feat: firefox ca root

2025-05-03 23:49:00 +08:00 · 2025-05-03 23:49:00 +08:00 · e2c5206369
commit e2c5206369
parent 62c1eb4b1d
8 changed files with 25 additions and 9 deletions
--- a/home/user/config.nix
+++ b/home/user/config.nix
@ -1,6 +1,6 @@
 let
  configDir = ../config;
-  browser = "firefox-nightly.desktop";
+  browser = "firefox.desktop";
 in
 {
  home.file = {
--- a/home/user/desktops.nix
+++ b/home/user/desktops.nix
@ -5,7 +5,7 @@
  ...
 }:
 let
-  browser = "firefox-nightly";
+  browser = "firefox";
  iconPrefix = ".local/share/icons/hicolor/scalable/apps";
  newWindow = "${browser} --new-window";
  mkIconPkg = pkgs.callPackage ../../utils/make-icon.nix { };
--- a/home/user/environment.nix
+++ b/home/user/environment.nix
@ -1,6 +1,6 @@
 {
  home.sessionVariables = {
-    BROWSER = "firefox-nightly";
+    BROWSER = "firefox";
    EDITOR = "nvim";
    TERMINAL = "ghostty";
    ELECTRON_OZONE_PLATFORM_HINT = "auto";
--- a/home/user/firefox.nix
+++ b/home/user/firefox.nix
@ -1,6 +1,4 @@
 {
-  inputs,
-  system,
  ...
 }:
 let
@ -20,13 +18,14 @@ let
    "font.name.monospace.zh-TW" = "Noto Sans Mono CJK TC";
    # Disable Ctrl+Q
    "browser.quitShortcut.disabled" = true;
+    "security.enterprise_roots.enabled" = true;
  };
 in
 {
  programs = {
    firefox = {
      enable = true;
-      package = inputs.firefox.packages.${system}.firefox-nightly-bin;
+      # package = inputs.firefox.packages.${system}.firefox-nightly-bin;
      languagePacks = [
        "en-US"
        "zh-TW"
@ -36,6 +35,11 @@ in
      policies = {
        DontCheckDefaultBrowser = true;
        DisplayBookmarksToolbar = "never";
+        Certificates = {
+          Install = [
+            "~/.mozilla/certificates/step-ca.net.dn.crt"
+          ];
+        };
      };

      profiles.default = {
@ -44,7 +48,6 @@ in
        isDefault = true;

        userChrome = userChrome;
-
        settings = profileSettings;
      };

@ -58,4 +61,10 @@ in
      };
    };
  };
+
+  home.file = {
+    ".mozilla/certificates/step-ca.net.dn.crt" = {
+      source = ../../system/extra/ca.crt;
+    };
+  };
 }
--- a/home/user/hypr/bind.nix
+++ b/home/user/hypr/bind.nix
@ -4,7 +4,7 @@
  pkgs,
 }:
 let
-  firefox = "firefox-nightly";
+  firefox = "firefox";
  prefix = if nvidia-offload-enabled then "nvidia-offload" else "";
  browser = "${prefix} ${firefox}";
  terminal = "ghostty";
--- a/system/dev/dn-pre7780/default.nix
+++ b/system/dev/dn-pre7780/default.nix
@ -21,9 +21,9 @@
    ../../modules/virtualization.nix
    ../../modules/wine.nix
    ../../modules/wireguard.nix
-    ../../modules/certbot.nix
    (import ../../modules/nextcloud.nix {
      hostname = "pre-nextcloud.net.dn";
+      datadir = "/mnt/nextcloud";
    })
  ];

--- a/system/dev/dn-pre7780/nginx.nix
+++ b/system/dev/dn-pre7780/nginx.nix
@ -1,5 +1,10 @@
 { config, ... }:
 {
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+
  services.nginx = {
    enable = true;
    enableReload = true;
--- a/system/modules/nextcloud.nix
+++ b/system/modules/nextcloud.nix
@ -1,5 +1,6 @@
 {
  hostname,
+  datadir ? null,
  dataBackupPath ? null,
  dbBackupPath ? null,
 }:
@ -42,6 +43,7 @@
    configureRedis = true;
    hostName = hostname;
    https = true;
+    datadir = lib.mkIf (datadir != null) datadir;
    phpExtraExtensions =
      all: with all; [
        imagick