssl.errorReporting.enabled" = false;
+
+        # Not yet working:
+        "beacon.enabled" = false;
+      };
+    };
+  };
+}
diff --git a/hosts/europa/default.nix b/hosts/europa/default.nix
index 99db8be..c7d59b5 100644
--- a/hosts/europa/default.nix
+++ b/hosts/europa/default.nix
@@ -9,6 +9,7 @@ let
   inherit (inputs.stable.legacyPackages.${pkgs.system}) chirp beets;
   inherit (inputs.unstableSmall.legacyPackages.${pkgs.system}) quodlibet-full;
   inherit (xinlib) jobToUserService prIsOpen;
+  thunderbird = import ../../configs/thunderbird.nix { inherit pkgs; };
   jobs = [
     {
       name = "brain";
@@ -173,7 +174,7 @@ in
         "load-agent" = ''op item get signer --field 'private key' --reveal | sed '/"/d; s/\r//' | ssh-add -'';
       };
     };
-  };
+  } // thunderbird.programs;
 
   services.xinCA = { enable = false; };
 
@@ -387,7 +388,7 @@ in
       signal-desktop-beta
       tcpdump
       tea
-      thunderbird
+      # thunderbird
       tigervnc
       tncattach
       unzip