From fec612ff727d5155ead76777ee3c1f1522af99af Mon Sep 17 00:00:00 2001
From: Bloxx12 <charlie@charlieroot.dev>
Date: Tue, 8 Jul 2025 22:59:07 +0200
Subject: [PATCH 1/2] brave: schizomax

---
 modules/programs/gui/brave/module.nix | 184 +++++++++++++++++++++++++-
 1 file changed, 179 insertions(+), 5 deletions(-)

diff --git a/modules/programs/gui/brave/module.nix b/modules/programs/gui/brave/module.nix
index 7f448bd..38915f3 100644
--- a/modules/programs/gui/brave/module.nix
+++ b/modules/programs/gui/brave/module.nix
@@ -1,13 +1,79 @@
-{pkgs, ...}: {
+{
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib.lists) map;
+  inherit (lib.strings) concatStringsSep;
+
+  flags = concatStringsSep " " [
+    "--no-first-run"
+    "--use-vulkan"
+    "--enable-features=Vulkan,UseOzonePlatform"
+    "--enable-gpu-rasterization"
+    "--force-dark-mode"
+    "--enable-smooth-scrolling"
+    "--enable-features=UseOzonePlatform"
+    "--ozone-platform=wayland"
+    "--user-agent='Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.3'"
+    "--use-angle=vulkan"
+  ];
+  brave-wrapped = pkgs.symlinkJoin {
+    name = "fish";
+    paths = [
+      (
+        pkgs.brave.override {vulkanSupport = true;}
+      )
+    ];
+    nativeBuildInputs = [pkgs.makeWrapper];
+    postBuild = ''
+      wrapProgram $out/bin/brave --append-flags "${flags}"
+    '';
+  };
+in {
+  environment.systemPackages = [
+    brave-wrapped
+  ];
   programs.chromium = {
     enable = true;
+
+    # This sets a bunch of flags to make Brave usable.
+    # This was made possible through several similar projects,
+    # which facilitated this process a lot:
+    # https://gist.github.com/yashgorana/869542b66d7188729716379abe7464e0
+    # https://github.com/yashgorana/chrome-debloat
     extraOpts = {
       BraveRewardsDisabled = true;
       BraveWalletDisabled = true;
+
+      # Setting the policy to False prevents Google Chrome from showing
+      # product promotional content.
       PromotionsEnabled = false;
       TorDisabled = true;
       BraveVPNDisabled = true;
       BraveAIChatEnabled = false;
+      SyncDisabled = true;
+
+      # Setting the policy to False stops Google Chrome from ever checking if
+      # it's the default and turns user controls off for this option.
+      DefaultBrowserSettingEnabled = false;
+
+      # In background mode, a Google Chrome process is started on OS sign-in and keeps
+      # running when the last browser window is closed, allowing background apps and
+      # the browsing session to remain active.
+      BackgroundModeEnabled = false;
+
+      # By default the browser will show media recommendations that are personalized to the user.
+      # Setting this policy to Disabled will result in these recommendations being hidden from the user.
+      MediaRecommendationsEnabled = false;
+
+      # This policy controls the availability of the shopping list feature.
+      # If enabled, users will be presented with UI to track the price of
+      # the product displayed on the current page. The tracked product will
+      # be shown in the bookmarks side panel. If this policy is set to Enabled
+      # or not set, the shopping list feature will be available to users.
+      # If this policy is set to Disabled, the shopping list feature will be unavailable.
+      ShoppingListEnabled = false;
       BraveSyncUrl = "";
       PrivacySandboxFingerprintingProtectionEnabled = true;
       PrivacySandboxIpProtectionEnabled = true;
@@ -17,8 +83,88 @@
       DefaultSearchProviderNewTabURL = "https://kagi.com";
       SearchSuggestEnabled = true;
       DefaultSearchProviderSuggestURL = "https://kagi.com/api/autosuggest?q={searchTerms}";
-      PasswordManagerEnabled = false;
+
+      # Prevents webpage elements that aren't from the domain
+      # that's in the browser's address bar from setting cookies.
       BlockThirdPartyCookies = true;
+      DnsOverHttpsMode = "automatic";
+      MetricsReportingEnabled = false;
+      SafeBrowsingExtendedReportingEnabled = false;
+      # Setting the policy to Enabled means URL-keyed anonymized data collection,
+      # which sends URLs of pages the user visits to Google to make searches and
+      # browsing better, is always active.
+      # Setting the policy to Disabled results in no URL-keyed anonymized data collection.
+      UrlKeyedAnonymizedDataCollectionEnabled = false;
+
+      # Google Chrome in-product surveys collect user feedback for the browser.
+      # Survey responses are not associated with user accounts. When this policy
+      # is Enabled or not set, in-product surveys may be shown to users.
+      # When this policy is Disabled, in-product surveys are not shown to users.
+      FeedbackSurveysEnabled = false;
+
+      PasswordManagerEnabled = false;
+      # Disable sharing user credentials with other users
+      PasswordSharingEnabled = false;
+      # Disable leak detection for entered credentials
+      PasswordLeakDetectionEnabled = false;
+
+      AutofillAddressEnabled = false;
+      AutofillCreditCardEnabled = false;
+      ParcelTrackingEnabled = false;
+
+      # Setting the policy to 2 denies sites tracking the users' physical locationing.
+      DefaultGeolocationSetting = 2;
+      DefaultNotificationsSetting = 2;
+      # Setting the policy to BlockLocalFonts (value 2) automatically denies the local fonts
+      # permission to sites by default. This will limit the ability of sites to see
+      # information about local fonts.
+      DefaultLocalFontsSetting = 2;
+
+      # Setting the policy to 1 lets websites access and use sensors such as motion and light.
+      # Setting the policy to 2 denies access to sensors.
+      DefaultSensorsSetting = 2;
+      # Setting the policy to 3 lets websites ask for access to serial ports.
+      # Setting the policy to 2 denies access to serial ports.
+      DefaultSerialGuardSetting = 2;
+      # This policy allows to control the Related Website Sets feature enablement.
+      # This policy overrides the FirstPartySetsEnabled policy.
+      # When this policy is set to False, the Related Website Sets feature is disabled.
+      RelatedWebsiteSetsEnabled = false;
+
+      # This policy controls the sign-in behavior of the browser.
+      # It allows you to specify if the user can sign in to Google Chrome with
+      # their account and use account related services like Google Chrome Sync.
+      BrowserSignin = 0;
+
+      QuicAllowed = true;
+
+      # Setting the policy to Enabled turns the internal PDF viewer off in Google Chrome,
+      # treats PDF files as a download, and lets users open PDFs with the default application.
+      AlwaysOpenPdfExternally = true;
+
+      SpellcheckEnabled = false;
+      EnableDoNotTrack = true;
+
+      # If this policy is set to Disabled, Google Chrome will not allow guest profiles to be started.
+      # Guest logins are Google Chrome profiles where all windows are in incognito mode.
+      BrowserGuestModeEnabled = false;
+
+      # This policy controls which software stack is used to communicate with the DNS server:
+      # the Operating System DNS client, or Google Chrome's built-in DNS client. This policy
+      # does not affect which DNS servers are used: if, for example, the operating system is
+      # configured to use an enterprise DNS server, that same server would be used by the
+      # built-in DNS client. It also does not control if DNS-over-HTTPS is used; Google Chrome
+      # will always use the built-in resolver for DNS-over-HTTPS requests.
+      # If this policy is set to Disabled, the built-in DNS client will only be used when DNS-over-HTTPS is in use.
+      BuiltinDnsClientEnabled = false;
+
+      # Control if Manifest v2 extensions can be used by browser.
+      ExtensionManifestV2Availability = 2;
+
+      # Setting the policy to True means Google Chrome uses alternate error
+      # pages built into (such as "page not found"). Setting the policy to
+      # False means Google Chrome never uses alternate error pages.
+      AlternateErrorPagesEnabled = false;
     };
     extensions = [
       # NoScript
@@ -29,9 +175,37 @@
       "bkkmolkhemgaeaeggcmfbghljjjoofoh"
       # Dark Reader
       "eimadpbcbfnmbkopoojfekhnkhdbieeh"
+      # UBlock Origin
+      "cjpalhdlnbpafiamejdnhcphjbkeiagm"
+      # I still don't care about cookies
+      "edibdbjcniadpccecjdfdjjppcpchdlm"
+      # Sponsorblock
+      "mnjggcdmjocbbbhaepdhchncahnbgone"
+      # Decentraleyes
+      "ldpochfccmkkmhdbclfhpagapcfdljkj"
     ];
   };
-  environment.systemPackages = [
-    (pkgs.brave.override {vulkanSupport = true;})
-  ];
+
+  networking.extraHosts =
+    concatStringsSep "\n"
+    <| map (addr: "${addr} localhost") [
+      "rewards.brave.com"
+      "api.rewards.brave.com"
+      "grant.rewards.brave.com"
+      "variations.brave.com"
+      "laptop-updates.brave.com"
+      "static.brave.com"
+      "static1.brave.com"
+      "crlsets.brave.com"
+      "ads.brave.com"
+      "ads-admin.brave.com"
+      "ads-help.brave.com"
+      "referrals.brave.com"
+      "analytics.brave.com"
+      "search.anonymous.ads.brave.com"
+      "p3a.brave.com"
+      "variations.brave.com"
+      "star-randsrv.bsg.brave.com"
+      "usage-ping.brave.com"
+    ];
 }

From 99b7c4f2501fdbae0e6325a3f3185996ceb4f162 Mon Sep 17 00:00:00 2001
From: Bloxx12 <charlie@charlieroot.dev>
Date: Wed, 9 Jul 2025 21:05:06 +0200
Subject: [PATCH 2/2] quickshell: switch to nixpkgs quickshell

---
 flake.lock                          | 21 ---------------------
 flake.nix                           |  7 -------
 modules/style/quickshell/module.nix |  5 +----
 3 files changed, 1 insertion(+), 32 deletions(-)

diff --git a/flake.lock b/flake.lock
index e937319..8d887e8 100644
--- a/flake.lock
+++ b/flake.lock
@@ -876,26 +876,6 @@
         "type": "github"
       }
     },
-    "quickshell": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1751880110,
-        "narHash": "sha256-5fQ2cetL3rTHqXe2VM3puawL/8u5j6ujBr6Gdt7Iues=",
-        "ref": "refs/heads/master",
-        "rev": "5d7e07508ae3e5487edb1ac5a152120434f091d5",
-        "revCount": 607,
-        "type": "git",
-        "url": "https://git.outfoxxed.me/quickshell/quickshell"
-      },
-      "original": {
-        "type": "git",
-        "url": "https://git.outfoxxed.me/quickshell/quickshell"
-      }
-    },
     "root": {
       "inputs": {
         "determinate": "determinate",
@@ -903,7 +883,6 @@
         "impermanence": "impermanence",
         "lanzaboote": "lanzaboote",
         "nixpkgs": "nixpkgs_2",
-        "quickshell": "quickshell",
         "rust-overlay": "rust-overlay_2",
         "schizofox": "schizofox",
         "systems": "systems_2",
diff --git a/flake.nix b/flake.nix
index 64f5561..a20d88f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -67,13 +67,6 @@
       inputs.systems.follows = "systems";
     };
 
-    quickshell = {
-      url = "git+https://git.outfoxxed.me/quickshell/quickshell";
-      # THIS IS IMPORTANT
-      # Mismatched system dependencies will lead to crashes and other issues.
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
     # The things rust is making me do...
     rust-overlay = {
       url = "github:oxalica/rust-overlay";
diff --git a/modules/style/quickshell/module.nix b/modules/style/quickshell/module.nix
index 9fa7a30..c0635cc 100644
--- a/modules/style/quickshell/module.nix
+++ b/modules/style/quickshell/module.nix
@@ -1,12 +1,9 @@
 {
   config,
   lib,
-  inputs,
   pkgs,
   ...
 }: let
-  inherit (inputs) quickshell;
-
   inherit (lib.modules) mkIf;
   inherit (lib.options) mkEnableOption;
 
@@ -16,7 +13,7 @@ in {
 
   config = mkIf cfg.enable {
     environment.systemPackages = with pkgs; [
-      quickshell.packages.${pkgs.stdenv.system}.default
+      quickshell
       qt6.qtimageformats
       qt6.qt5compat
       qt6.qtmultimedia