edit secrets

Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
remove pins and change some keybinds
2026-05-20 13:22:34 +02:00 · 2026-04-11 12:26:35 +02:00 · 2026-04-11 12:22:53 +02:00 · 2026-04-11 11:59:04 +02:00 · 2026-04-11 11:27:39 +02:00
20 changed files with 980 additions and 34 deletions
@@ -119,6 +119,22 @@
        "type": "github"
      }
    },
+    "betterfox": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1775763269,
+        "narHash": "sha256-cICl9WpAWdrzbQTjEnAXMiZ4tlC/YL3yiD4JtikPfkI=",
+        "owner": "yokoffing",
+        "repo": "Betterfox",
+        "rev": "a9b4b8803aebd3a87492f0936db5a3c8513ae522",
+        "type": "github"
+      },
+      "original": {
+        "owner": "yokoffing",
+        "repo": "Betterfox",
+        "type": "github"
+      }
+    },
    "blog": {
      "inputs": {
        "bun2nix": "bun2nix",
@@ -583,6 +599,27 @@
        "type": "github"
      }
    },
+    "home-manager_2": {
+      "inputs": {
+        "nixpkgs": [
+          "zen-browser",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1774991950,
+        "narHash": "sha256-kScKj3qJDIWuN9/6PMmgy5esrTUkYinrO5VvILik/zw=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "f2d3e04e278422c7379e067e323734f3e8c585a7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
    "hyprcursor": {
      "inputs": {
        "hyprlang": [
@@ -1467,6 +1504,7 @@
    "root": {
      "inputs": {
        "awesome-wallpapers": "awesome-wallpapers",
+        "betterfox": "betterfox",
        "blog": "blog",
        "bun2nix": "bun2nix_2",
        "caelestia-cli": "caelestia-cli",
@@ -1483,7 +1521,8 @@
        "nvf": "nvf",
        "sops-nix": "sops-nix",
        "spicetify-nix": "spicetify-nix",
-        "stylix": "stylix"
+        "stylix": "stylix",
+        "zen-browser": "zen-browser"
      }
    },
    "sops-nix": {
@@ -1903,6 +1942,27 @@
        "repo": "xdg-desktop-portal-hyprland",
        "type": "github"
      }
+    },
+    "zen-browser": {
+      "inputs": {
+        "home-manager": "home-manager_2",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1775744672,
+        "narHash": "sha256-Qg3Wnn3WYiiii35CE9kE+XX4ooSFzupAnGC1/NjI5C8=",
+        "owner": "0xc000022070",
+        "repo": "zen-browser-flake",
+        "rev": "14a238beb0621977e9bf04cba68919d5650deea9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "0xc000022070",
+        "repo": "zen-browser-flake",
+        "type": "github"
+      }
    }
  },
  "root": "root",
@@ -35,6 +35,14 @@
      url = "github:Gerg-L/spicetify-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+    betterfox = {
+      url = "github:yokoffing/Betterfox";
+      flake = false;
+    };
+    zen-browser = {
+      url = "github:0xc000022070/zen-browser-flake";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
    # Server
    # FIXME: Deleted repo for now
    # eleakxir.url = "github:anotherhadi/eleakxir";
@@ -63,11 +63,6 @@
    BraveDarkMode = 1;
  };

-  home.sessionVariables = {
-    DEFAULT_BROWSER = "${pkgs.brave}/bin/brave";
-    BROWSER = "${pkgs.brave}/bin/brave";
-  };
-
  xdg.desktopEntries = {
    brave-incognito = {
      name = "Brave (Private window)";
@@ -0,0 +1,167 @@
+{
+  force = true;
+  settings = [
+    {
+      name = "Bookmarks";
+      toolbar = false;
+      bookmarks = [
+        {
+          name = "Mail";
+          url = "https://mail.proton.me";
+        }
+        {
+          name = "Drive";
+          url = "https://drive.proton.me";
+        }
+        {
+          name = "Lumo";
+          url = "https://lumo.proton.me";
+        }
+        {
+          name = "Calendar";
+          url = "https://calendar.proton.me";
+        }
+        {
+          name = "Maps";
+          url = "https://maps.apple.com";
+        }
+        {
+          name = "Amazon";
+          url = "https://amazon.fr";
+        }
+        {
+          name = "Tools";
+          bookmarks = [
+            {
+              name = "Excalidraw";
+              url = "https://excalidraw.com";
+            }
+            {
+              name = "Cobalt (downloader)";
+              url = "https://cobalt.meowing.de";
+            }
+            {
+              name = "Mazanoke (image downgrading)";
+              url = "https://mazanoke.hadi.icu";
+            }
+            {
+              name = "Stirling PDF";
+              url = "https://pdf.hadi.icu";
+            }
+            {
+              name = "Vert (file converter)";
+              url = "https://vert.sh";
+            }
+            {
+              name = "Markdown to pdf";
+              url = "https://md2file.com";
+            }
+            {
+              name = "Image to Vector";
+              url = "https://www.vectorcascade.com/";
+            }
+            {
+              name = "PrivateBin";
+              url = "https://privatebin.net";
+            }
+          ];
+        }
+        {
+          name = "Social";
+          bookmarks = [
+            {
+              name = "Bsky";
+              url = "https://bsky.app";
+            }
+            {
+              name = "Reddit";
+              url = "https://reddit.com";
+            }
+            {
+              name = "Youtube";
+              url = "https://youtube.com";
+            }
+            {
+              name = "Instagram";
+              url = "https://instagram.com";
+            }
+            {
+              name = "Github";
+              url = "https://github.com";
+            }
+            {
+              name = "Discord";
+              url = "https://discord.com/channels/@me/";
+            }
+          ];
+        }
+        {
+          name = "Other";
+          bookmarks = [
+            {
+              name = "Startpage config";
+              url = "https://www.startpage.com/do/mypage.pl?prfe=45d331deb05471d659dba933e7400df51d952bb103da6f6125c0e769a6be1d65610456a479f495ceeee7e97311cf227d7c1bb198de0ceeb193d8cddf9c455c19a409cc35c3e3f542ee27bd7cecd3";
+            }
+            {
+              name = "Hyprland Wiki";
+              url = "https://wiki.hypr.land";
+            }
+            {
+              name = "Search NixOS";
+              url = "https://mynixos.com";
+            }
+            {
+              name = "Nixpkgs";
+              url = "https://github.com/NixOS/nixpkgs";
+            }
+            {
+              name = "Claude";
+              url = "https://claude.ai";
+            }
+            {
+              name = "Gemini";
+              url = "https://gemini.google.com";
+            }
+            {
+              name = "Medium";
+              url = "https://medium.com";
+            }
+          ];
+        }
+        {
+          name = "Infosec";
+          bookmarks = [
+            {
+              name = "Nix 4 Cyber";
+              url = "https://n4c.hadi.icu";
+            }
+            {
+              name = "Cyberchef";
+              url = "https://cyberchef.hadi.icu";
+            }
+            {
+              name = "TryHackMe";
+              url = "https://tryhackme.com";
+            }
+            {
+              name = "Root-Me";
+              url = "https://root-me.org";
+            }
+            {
+              name = "Exploit-DB";
+              url = "https://exploit-db.com";
+            }
+            {
+              name = "Crack Station";
+              url = "https://crackstation.net";
+            }
+            {
+              name = "Osint Tracker";
+              url = "https://app.osintracker.com";
+            }
+          ];
+        }
+      ];
+    }
+  ];
+}
@@ -0,0 +1,381 @@
+{
+  inputs,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [inputs.zen-browser.homeModules.beta];
+
+  stylix.targets.zen-browser.profileNames = ["default"];
+
+  home.sessionVariables = {
+    MOZ_LEGACY_PROFILES = 1;
+    DEFAULT_BROWSER = "zen-beta";
+    BROWSER = "zen-beta";
+  };
+
+  programs.zen-browser = {
+    enable = true;
+    nativeMessagingHosts = [pkgs.firefoxpwa];
+    policies = import ./policies.nix {inherit lib;};
+    languagePacks = ["en-US" "fr"];
+    profiles = {
+      default = {
+        id = 0;
+        name = "default";
+        isDefault = true;
+        containersForce = true;
+        pinsForce = true;
+        spacesForce = true;
+
+        settings = import ./settings.nix;
+        bookmarks = import ./bookmarks.nix;
+        search = import ./search.nix {inherit pkgs;};
+        spaces = import ./spaces.nix;
+        keyboardShortcuts = [
+          # Remaps
+          {
+            id = "focusURLBar";
+            key = " ";
+            modifiers.control = true;
+          }
+          {
+            id = "key_newNavigator";
+            key = "n";
+            modifiers.accel = true;
+          }
+          {
+            id = "viewBookmarksToolbarKb";
+            key = "b";
+            modifiers = {
+              accel = true;
+              shift = true;
+            };
+          }
+          {
+            id = "key_findAgain";
+            disabled = true;
+          }
+          {
+            id = "key_findPrevious";
+            disabled = true;
+          }
+          {
+            id = "key_privatebrowsing";
+            key = "n";
+            modifiers = {
+              accel = true;
+              shift = true;
+            };
+          }
+          {
+            id = "key_gotoHistory";
+            key = "h";
+            modifiers = {
+              accel = true;
+              shift = true;
+            };
+          }
+          {
+            id = "goBackKb";
+            key = "h";
+            modifiers.accel = true;
+          }
+          {
+            id = "goForwardKb";
+            key = "l";
+            modifiers.accel = true;
+          }
+
+          # Disabled shortcuts
+          {
+            id = "printKb";
+            disabled = true;
+          }
+          {
+            id = "zen-close-all-unpinned-tabs";
+            disabled = true;
+          }
+          {
+            id = "zen-new-empty-split-view";
+            disabled = true;
+          }
+          {
+            id = "zen-split-view-unsplit";
+            disabled = true;
+          }
+          {
+            id = "zen-split-view-horizontal";
+            disabled = true;
+          }
+          {
+            id = "zen-split-view-vertical";
+            disabled = true;
+          }
+          {
+            id = "zen-split-view-grid";
+            disabled = true;
+          }
+          {
+            id = "zen-glance-expand";
+            disabled = true;
+          }
+          {
+            id = "zen-toggle-pin-tab";
+            disabled = true;
+          }
+          {
+            id = "zen-toggle-sidebar";
+            disabled = true;
+          }
+          {
+            id = "zen-new-unsynced-window";
+            disabled = true;
+          }
+          {
+            id = "key_closeWindow";
+            disabled = true;
+          }
+          {
+            id = "key_quitApplication";
+            disabled = true;
+          }
+          {
+            id = "key_search";
+            disabled = true;
+          }
+          {
+            id = "key_search2";
+            disabled = true;
+          }
+          {
+            id = "focusURLBar2";
+            disabled = true;
+          }
+          {
+            id = "key_savePage";
+            disabled = true;
+          }
+          {
+            id = "key_togglePictureInPicture";
+            disabled = true;
+          }
+          {
+            id = "showAllHistoryKb";
+            disabled = true;
+          }
+          {
+            id = "addBookmarkAsKb";
+            disabled = true;
+          }
+          {
+            id = "manBookmarkKb";
+            disabled = true;
+          }
+          {
+            id = "viewBookmarksSidebarKb";
+            key = "b";
+            modifiers = {
+              accel = true;
+            };
+          }
+          {
+            id = "key_toggleMute";
+            disabled = true;
+          }
+          {
+            id = "key_switchTextDirection";
+            disabled = true;
+          }
+          {
+            id = "key_screenshot";
+            disabled = true;
+          }
+          {
+            id = "key_viewInfo";
+            disabled = true;
+          }
+          {
+            id = "key_toggleToolbox";
+            disabled = true;
+          }
+          {
+            id = "key_browserToolbox";
+            disabled = true;
+          }
+          {
+            id = "key_browserConsole";
+            disabled = true;
+          }
+          {
+            id = "key_responsiveDesignMode";
+            disabled = true;
+          }
+          {
+            id = "key_inspector";
+            disabled = true;
+          }
+          {
+            id = "key_webconsole";
+            disabled = true;
+          }
+          {
+            id = "key_jsdebugger";
+            disabled = true;
+          }
+          {
+            id = "key_netmonitor";
+            disabled = true;
+          }
+          {
+            id = "key_styleeditor";
+            disabled = true;
+          }
+          {
+            id = "key_performance";
+            disabled = true;
+          }
+          {
+            id = "key_storage";
+            disabled = true;
+          }
+          {
+            id = "key_dom";
+            disabled = true;
+          }
+          {
+            id = "key_accessibility";
+            disabled = true;
+          }
+          {
+            id = "key_openDownloads";
+            disabled = true;
+          }
+          {
+            id = "key_openAddons";
+            disabled = true;
+          }
+          {
+            id = "key_reload";
+            disabled = true;
+          }
+          {
+            id = "key_reload2";
+            disabled = true;
+          }
+          {
+            id = "key_reload_skip_cache";
+            disabled = true;
+          }
+          {
+            id = "key_reload_skip_cache2";
+            disabled = true;
+          }
+          {
+            id = "key_enterFullScreen";
+            disabled = true;
+          }
+          {
+            id = "key_exitFullScreen";
+            disabled = true;
+          }
+          {
+            id = "key_aboutProcesses";
+            disabled = true;
+          }
+          {
+            id = "viewGenaiChatSidebarKb";
+            disabled = true;
+          }
+          {
+            id = "toggleSidebarKb";
+            disabled = true;
+          }
+          {
+            id = "key_showAllTabs";
+            disabled = true;
+          }
+          {
+            id = "key_sanitize";
+            disabled = true;
+          }
+          {
+            id = "key_wrCaptureCmd";
+            disabled = true;
+          }
+          {
+            id = "key_wrToggleCaptureSequenceCmd";
+            disabled = true;
+          }
+          {
+            id = "goHome";
+            disabled = true;
+          }
+          {
+            id = "goBackKb2";
+            disabled = true;
+          }
+          {
+            id = "goForwardKb2";
+            disabled = true;
+          }
+        ];
+        extraConfig = ''
+          // BETTERFOX
+          // ${builtins.readFile "${inputs.betterfox}/user.js"} // The way we do it here, importing the others separately is better
+          ${builtins.readFile "${inputs.betterfox}/Fastfox.js"}
+          ${builtins.readFile "${inputs.betterfox}/Securefox.js"}
+          ${builtins.readFile "${inputs.betterfox}/Peskyfox.js"}
+
+          /****************************************************************************
+           * START: MY OVERRIDES                                                      *
+          ****************************************************************************/
+          // Visit https://github.com/yokoffing/Betterfox/wiki/Common-Overrides
+          // Visit https://github.com/yokoffing/Betterfox/wiki/Optional-Hardening
+          // Enter your personal overrides below this line:
+
+          // Common Overrides
+          user_pref("browser.contentblocking.features.strict", "tp,tpPrivate,cookieBehavior5,cookieBehaviorPBM5,cm,fp,stp,emailTP,emailTPPrivate,-lvl2,rp,rpTop,ocsp,qps,qpsPBM,fpp,fppPrivate,3pcd,btp"); // https://github.com/yokoffing/Betterfox/wiki/Common-Overrides#example
+          user_pref("permissions.default.geo", 0); // https://github.com/yokoffing/Betterfox/wiki/Common-Overrides#location-requests
+          user_pref("permissions.default.desktop-notification", 0); // https://github.com/yokoffing/Betterfox/wiki/Common-Overrides#site-notifications
+          user_pref("browser.ml.linkPreview.enabled", true); // https://github.com/yokoffing/Betterfox/wiki/Common-Overrides#ai-features
+
+          // Optional Hardening
+          // Below 2 - https://github.com/yokoffing/Betterfox/wiki/Optional-Hardening#firefox-sync--view
+          user_pref("identity.fxaccounts.enabled", false); // PREF: disable Firefox Sync
+          user_pref("browser.firefox-view.feature-tour", "{\"screen\":\"\",\"complete\":true}"); // PREF: disable the Firefox View tour from popping up
+          // Below 3 - https://github.com/yokoffing/Betterfox/wiki/Optional-Hardening#password-credit-card-and-address-management
+          user_pref("signon.rememberSignons", false); // PREF: disable login manager
+          user_pref("extensions.formautofill.addresses.enabled", false); // PREF: disable address and credit card manager
+          user_pref("extensions.formautofill.creditCards.enabled", false); // PREF: disable address and credit card manager
+          // TODO - Future? https://github.com/yokoffing/Betterfox/wiki/Optional-Hardening#secure-dns
+          // Below 3 - https://github.com/yokoffing/Betterfox/wiki/Optional-Hardening#downloads
+          user_pref("browser.download.useDownloadDir", true); // PREF: use default download directory
+          user_pref("browser.download.always_ask_before_handling_new_types", false); // PREF: ask whether to open or save new file types
+          user_pref("extensions.postDownloadThirdPartyPrompt", false); // PREF: display the installation prompt for all extensions
+          // Below 1 - https://github.com/yokoffing/Betterfox/wiki/Optional-Hardening#public-key-pinning
+          user_pref("security.cert_pinning.enforcement_level", 2); // PREF: enforce certificate pinning, [ERROR] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE, 1 = allow user MiTM (such as your antivirus) (default), 2 = strict
+
+          /****************************************************************************
+           * SECTION: SMOOTHFOX                                                       *
+          ****************************************************************************/
+          // Visit https://github.com/yokoffing/Betterfox/blob/main/Smoothfox.js
+          // Enter your scrolling overrides below this line:
+          // Section taken from https://github.com/yokoffing/Betterfox/blob/eee6e58b2b0ee10a59efb6586a5db07ae181d8c7/Smoothfox.js#L28
+          // Advice at https://github.com/yokoffing/Betterfox/wiki/Common-Overrides#scrolling
+
+          /****************************************************************************************
+           * OPTION: INSTANT SCROLLING (SIMPLE ADJUSTMENT)                                       *
+          ****************************************************************************************/
+          // Recommended for 60hz+ displays
+          user_pref("apz.overscroll.enabled", true); // DEFAULT NON-LINUX
+          user_pref("general.smoothScroll", true); // DEFAULT
+          user_pref("mousewheel.default.delta_multiplier_y", 275); // 250-400; adjust this number to your liking
+          // Firefox Nightly only:
+          // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1846935
+          // user_pref("general.smoothScroll.msdPhysics.enabled", false); // [FF122+ Nightly]
+        '';
+      };
+    };
+  };
+}
@@ -0,0 +1,44 @@
+{...}: {
+  ExtensionSettings = {
+    "*" = {
+      blocked_install_message = "The addon you are trying to install is not added in the Nix config";
+      installation_mode = "blocked";
+    };
+    "adnauseam@rednoise.org" = {
+      private_browsing = true;
+      installation_mode = "force_installed";
+      install_url = "https://addons.mozilla.org/firefox/downloads/latest/adnauseam/latest.xpi";
+    };
+    "78272b6fa58f4a1abaac99321d503a20@proton.me" = {
+      private_browsing = true;
+      default_area = "navbar";
+      installation_mode = "force_installed";
+      install_url = "https://addons.mozilla.org/firefox/downloads/latest/proton-pass/latest.xpi";
+    };
+    "{d7742d87-e61d-4b78-b8a1-b469842139fa}" = {
+      private_browsing = true;
+      installation_mode = "force_installed";
+      install_url = "https://addons.mozilla.org/firefox/downloads/latest/vimium-ff/latest.xpi";
+    };
+    "jid1-MnnxcxisBPnSXQ@jetpack" = {
+      private_browsing = true;
+      installation_mode = "force_installed";
+      install_url = "https://addons.mozilla.org/firefox/downloads/latest/privacy-badger17/latest.xpi";
+    };
+    # View Xpi Id's in Firefox Extension Store
+    "queryamoid@kaply.com" = {
+      private_browsing = true;
+      installation_mode = "force_installed";
+      install_url = "https://github.com/mkaply/queryamoid/releases/download/v0.2/query_amo_addon_id-0.2-fx.xpi";
+    };
+  };
+  "3rdparty".Extensions = {
+    "adnauseam@rednoise.org" = {
+      enabled = true;
+      firstInstall = false;
+      hidingAds = true;
+      clickingAds = true;
+      blockingMalware = true;
+    };
+  };
+}
@@ -0,0 +1,162 @@
+{pkgs, ...}: {
+  force = true;
+  default = "Startpage";
+  privateDefault = "Startpage";
+  order = [
+    "Startpage"
+    "Gooogle"
+    "Gooogle (Web)"
+    "NixOS Packages"
+    "NixOS Options"
+    "NixOS Wiki"
+    "Home Manager"
+    "My NixOS"
+    "Noogle"
+    "ChatGPT"
+    "Claude"
+    "Gemini"
+    "Yandex"
+    "Google Maps"
+  ];
+  engines = let
+    nix-icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+    google-icon = "https://www.gstatic.com/images/branding/searchlogo/ico/favicon.ico";
+  in {
+    "Gooogle" = {
+      urls = [
+        {
+          template = "https://www.google.com/search?num=50&q={searchTerms}";
+        }
+      ];
+      icon = google-icon;
+      definedAliases = ["@gs" "@google"];
+    };
+    "Gooogle (Web)" = {
+      urls = [
+        {
+          template = "https://www.google.com/search?num=50&udm=14&q={searchTerms}";
+        }
+      ];
+      icon = google-icon;
+      definedAliases = ["@gw" "@googleweb"];
+    };
+    "Startpage" = {
+      urls = [
+        {
+          template = "https://www.startpage.com/sp/search?query={searchTerms}";
+        }
+      ];
+      icon = "https://www.startpage.com/sp/cdn/favicons/favicon-gradient.ico";
+      definedAliases = ["@sp"];
+      updateInterval = 24 * 60 * 60 * 1000;
+    };
+    "NixOS Packages" = {
+      urls = [
+        {
+          template = "https://search.nixos.org/packages";
+          params = [
+            {
+              name = "type";
+              value = "packages";
+            }
+            {
+              name = "query";
+              value = "{searchTerms}";
+            }
+          ];
+        }
+      ];
+      icon = nix-icon;
+      definedAliases = [
+        "@np"
+        "@nixpkgs"
+      ];
+    };
+    "NixOS Options" = {
+      urls = [
+        {
+          template = "https://search.nixos.org/options";
+          params = [
+            {
+              name = "type";
+              value = "packages";
+            }
+            {
+              name = "query";
+              value = "{searchTerms}";
+            }
+          ];
+        }
+      ];
+      icon = nix-icon;
+      definedAliases = [
+        "@no"
+        "@nixopts"
+      ];
+    };
+    "NixOS Wiki" = {
+      urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}];
+      icon = nix-icon;
+      updateInterval = 24 * 60 * 60 * 1000; # every day
+      definedAliases = ["@nw"];
+    };
+    "Home Manager" = {
+      urls = [{template = "https://home-manager-options.extranix.com/?query={searchTerms}";}];
+      icon = nix-icon;
+      definedAliases = [
+        "@hm"
+        "@home"
+        "'homeman"
+      ];
+    };
+    "My NixOS" = {
+      urls = [{template = "https://mynixos.com/search?q={searchTerms}";}];
+      icon = nix-icon;
+      definedAliases = [
+        "@n"
+        "@nx"
+        "@mynixos"
+      ];
+    };
+    "ChatGPT" = {
+      urls = [
+        {template = "https://chat.openai.com/?q={searchTerms}";}
+      ];
+      icon = "https://chatgpt.com/cdn/assets/favicon-eex17e9e.ico";
+      definedAliases = ["@cg" "@chatgpt"];
+    };
+    "Claude" = {
+      urls = [
+        {template = "https://claude.ai/new?q={searchTerms}";}
+      ];
+      icon = "https://claude.ai/favicon.ico";
+      definedAliases = ["@claude" "@cl"];
+    };
+    "Gemini" = {
+      urls = [
+        {template = "https://gemini.google.com/app?q={searchTerms}";}
+      ];
+      icon = "https://www.gstatic.com/lamda/images/gemini_favicon_f069958c85030456e93de685481c559f160ea06.svg";
+      definedAliases = ["@gemini" "@gm"];
+    };
+    "Yandex" = {
+      urls = [
+        {template = "https://yandex.com/search/?text={searchTerms}";}
+      ];
+      icon = "https://yandex.com/favicon.ico";
+      definedAliases = ["@yandex" "@ya"];
+    };
+    "Google Maps" = {
+      urls = [
+        {template = "https://www.google.com/maps/search/{searchTerms}";}
+      ];
+      icon = "https://www.google.com/images/branding/product/ico/maps15_bnuw3a_32dp.ico";
+      definedAliases = ["@maps" "@gmaps"];
+    };
+    "bing".metaData.hidden = true;
+    "ddg".metaData.hidden = true;
+    "ebay".metaData.hidden = true;
+    "google".metaData.hidden = true;
+    "Perplexity".metaData.hidden = true;
+  };
+}
@@ -0,0 +1,65 @@
+let
+  lock-false = {
+    Value = false;
+    Status = "locked";
+  };
+  lock-true = {
+    Value = true;
+    Status = "locked";
+  };
+in {
+  # NO LONGER NEEDED WITH https://zen-browser.app/mods/e122b5d9-d385-4bf8-9971-e137809097d0/?page=3 YAY!
+  "browser.newtabpage.activity-stream.feeds.system.topsites" = true;
+  "browser.newtabpage.activity-stream.feeds.system.topstories" = true;
+
+  "browser.aboutwelcome.enabled" = false;
+  "browser.ctrlTab.sortByRecentlyUsed" = false;
+  "browser.startup.page" = 1;
+  "browser.startup.firstrunSkipsHomepage" = true;
+  "browser.startup.homepage_override.mstone" = "ignore";
+  "trailhead.firstrun.didSeeAboutWelcome" = true;
+
+  # Do not tell what plugins we have enabled: https://mail.mozilla.org/pipermail/firefox-dev/2013-November/001186.html
+  "plugins.enumerable_names" = "";
+  "plugin.state.flash" = 0;
+  "browser.search.update" = false;
+  "extensions.getAddons.cache.enabled" = lock-false;
+  "extensions.ui.sitepermission.hidden" = lock-true;
+  "extensions.ui.locale.hidden" = lock-true;
+
+  "layout.css.devPixelsPerPx" = -1;
+  # "zen.theme.accent-color" = "#ffb787";
+  "zen.theme.acrylic-elements" = false;
+  "zen.theme.border-radius" = 8;
+  "zen.theme.content-element-separation" = 0;
+  "zen.theme.dark-mode-bias" = 0.3;
+  # "zen.theme.disable-lightweight" = true; Depracated https://github.com/zen-browser/desktop/issues/9522#issuecomment-3089206722
+  "zen.theme.essentials-favicon-bg" = true;
+  "zen.theme.gradient" = true;
+  "zen.theme.gradient.show-custom-colors" = false;
+  "zen.theme.hide-tab-throbber" = true;
+  "zen.theme.show-custom-colors" = true;
+  "zen.theme.styled-status-panel" = false;
+  "zen.theme.use-sysyem-colors" = false;
+  "zen.theme.use-system-colors" = false;
+
+  "zen.urlbar.behavior" = "normal";
+  "zen.urlbar.replace-newtab" = true;
+
+  "zen.view.compact.enable-at-startup" = false;
+  "zen.view.compact.hide-tabbar" = true;
+  "zen.view.compact.hide-toolbar" = true;
+  "zen.view.experimental-no-window-controls" = true;
+  "zen.view.sidebar-expanded" = false;
+  "zen.view.use-single-toolbar" = true;
+
+  "zen.glance.enabled" = false;
+  "zen.tabs.show-newtab-vertical" = false;
+
+  "privacy.userContext.enabled" = false;
+  "privacy.userContext.ui.enabled" = false;
+
+  "zen.watermark.enabled" = false;
+  "zen.welcome-screen.seen" = lock-true;
+  "zen.widget.linux.transparency" = false; # Disable transparent sidebar
+}
@@ -0,0 +1,13 @@
+{
+  Home = {
+    id = "1f8a6f7c-3b59-4d65-9c1f-0a3e9a6f1b01";
+    icon = "🏠";
+    position = 1000;
+  };
+
+  Infosec = {
+    id = "2b9d4c41-6a8e-4c9b-9a44-6d1c7f2e8b02";
+    icon = "🔒";
+    position = 2000;
+  };
+}
@@ -66,59 +66,59 @@ in {
            }
            {
              key = "b";
-              desc = "Brave";
-              cmd = "${pkgs.brave}/bin/brave";
+              desc = "Zen Browser";
+              cmd = "zen-beta";
            }
            {
              key = "i";
-              desc = "Brave (Private window)";
-              cmd = "${pkgs.brave}/bin/brave --incognito";
+              desc = "Zen Browser (Private window)";
+              cmd = "zen-beta --private-window";
            }
          ]))

        # Web links
-        "$mod,B, exec,  uwsm app -- ${pkgs.brave}/bin/brave" # Browser (Brave)
+        "$mod,B, exec,  uwsm app -- zen-beta" # Browser (Zen)
        ("$shiftMod, B, exec, "
          + lib.getExe (mkMenu [
            {
              key = "h";
              desc = "Home";
-              cmd = "${pkgs.brave}/bin/brave 'https://home.hadi.icu'";
+              cmd = "zen-beta 'https://home.hadi.icu'";
            }
            {
              key = "m";
              desc = "Proton Mail";
-              cmd = "${pkgs.brave}/bin/brave 'https://mail.proton.me/u/2/inbox'";
+              cmd = "zen-beta 'https://mail.proton.me/u/2/inbox'";
            }
            {
              key = "c";
              desc = "Proton Calendar";
-              cmd = "${pkgs.brave}/bin/brave 'https://calendar.proton.me/u/2'";
+              cmd = "zen-beta 'https://calendar.proton.me/u/2'";
            }
            {
              key = "l";
              desc = "Proton Lumo";
-              cmd = "${pkgs.brave}/bin/brave 'https://lumo.proton.me/u/2'";
+              cmd = "zen-beta 'https://lumo.proton.me/u/2'";
            }
            {
              key = "d";
              desc = "Proton Drive";
-              cmd = "${pkgs.brave}/bin/brave 'https://drive.proton.me/u/2/'";
+              cmd = "zen-beta 'https://drive.proton.me/u/2/'";
            }
            {
              key = "G";
              desc = "Google Gemini";
-              cmd = "${pkgs.brave}/bin/brave 'https://gemini.google.com/'";
+              cmd = "zen-beta 'https://gemini.google.com/'";
            }
            {
              key = "g";
              desc = "Github";
-              cmd = "${pkgs.brave}/bin/brave 'https://github.com/'";
+              cmd = "zen-beta 'https://github.com/'";
            }
            {
              key = "n";
              desc = "MyNixos";
-              cmd = "${pkgs.brave}/bin/brave 'https://mynixos.com/'";
+              cmd = "zen-beta 'https://mynixos.com/'";
            }
          ]))

@@ -139,9 +139,9 @@ in {

      windowrule = [
        "match:class .*, suppress_event maximize"
-        "match:class brave-browser, suppress_event float"
+        "match:class zen-beta, suppress_event float"

-        "match:class brave-browser, sync_fullscreen 0"
+        "match:class zen-beta, sync_fullscreen 0"

        "match:class proton-authenticator, float on"
        "match:class proton-authenticator, center on"
@@ -7,7 +7,7 @@
 with lib; let
  defaultApps = {
    # check desktop files here: `ls $(echo $XDG_DATA_DIRS| sed "s/:/ /g")`
-    browser = ["brave.desktop"];
+    browser = ["zen-beta.desktop"];
    text = [
      # "org.gnome.TextEditor.desktop"
      "nvim-ghostty.desktop"
@@ -23,6 +23,7 @@
    ../../home/programs/nightshift
    ../../home/programs/group/cybersecurity.nix
    ../../home/programs/nix-utils
+    ../../home/programs/zen

    # System (Desktop environment like stuff)
    ../../home/system/hyprland
@@ -1,5 +1,5 @@
 pia: ENC[AES256_GCM,data:0bnhHeVqKSLHVimd78a94ShHlO3+LUoZ4oiKD3cnBYkaZsw=,iv:S+/IChlFlqdI+PyFF+Ti4AJUkch2MS0qKiqHL1Q3RMk=,tag:+v2kV70ou84eIc01dKnAhA==,type:str]
-sshconfig: ENC[AES256_GCM,data:+r4RpeGsAGjgwsWMgwQmZnSxwoPLGDQG0hgasm1/xGMA655Q6tLGDOvTD4ypZ6d5TI67cWENJHr1pORzHVdZYB/uS/S7Ejp3VaVEZDRuLtKuq+2mDnp87HH8caE3jmijWSJis+1GM8lgxdyX8sDMz6b/zu76SrZlusf+kMFwQA7svxlA1iHP/wBAN8CFu2XOaGrjXT/Ydwd9GNAXA3VHLf6r9yEzcT1y944/eKGAQdlDFIVEe/bhv5Qxul1AH8TJT/ERMuYdS/OpbqnRLyZHHkREr8y1TllTWdMnGz2sRB7QnZ99ULpyR/h2Qc4XdCiC+qYn0yinXsnPO+NW7ulFn+5lNoyekDveI5pmsv021rnOtJU1SnlEm9xx3dafVdmLpFy6Y8xeJFUeF+nbU3Oc6IHMKHQZoL1ucCsF9qNO38bnyTwVX+wO9g16fcNzR2EfjDCGHj7O8YxdAVzPWvbExKk+2iamkzXrI/P/BdAvy/+QagstPoMz4TxZvw1ir7gd5emk13+t9Cy2vrutbxbouXOAuXKA2021WP7V+aDrwsY1jSGO6oiBFYBwe3wCZ2rPM3+oHxrnyzohhxGRgwN0td//,iv:Wln9pc4ptH7aN2VnBRgO12fKDZiITkIjOJseUW1MZPQ=,tag:BNrMyiDsbu72A9ljdQd3Wg==,type:str]
+sshconfig: ENC[AES256_GCM,data:PFhI+ZZrxHiLjzRSFByo0OU2KcMiMYbjH2AziP1/Lvv+2ZtXKEmVbgRlxyfGlDwSPde0qxvkdgUWDALRGjC9Ew6nXftJiXPq+MM8AAxw2w5arlY+xR7A3YL0tz/zq91HKx00zJiZH4q80Q/DREL5pGaCUujUtP+FbRXwOl3NsugYcMWhV7ZmehzPcBingyZN2EI3zvwgW7KOrUQkjRItGjiENGjmn3CxnfkoBzXntFiDtu/QKxedH2yMj1+JerXyVWDMeo0r7SoQ4/qphYlaiq+gwiVEcvv3zpcVrWgAO9pzqfCCsNlaPNbXaYxwTNBzvCOvbDeo8ISGshHBXTRD4c3y4TBXkqpqEJXYiEu8sfFFaZ4N6v889h8DEfPygeoRM+k15XD3yytZLT01yn3LWTbI+GSSgjodF1y9kDnxcW9xyYOU5F22QeZV0ibmJDhY0F2Lar788RjQbjI4LrZmIncmJLeG9uYESWzL0w97lExGo8ft8B5jKARLxfPkvEZR4lM16MSsT2x91YLlSN/KukmQeUuGlTWKODtQgjdruFeykahM0jOa0jkCGTk6g/mI8rDLGNEG5FPbZCb6GqDCOEXnkYM4iIAKUifMBDtUBlX3iXcEAwOm,iv:OQGGUH1VbxWl6wsYDbOBZRg7n6+QfAuE9o72423EFpA=,tag:m6kyOfE80sDLu9uRm+hMOQ==,type:str]
 netrc: ENC[AES256_GCM,data:cTaDDI8b9QbUI3zKzraF2R6v1/x+6h8KEQJbqIgdfKnpvIvg816eFhcMqn4rart4Adtayt0GQOYheR0Q9DfR+TtbL0ne/drdlAABOQxc6PUJdLo+O5kx4f5QJbJ4,iv:aZ+nt9qcmIRWyOhq3HfIU3qYHFnf8EjXOp0c0vQ2fQc=,tag:H6ncweCaKMDxq9VHt51qlw==,type:str]
 github-key: ENC[AES256_GCM,data:xUgFMlBo8e+3eXqNscxbby1dWug3SgUagDiNUe/IGVbU6cczkaJ3uOaB0OuRBQ8AYhOLkzXj0pIKjUrElHwmYrhURtS1aF4SFEGJsjhhobNA//j3E2/5/nLVjfco+lRzyHdwmsNhEUCqEhsXrrodJMb39H4b5oip3z0rjc729YveiWUKQxXVZVPurp3nq9yNnix9R4CA6XYFRW6T6MNqgPD5qhbcDlhxLb/SN+uI5h+5eZIS24VDWlKaTaCLL5KLhZmfuA37SquOQ+edi9Yg8MnfrZkMrp/3qmAjP2rSQLMOc4QdQCLQBQSf0/snpydgLwY+FoJmMSztwtkqUdIZWOfDUJbJxegEOrAR68jLTNbp+GYiDn3thtOZDiK5p/M1amjCT+A9qeFMed5WS+aZHNTRbR9UcfiP6+48MGZFt1mr7q+/CoL04/DTp0w6tUf6/SZD31NvTJDqngkhpc0ZH9Dh5+2JcnBWpq25AM36kZTn1hIQCLNTr/oGWZXSLA2tksAhQCaUcFj4IIh6Bl96,iv:GEJsAs5NriwENYTV/VShgJF6iMmrtTwNiXOvfXyEP8E=,tag:nfZgsFqaet075GjQAoVZxQ==,type:str]
 gitlab-key: ENC[AES256_GCM,data:4t25oBtu2oMmVdBnLkRMSXCICbDRiEfFBpZuKiBDskTeOH1JvwKELZ1E2I/sSIjZLn0MRi3o+2DyhkNVZYWqctQAUzBsSxKHMlcoRfvspKnLHd+kDFXkr+ltfJenpu81bK3tKP+VB5kZWmhj4bwEH1tR4BTlDU8nvsAq/l0aR/aGeDFfBtN8GyDwlXt9hta1XRv3X8sefb14wdsgn3CmTAmMSUUK7FePbCR4YwA9L+tVzRoeqw1VdrnXL5X/qX6jARH2G/J7Cqpwl8BhE8Oe/b5HqtJxplu3n1W8fOCpTOCTRV0V3k8UXF1doHwNbUurb1ATKiiq7c/BYqb8nZCodF5upGcFSGx6b3UZuLw28c5QwsdJFMaE3GJLCe3yIFnArVoGlOMdBFpWcmCXCc0WSdS0bOGTaFsmeu71SJ436wDZdcfFHNqaxZ2ex8Pvx8bhs0ORCUiZgFFNIFTDrUP/Hvgn6JdBg0u4srU1imjLorGR5OQ/YTgzAoXUlxwMHb3ssMMc6XApHmftwfQTHmPJvT48VwKsQ+HZNAXz4fFgl6ynmkQzCacD5XtBoPs176igzdcg0uSeGTf60PAfKURLDHNUPY+tcy7sjFwAenl0837/rLgacVCzTTmErFZAwcjLIBrcz3b4o9frqwdKataKtLI4ux45XqlcjLxP8Lk2MMuTQH89ivZYPhvtTGbyCFslfc9Y+dztkis7iQ7oNijpxgBt/b8YZID+uLYqokJ8bHNiIAZh98FrhhaQ4UguZhg572Nuea9CZWXQTX59Toa5kxRN4ACZi4M0S9W8feBd4Y7RaD8ip3iBpqgW9C9CsskUGijxTbImsNK7gRHHcmt54Hrc++2b9ljQOHeuOLn3PJwi2JihphdELdGh0POpZAknp8kVkM+M1e6IKZkTSWpTSFyPimczh7cVhIplfHnm5627H7CiI2bKgRoQ8SCJsMrPpL9v38Ug79HkA0PrbCtrxTO6UnaAqIKG9UPhTyklBnv6q3DrDa3lM4Z8W+rF194tATyvp6NYhcvOP6iE+rEv66ARuk3WLZYnAut0vvaMR7D5PoD6gcoDodBM9HDCa2g5G4ob67TCi8nRFUzHmN3tHTmASGeFvzMiGVIZEkxUafKuOx4dA1eyQBF689jJhnPA/YLSvYFRKwXg08puK0uTvfh2rF4Kdo6pV0IpUnfUsiG4odocCgdQFQJR4FH+E41kNfNYpdUx2ufOBwumpNNYIrGYuHOvWcHW5nPASO4qIhiTy73FvFWg/m9kpXeTfexbVVK31NXHcSXL0MejpRPI2pkbyW5WPP6GtLffRpFQvVBnGMlN4+2863gka/52Y7K+foNs038+GL5SxD87CmIg4e+m8qOa7QL/urb7sI63DBIFmcTY0kSsmcYitH7EC3ESGlZMZqNX2Xnv74M2wxeZ6ACTXRU//cc8HQ6FcRhsMwVwKhrT+r/rtkfK+T4YYT8OMzFgOtY6TwS7kj8MwSzC14EkvqWuTNVVm6HP1vxP6wFCmM/bGtDoXSfh1BRIQPUPxUPC8Na7R42COTr3tSGikviDs3CA/N5QYEFuxNntiNyPU2PzW/aASDtsfq+q4DGIRy5/w67Z7i5M+CyXl1FwYmgP1+SC17CgL6JoiCVUlmYIMq5n5VZN6dv4rUvEUcQSVz1Eovz6DbpHD7ZNMuKRVdhRvTD+DigZ53RxKIfFSlaE8Rhy4VxKDSGJymlYutGvcEOLoYWkPDNUJXb583gq227/GGeRvH1mYYVagNjw3wFhphlrNPO6AC6+sb7C596vlqRGqymPn491bUlVJAcQxTetT/yd0z0eLd9Cd1HWj4RnMgCoqGxgILxEer3YjnPRgnwYG5of8kfo3g6TKxpBeIDk4LVypP4fPMrNwyGtBHCjMmRdqMUsSnLQj0csWfBbjEp5ymeRCGcOKWTgeLFbugw3q+noARrqNNnXjA5aWJl5L13gZJ0QUsYUQhXrY0000WPWDbhNLoT7aRxAQ2HHzoj6pIFOVDT6XUTEw1/TUOuyAFk3URrzi+xOSeCJt5Gb1ggeYzQAwCV05opPq8ZVD+8wpxpb9tTDVN0HTmsbwWdpNKtrDsZCmpgAu6dg2V3MIXsPLp3HsAb7fcjj2MGc1T0BR3Ji01xqLuprafXsqnwgkez2D45NUJbAa4PftevAjDLCvzTpS75yaC66RNE20vNruxG2u5zo9eiOBXRQfrEmqua4t/ApnWjYRfKxEkvHvf9zSOel5UYzFN/5Dq2XVs5t0JRp4Q1x8uLZK803Vsy++RdEtw33JbosAjJECSCs3WFNtsCNDetAhQYPH6G8SVj1q/jZWmp/tk/cbYXLSg76Aej3Rni0Uwd7Q8IOISQ598TJw8mqhUdpfz0wRj/8m0d3deTmY3KOOqzaDu+W0weWc9WV4DIzbhUQUh44IjIdCDurB6hveqvWXMgKTS8RHpAB1T1ZSD5eWsG4ZN6FxeO1kNJVKWzt1MwzcDIkdLI+fWLJMUz8/KNAXqlL6772qYM5rK4imC6LLP4xl6faoyPAcyK+eHiVkEgPDXp5f+8LO9bsw8A1hs8orv1ywZf5CeeR9IfCxFDtSMmR/Xnu6LU+Ih5SpHi3DONCtCT5WDQ9hmZg9UQK7KECSbaWKQKVh3aYbKWfpy7SGfeKS7NIALpS1+eTmmWEP5H0kuNYJZ/hi4EosWX52wXSySMQ2S4y+qsK+6yn2lnw+CB+HxuX9Zr1r0QbIqmKOOKMwMY229WAN/C9CaxvlFFpkNJ0PPZgm7LVIoIExq5eDzeYBn5lKzQb7W3webOMtRtP22u0ynRVh23996lIQ0XSII/3YyR/5GtP5lfP6SNWVC9/8j3QLDJNYHuEJwI/4K3CdxaFhdhwryflRpH5pyvvicuFPyNS05AFXhTzyaJFiY7kiscxm5SmZv+DvH71ij/hmWSJqZPM9V2aPf1wtwZiLiBztEEcQoKlaEBdcn7roYv8aHWowq9zzvSYcOX0PWsvkrdWQ7crh2tMBrwCQ0CPKwayqGfzS1+7ZyhwSXuTBd53bqax4z46vaZWtQ0rD3sFugcD6U+EFMZ6SvryTBp+uj7O5usoiQELG1AVWXc9dLS1c8ZiMjSYXpjFyl2v564xvC4DniAIpBoaq7mFMyz9B2uCTC4szYylmFfsj7HPpN6N3nOQ8NduQxo7QZoDgB0D+I7CAZq38YEFDWy8ZzdMoJb8E+Sa9GCKyX38mVTtbnLnHdoVwnie9JBwJ3QyqiupDYmdy/byCI7weMKInASHdVGbkHvpycbzVdQ8PxVTqBmdPuEe0gVmfFwyDb+lmGji7A9aC3w9J5KBfnC+qoFeRJZ2eGpGuJVn0RfywpTedK9E3r2Vlfp/zxVcjCg+hOptBuyd+KUAEgsj/HSpmKOMlZ7ooGsqqTW23IpOImx5Q7BOMK885k/3Uew1b8iEkJxvb/V6/MlO2Kx3PZZkES/9Yv4XMtVMhM1fy4vJGSU8NtW9bc6VsRqt7zeLqTm2d6N+iDQaM05USUhDHYlMz4YAwTU5ykfgtBkXa8WGW/O8GWzqWVDwRekgJKjMNy9B1BkGFSagFn0iyf+cJtlucmbaxTQpPO15gOAUyXhHUTNT6RG+ywaqM/UMDBTYwZdDSkCFG05QvAVTLC3hSw/DCCm4IkGmVHNq2vTxzOoFUv9HqFatEhQxBke7D7UC+vj2tVbweVTfiagImx3UioNYvcXXTStiUy8mm+NoHmeo0QvYCS6+9W6wFtMHAL7i50WoTuCLIP4AudKY+EHv7U7V8nISPnar526Vjtz4W3Y0XbWXUqrs9orudVsu3r5fMgAZoI85JRWwC/vU8MCK3v96GuUN0WCMv3xXQE8EbwW+IDmbD7hoAc8EnBCXMInLyq6dgVbSAgefVibyrw+XHr2ph2ydgxuBWFGs0KlfLU6hh4wBcaM70gsUwUXPaI4bRMoMrRRxM5fCHBH9pCD0d+YUB1WPl/P0bJ+vRXlYbJyHTZbJgr7F7VGl5b6U36c3wsKYBXUmOunVCvQ7W3Yjuarf+uctPDUnD7nZKHtfCm/EAaMfZk1k/oqn9jbnuEOH4ZPfjEgz5CfcMLiO+Ej3Mmea6ukujlmFQ2MgyVfy8n1rThe6/NJQIs37GV3ATM+dzNBPKWBNcHv4oxNOg2/UOmtzLrYvIUosUKotw74hayf/ZU4NlTULeMz7JF+U/u+ZJlICdRPHbINeJuuMIFFnF+7/U7YV6cmQS1V28RcgHhrHhX9yUKdfrQjOh7yxqVX6eJOppmQ7sTDKKPD5baDKChdgptzprSrbLlZ44AC5xcW3kpIcEKjat9jIeXYTBOo+gmOxS1BVk/gAH1pJpxKJsibsWAHaRsTRykj1s5hHlY4ESf/gQ2O4R0XJSvrwGw0DeXSkQIcdqt1Sgn0jX8S1eZ/+lDm0JQtWGkP1AEOwmo9uJmfgFZuEe9R4GizXqCmdvWtoSsgcVtoHqz8IJjuBrVeV7nOz,iv:g4X2GC/9+je4qkvUT4UJl40+r/FzFY88XtYkthiwGVY=,tag:XFfEzXJEeKXB/QJt2fT4Qw==,type:str]
@@ -17,7 +17,7 @@ sops:
            cmVxVC8rVDlWMUdZaGw3bmdOaWZGS1EKYahBlc8XpB5UdKZQkvxbLcKQ/xkFJjWo
            FSfQWnjhe/a7BJtJEcKZkjOQU0mYqlSu+uT2RA9diCQeRUJPRF+nAw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-03-30T15:43:41Z"
-    mac: ENC[AES256_GCM,data:fAn9R6YyyWD/WjA38Me0YLdzSzcuclAr4EkKM4De8Hd7sVrhl7FFI+Smoy3QagwljuUwjc9g8U5K6DYQB+Syu0re8ODCQmpzUKyQHsnN7OHHQk5dhrentC4GhTaEXjb+VGnPVGVjlLBo4ulw5faqu5A7iLHwViT0MjpGfq5egqA=,iv:1rP6wrHzjZvZGei4UljSR//6kL/1qzLskAUVCMA+HqI=,tag:QuhLq3ncHRxKyvHPDnH7VA==,type:str]
+    lastmodified: "2026-04-11T10:24:43Z"
+    mac: ENC[AES256_GCM,data:oHH3ZcEeD9biOPzacIahj/YCeIQ7HYbTKlBUyfj3aUU4XldggjiGLV1SHOAv9XJooCpu6r8j013WcAS8hQ3RLoub+yPsuCC8/WImnIUFXrGU45NJos7bWo1R6wvlXUsTe2/hf6PuPinYjUkLJ5nlt0ng9w8/yoo/8WBypwLIboc=,iv:ThudY/LrvbCDXWYjXKCiW65Pj5y3jruKcv921A7ZRzo=,tag:NJP49KEW2aZyCzojVBe5Rg==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.12.2
@@ -6,7 +6,6 @@
    ../../nixos/systemd-boot.nix
    ../../nixos/users.nix
    ../../nixos/utils.nix
-    ../../nixos/docker.nix
    ../../nixos/amd-graphics.nix

    # NixOS server modules
@@ -23,7 +22,7 @@
    ../../server-modules/stirling-pdf.nix
    ../../server-modules/cyberchef.nix
    ../../server-modules/mazanoke.nix
-    ../../server-modules/nginx.nix
+    ../../server-modules/kernel-hardening.nix
    ../../server-modules/fail2ban.nix
    ../../server-modules/default-creds.nix
    ../../server-modules/umami.nix
@@ -6,6 +6,11 @@
 }: let
  autoGarbageCollector = config.var.autoGarbageCollector;
 in {
+  # Ask for password once per SSH session (tied to the tty, expires when session closes)
+  security.sudo.extraConfig = ''
+    Defaults timestamp_type=tty,timestamp_timeout=-1
+  '';
+
  security.sudo.extraRules = [
    {
      users = [config.var.username];
@@ -19,7 +24,7 @@ in {
  ];
  nixpkgs.config = {
    allowUnfree = true;
-    allowBroken = true;
+    allowBroken = false;
  };
  nix = {
    nixPath = ["nixpkgs=${inputs.nixpkgs}"];
@@ -0,0 +1,35 @@
+# Kernel hardening for the server
+{
+  boot.kernel.sysctl = {
+    # Restrict access to kernel logs and pointers
+    "kernel.dmesg_restrict" = 1;
+    "kernel.kptr_restrict" = 2;
+
+    # BPF hardening
+    "net.core.bpf_jit_harden" = 2;
+    "kernel.unprivileged_bpf_disabled" = 1;
+
+    # Reverse path filtering (anti-spoofing)
+    "net.ipv4.conf.all.rp_filter" = 1;
+    "net.ipv4.conf.default.rp_filter" = 1;
+
+    # SYN flood protection
+    "net.ipv4.tcp_syncookies" = 1;
+
+    # Disable IP source routing
+    "net.ipv4.conf.all.accept_source_route" = 0;
+    "net.ipv4.conf.default.accept_source_route" = 0;
+
+    # Ignore ICMP redirects (prevent MITM)
+    "net.ipv4.conf.all.accept_redirects" = 0;
+    "net.ipv4.conf.default.accept_redirects" = 0;
+    "net.ipv4.conf.all.secure_redirects" = 0;
+    "net.ipv6.conf.all.accept_redirects" = 0;
+
+    # Don't send ICMP redirects
+    "net.ipv4.conf.all.send_redirects" = 0;
+
+    # Restrict ptrace to parent processes only
+    "kernel.yama.ptrace_scope" = 1;
+  };
+}
@@ -7,6 +7,13 @@
 #   externalInterface - WAN interface for NAT, required when internet = true
 #   bindMounts        - host paths to mount into the container (see containers.<name>.bindMounts)
 #   config            - NixOS module for the container
+
+let
+  nginxHardening = { config, ... }: lib.mkIf config.services.nginx.enable {
+    services.nginx.serverTokens = false;
+  };
+in
+
 {
  mkContainer =
    {
@@ -29,7 +36,7 @@
        localAddress = containerIp;
        inherit bindMounts;
        config = { ... }: {
-          imports = [ nixosConfig ];
+          imports = [ nixosConfig nginxHardening ];
          networking.nameservers = lib.mkIf internet [ "1.1.1.1" "1.0.0.1" ];
        };
      };
@@ -1,5 +0,0 @@
-{
-  services.nginx = {
-    enable = true;
-  };
-}
@@ -10,6 +10,15 @@ in {
      PermitRootLogin = "no";
      PasswordAuthentication = false;
      AllowUsers = [username];
+      MaxAuthTries = 3;
+      LoginGraceTime = 20;
+      X11Forwarding = false;
+      AllowAgentForwarding = false;
+      AllowTcpForwarding = false;
+      ClientAliveInterval = 300;
+      ClientAliveCountMax = 2;
+      KexAlgorithms = ["curve25519-sha256" "curve25519-sha256@libssh.org"];
+      Ciphers = ["chacha20-poly1305@openssh.com" "aes256-gcm@openssh.com"];
    };
  };
Author	SHA1	Message	Date
Hadi	daaf0d2b27	edit secrets Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-04-11 12:26:35 +02:00
Hadi	5f0d3bff5f	remove pins and change some keybinds Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-04-11 12:22:53 +02:00
Hadi	36ad6aeb57	Change from brave to zen Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-04-11 11:59:04 +02:00
Hadi	2326857f65	hardening Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-04-11 11:27:39 +02:00