brave: schizomax

modules/programs/gui/brave/module.nix

@@ -1,13 +1,79 @@
-{pkgs, ...}: {
+{
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib.lists) map;
+  inherit (lib.strings) concatStringsSep;
+
+  flags = concatStringsSep " " [
+    "--no-first-run"
+    "--use-vulkan"
+    "--enable-features=Vulkan,UseOzonePlatform"
+    "--enable-gpu-rasterization"
+    "--force-dark-mode"
+    "--enable-smooth-scrolling"
+    "--enable-features=UseOzonePlatform"
+    "--ozone-platform=wayland"
+    "--user-agent='Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.3'"
+    "--use-angle=vulkan"
+  ];
+  brave-wrapped = pkgs.symlinkJoin {
+    name = "fish";
+    paths = [
+      (
+        pkgs.brave.override {vulkanSupport = true;}
+      )
+    ];
+    nativeBuildInputs = [pkgs.makeWrapper];
+    postBuild = ''
+      wrapProgram $out/bin/brave --append-flags "${flags}"
+    '';
+  };
+in {
+  environment.systemPackages = [
+    brave-wrapped
+  ];
   programs.chromium = {
     enable = true;
+
+    # This sets a bunch of flags to make Brave usable.
+    # This was made possible through several similar projects,
+    # which facilitated this process a lot:
+    # https://gist.github.com/yashgorana/869542b66d7188729716379abe7464e0
+    # https://github.com/yashgorana/chrome-debloat
     extraOpts = {
       BraveRewardsDisabled = true;
       BraveWalletDisabled = true;
+
+      # Setting the policy to False prevents Google Chrome from showing
+      # product promotional content.
       PromotionsEnabled = false;
       TorDisabled = true;
       BraveVPNDisabled = true;
       BraveAIChatEnabled = false;
+      SyncDisabled = true;
+
+      # Setting the policy to False stops Google Chrome from ever checking if
+      # it's the default and turns user controls off for this option.
+      DefaultBrowserSettingEnabled = false;
+
+      # In background mode, a Google Chrome process is started on OS sign-in and keeps
+      # running when the last browser window is closed, allowing background apps and
+      # the browsing session to remain active.
+      BackgroundModeEnabled = false;
+
+      # By default the browser will show media recommendations that are personalized to the user.
+      # Setting this policy to Disabled will result in these recommendations being hidden from the user.
+      MediaRecommendationsEnabled = false;
+
+      # This policy controls the availability of the shopping list feature.
+      # If enabled, users will be presented with UI to track the price of
+      # the product displayed on the current page. The tracked product will
+      # be shown in the bookmarks side panel. If this policy is set to Enabled
+      # or not set, the shopping list feature will be available to users.
+      # If this policy is set to Disabled, the shopping list feature will be unavailable.
+      ShoppingListEnabled = false;
       BraveSyncUrl = "";
       PrivacySandboxFingerprintingProtectionEnabled = true;
       PrivacySandboxIpProtectionEnabled = true;
@@ -17,8 +83,88 @@
       DefaultSearchProviderNewTabURL = "https://kagi.com";
       SearchSuggestEnabled = true;
       DefaultSearchProviderSuggestURL = "https://kagi.com/api/autosuggest?q={searchTerms}";
-      PasswordManagerEnabled = false;
+
+      # Prevents webpage elements that aren't from the domain
+      # that's in the browser's address bar from setting cookies.
       BlockThirdPartyCookies = true;
+      DnsOverHttpsMode = "automatic";
+      MetricsReportingEnabled = false;
+      SafeBrowsingExtendedReportingEnabled = false;
+      # Setting the policy to Enabled means URL-keyed anonymized data collection,
+      # which sends URLs of pages the user visits to Google to make searches and
+      # browsing better, is always active.
+      # Setting the policy to Disabled results in no URL-keyed anonymized data collection.
+      UrlKeyedAnonymizedDataCollectionEnabled = false;
+
+      # Google Chrome in-product surveys collect user feedback for the browser.
+      # Survey responses are not associated with user accounts. When this policy
+      # is Enabled or not set, in-product surveys may be shown to users.
+      # When this policy is Disabled, in-product surveys are not shown to users.
+      FeedbackSurveysEnabled = false;
+
+      PasswordManagerEnabled = false;
+      # Disable sharing user credentials with other users
+      PasswordSharingEnabled = false;
+      # Disable leak detection for entered credentials
+      PasswordLeakDetectionEnabled = false;
+
+      AutofillAddressEnabled = false;
+      AutofillCreditCardEnabled = false;
+      ParcelTrackingEnabled = false;
+
+      # Setting the policy to 2 denies sites tracking the users' physical locationing.
+      DefaultGeolocationSetting = 2;
+      DefaultNotificationsSetting = 2;
+      # Setting the policy to BlockLocalFonts (value 2) automatically denies the local fonts
+      # permission to sites by default. This will limit the ability of sites to see
+      # information about local fonts.
+      DefaultLocalFontsSetting = 2;
+
+      # Setting the policy to 1 lets websites access and use sensors such as motion and light.
+      # Setting the policy to 2 denies access to sensors.
+      DefaultSensorsSetting = 2;
+      # Setting the policy to 3 lets websites ask for access to serial ports.
+      # Setting the policy to 2 denies access to serial ports.
+      DefaultSerialGuardSetting = 2;
+      # This policy allows to control the Related Website Sets feature enablement.
+      # This policy overrides the FirstPartySetsEnabled policy.
+      # When this policy is set to False, the Related Website Sets feature is disabled.
+      RelatedWebsiteSetsEnabled = false;
+
+      # This policy controls the sign-in behavior of the browser.
+      # It allows you to specify if the user can sign in to Google Chrome with
+      # their account and use account related services like Google Chrome Sync.
+      BrowserSignin = 0;
+
+      QuicAllowed = true;
+
+      # Setting the policy to Enabled turns the internal PDF viewer off in Google Chrome,
+      # treats PDF files as a download, and lets users open PDFs with the default application.
+      AlwaysOpenPdfExternally = true;
+
+      SpellcheckEnabled = false;
+      EnableDoNotTrack = true;
+
+      # If this policy is set to Disabled, Google Chrome will not allow guest profiles to be started.
+      # Guest logins are Google Chrome profiles where all windows are in incognito mode.
+      BrowserGuestModeEnabled = false;
+
+      # This policy controls which software stack is used to communicate with the DNS server:
+      # the Operating System DNS client, or Google Chrome's built-in DNS client. This policy
+      # does not affect which DNS servers are used: if, for example, the operating system is
+      # configured to use an enterprise DNS server, that same server would be used by the
+      # built-in DNS client. It also does not control if DNS-over-HTTPS is used; Google Chrome
+      # will always use the built-in resolver for DNS-over-HTTPS requests.
+      # If this policy is set to Disabled, the built-in DNS client will only be used when DNS-over-HTTPS is in use.
+      BuiltinDnsClientEnabled = false;
+
+      # Control if Manifest v2 extensions can be used by browser.
+      ExtensionManifestV2Availability = 2;
+
+      # Setting the policy to True means Google Chrome uses alternate error
+      # pages built into (such as "page not found"). Setting the policy to
+      # False means Google Chrome never uses alternate error pages.
+      AlternateErrorPagesEnabled = false;
     };
     extensions = [
       # NoScript
@@ -29,9 +175,37 @@
       "bkkmolkhemgaeaeggcmfbghljjjoofoh"
       # Dark Reader
       "eimadpbcbfnmbkopoojfekhnkhdbieeh"
+      # UBlock Origin
+      "cjpalhdlnbpafiamejdnhcphjbkeiagm"
+      # I still don't care about cookies
+      "edibdbjcniadpccecjdfdjjppcpchdlm"
+      # Sponsorblock
+      "mnjggcdmjocbbbhaepdhchncahnbgone"
+      # Decentraleyes
+      "ldpochfccmkkmhdbclfhpagapcfdljkj"
     ];
   };
-  environment.systemPackages = [
+
-    (pkgs.brave.override {vulkanSupport = true;})
+  networking.extraHosts =
-  ];
+    concatStringsSep "\n"
+    <| map (addr: "${addr} localhost") [
+      "rewards.brave.com"
+      "api.rewards.brave.com"
+      "grant.rewards.brave.com"
+      "variations.brave.com"
+      "laptop-updates.brave.com"
+      "static.brave.com"
+      "static1.brave.com"
+      "crlsets.brave.com"
+      "ads.brave.com"
+      "ads-admin.brave.com"
+      "ads-help.brave.com"
+      "referrals.brave.com"
+      "analytics.brave.com"
+      "search.anonymous.ads.brave.com"
+      "p3a.brave.com"
+      "variations.brave.com"
+      "star-randsrv.bsg.brave.com"
+      "usage-ping.brave.com"
+    ];
 }