feat: firefox ca root

home/user/config.nix

@@ -1,6 +1,6 @@
 let
   configDir = ../config;
-  browser = "firefox-nightly.desktop";
+  browser = "firefox.desktop";
 in
 {
   home.file = {

home/user/desktops.nix

@@ -5,7 +5,7 @@
   ...
 }:
 let
-  browser = "firefox-nightly";
+  browser = "firefox";
   iconPrefix = ".local/share/icons/hicolor/scalable/apps";
   newWindow = "${browser} --new-window";
   mkIconPkg = pkgs.callPackage ../../utils/make-icon.nix { };

home/user/environment.nix

@@ -1,6 +1,6 @@
 {
   home.sessionVariables = {
-    BROWSER = "firefox-nightly";
+    BROWSER = "firefox";
     EDITOR = "nvim";
     TERMINAL = "ghostty";
     ELECTRON_OZONE_PLATFORM_HINT = "auto";

home/user/firefox.nix

@@ -1,6 +1,4 @@
 {
-  inputs,
-  system,
   ...
 }:
 let
@@ -20,13 +18,14 @@ let
     "font.name.monospace.zh-TW" = "Noto Sans Mono CJK TC";
     # Disable Ctrl+Q
     "browser.quitShortcut.disabled" = true;
+    "security.enterprise_roots.enabled" = true;
   };
 in
 {
   programs = {
     firefox = {
       enable = true;
-      package = inputs.firefox.packages.${system}.firefox-nightly-bin;
+      # package = inputs.firefox.packages.${system}.firefox-nightly-bin;
       languagePacks = [
         "en-US"
         "zh-TW"
@@ -36,6 +35,11 @@ in
       policies = {
         DontCheckDefaultBrowser = true;
         DisplayBookmarksToolbar = "never";
+        Certificates = {
+          Install = [
+            "~/.mozilla/certificates/step-ca.net.dn.crt"
+          ];
+        };
       };
 
       profiles.default = {
@@ -44,7 +48,6 @@ in
         isDefault = true;
 
         userChrome = userChrome;
-
         settings = profileSettings;
       };
 
@@ -58,4 +61,10 @@ in
       };
     };
   };
+
+  home.file = {
+    ".mozilla/certificates/step-ca.net.dn.crt" = {
+      source = ../../system/extra/ca.crt;
+    };
+  };
 }

home/user/hypr/bind.nix

@@ -4,7 +4,7 @@
   pkgs,
 }:
 let
-  firefox = "firefox-nightly";
+  firefox = "firefox";
   prefix = if nvidia-offload-enabled then "nvidia-offload" else "";
   browser = "${prefix} ${firefox}";
   terminal = "ghostty";

system/dev/dn-pre7780/default.nix

@@ -21,9 +21,9 @@
     ../../modules/virtualization.nix
     ../../modules/wine.nix
     ../../modules/wireguard.nix
-    ../../modules/certbot.nix
     (import ../../modules/nextcloud.nix {
       hostname = "pre-nextcloud.net.dn";
+      datadir = "/mnt/nextcloud";
     })
   ];
 

system/dev/dn-pre7780/nginx.nix

@@ -1,5 +1,10 @@
 { config, ... }:
 {
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+
   services.nginx = {
     enable = true;
     enableReload = true;

system/modules/nextcloud.nix

@@ -1,5 +1,6 @@
 {
   hostname,
+  datadir ? null,
   dataBackupPath ? null,
   dbBackupPath ? null,
 }:
@@ -42,6 +43,7 @@
     configureRedis = true;
     hostName = hostname;
     https = true;
+    datadir = lib.mkIf (datadir != null) datadir;
     phpExtraExtensions =
       all: with all; [
         imagick