firefox: uBlock Origin: ship filter lists statically

2024-05-27 06:54:52 +00:00 · 2024-05-27 06:54:52 +00:00 · f6f1a6e136
commit f6f1a6e136
parent 7941a8b1ed
4 changed files with 105 additions and 18 deletions
--- a/hosts/common/programs/firefox.nix
+++ b/hosts/common/programs/firefox.nix
@ -286,24 +286,26 @@ in
        # env.BROWSER = "${package}/bin/${cfg.browser.libName}";
        env.BROWSER = cfg.browser.libName;  # used by misc tools like xdg-email, as fallback

-        # uBlock filter list configuration.
-        # specifically, enable the GDPR cookie prompt blocker.
-        # data.toOverwrite.filterLists is additive (i.e. it supplements the default filters)
-        # this configuration method is documented here:
-        # - <https://github.com/gorhill/uBlock/issues/2986#issuecomment-364035002>
-        # the specific attribute path is found via scraping ublock code here:
-        # - <https://github.com/gorhill/uBlock/blob/master/src/js/storage.js>
-        # - <https://github.com/gorhill/uBlock/blob/master/assets/assets.json>
-        fs."${cfg.browser.dotDir}/managed-storage/uBlock0@raymondhill.net.json".symlink.text = ''
-          {
-            "name": "uBlock0@raymondhill.net",
-            "description": "ignored",
-            "type": "storage",
-            "data": {
-               "toOverwrite": "{\"filterLists\": [\"fanboy-cookiemonster\"]}"
-            }
-          }
-        '';
+        # uBlock configuration:
+        fs."${cfg.browser.dotDir}/managed-storage/uBlock0@raymondhill.net.json".symlink.target = cfg.addons.ublock-origin.package.makeConfig {
+          filterFiles = let
+            getUasset = n: "${pkgs.uassets}/share/filters/${n}.txt";
+          in [
+            # default ublock filters:
+            (getUasset "ublock-filters")
+            (getUasset "ublock-badware")
+            (getUasset "ublock-privacy")
+            (getUasset "ublock-quick-fixes")
+            (getUasset "ublock-unbreak")
+            (getUasset "easylist")
+            (getUasset "easyprivacy")
+            # (getUasset "urlhaus-1")  #< TODO: i think this is the same as urlhaus-filter-online
+            (getUasset "urlhaus-filter-online")
+            # (getUasset "plowe-0")   #< TODO: where does this come from?
+            # (getUasset "ublock-cookies-adguard")  #< TODO: where does this come from?
+          ];
+        };
+
        # TODO: this is better suited in `extraPrefs` during `wrapFirefox` call
        fs."${cfg.browser.dotDir}/${cfg.browser.libName}.overrides.cfg".symlink.text = ''
          // if we can't query the revocation status of a SSL cert because the issuer is offline,
@ -327,6 +329,8 @@ in
          defaultPref("widget.use-xdg-desktop-portal.open-uri", 1);

          defaultPref("browser.toolbars.bookmarks.visibility", "never");
+          // configure which extensions are visible by default (TODO: requires a lot of trial and error)
+          // defaultPref("browser.uiCustomization.state", ...);

          // auto-open mpv:// URIs without prompting.
          // can do this with other protocols too (e.g. matrix?). see about:config for common handlers.
--- a/pkgs/additional/firefox-extensions/default.nix
+++ b/pkgs/additional/firefox-extensions/default.nix
@ -1,13 +1,16 @@
 { stdenv
 , callPackage
+, concatTextFile
 , fetchurl
 , gnused
 , jq
 , lib
 , newScope
 , nix-update-script
+, runCommandLocal
 , strip-nondeterminism
 , unzip
+, writers
 , writeScript
 , zip
 }:
@ -72,6 +75,9 @@ let
      unwrapped = addon;
      withAttrs = attrs: wrapAddon addon (args // attrs);
      withPostPatch = postPatch: final.passthru.withAttrs { inherit postPatch; };
+      withPassthru = passthru: (wrapAddon addon args).overrideAttrs (base: {
+        passthru = base.passthru // passthru;
+      });
      # given an addon, repackage it without some `perm`ission
      withoutPermission = perm: final.passthru.withPostPatch ''
        for m in manifest.json manifest_v2.json manifest_v3.json; do
@ -191,5 +197,46 @@ in (lib.makeScope newScope (self: with self; {
      substituteInPlace js/*.js \
        --replace 'alreadyInstalled:!1' 'alreadyInstalled:!0'
    '';
+
+    ublock-origin = wrapped.ublock-origin.withPassthru {
+      # `makeConfig` produces a .json file meant to go at
+      # ~/.mozilla/managed-storage/uBlock0@raymondhill.net.json
+      # this is not formally documented anywhere, but is referenced from a few places:
+      # - <https://github.com/gorhill/uBlock/issues/2986#issuecomment-364035002>
+      # - <https://www.reddit.com/r/uBlockOrigin/comments/16bzb11/configuring_ublock_origin_for_nix_users_just_in/>
+      # - <https://www.reddit.com/r/sysadmin/comments/8lwmbo/guide_deploying_ublock_origin_with_preset/>
+      #
+      # a large part of why i do this is to configure the filters statically,
+      # so that they don't have to be fetched on every boot.
+      makeConfig = { filterFiles }: let
+        mergedFilters = concatTextFile {
+          name = "ublock-origin-filters-merged.txt";
+          files = filterFiles;
+          destination = "/share/filters/ublock-origin-filters-merged.txt";
+        };
+        baseConfig = writers.writeJSON "uBlock0@raymondhill.net.json" {
+          name = "uBlock0@raymondhill.net";
+          description = "ignored";
+          type = "storage";
+          data = {
+            adminSettings = {
+              #^ adminSettings dictionary uses the same schema as the "backup to file" option in settings.
+              userSettings = {
+                # default settings are found: <repo:gorhill/uBlock:src/js/background.js>  (userSettingsDefault)
+                advancedUserEnabled = true;
+                autoUpdate = false;
+                # don't block page load when waiting for filter load
+                suspendUntilListsAreLoaded = false;
+              };
+              selectedFilterLists = [ "user-filters" ];
+              # there's an array version of this field too, if preferable
+              filters = "";  #< WILL BE SUBSTITUTED DURING BUILD
+            };
+          };
+        };
+      in runCommandLocal "ublock-origin-config" { nativeBuildInputs = [ jq ]; } ''
+        cat ${baseConfig} | jq 'setpath(["data", "adminSettings", "userFilters"]; $filterText)' --rawfile filterText ${mergedFilters}/share/filters/ublock-origin-filters-merged.txt > $out
+      '';
+    };
  }
 )
--- a/pkgs/additional/uassets/default.nix
+++ b/pkgs/additional/uassets/default.nix
@ -0,0 +1,35 @@
+{ stdenv
+, lib
+, fetchFromGitHub
+, unstableGitUpdater
+}:
+stdenv.mkDerivation {
+  pname = "uassets";
+  version = "0-unstable-2024-05-27";
+  src = fetchFromGitHub {
+    owner = "uBlockOrigin";
+    repo = "uAssets";
+    rev = "c1534355786340767ce31bb89aa0cb40903685f4";
+    hash = "sha256-Euaop8Y4tUNWlpc+H+VJG65KcMkX6EOtbjPGyheCkPE=";
+  };
+
+  dontBuild = true;
+
+  installPhase = ''
+    mkdir -p $out/share/filters
+    for f in $(ls filters); do
+      cp "filters/$f" "$out/share/filters/ublock-$f"
+    done
+    cp thirdparties/easylist/* $out/share/filters
+    cp thirdparties/pgl.yoyo.org/as/serverlist $out/share/filters/pgl-serverlist.txt
+    cp thirdparties/urlhaus-filter/*.txt $out/share/filters
+  '';
+
+  passthru.updateScript = unstableGitUpdater { };
+
+  meta = with lib; {
+    homepage = "https://github.com/uBlockOrigin/uAssets";
+    description = "official uBlock Origin filter lists";
+    maintainers = with maintainers; [ colinsane ];
+  };
+}
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@ -83,6 +83,7 @@ let
    tow-boot-pinephone = callPackage ./additional/tow-boot-pinephone { };
    tree-sitter-nix-shell = callPackage ./additional/tree-sitter-nix-shell { };
    trivial-builders = lib.recurseIntoAttrs (callPackage ./additional/trivial-builders { });
+    uassets = callPackage ./additional/uassets { };
    wvkbd-mk = callPackage ./additional/wvkbd-mk { };
    inherit (trivial-builders)
      copyIntoOwnPackage