diff --git a/flake.lock b/flake.lock
index ca32395..b682eff 100644
--- a/flake.lock
+++ b/flake.lock
@@ -36,10 +36,26 @@
         "type": "github"
       }
     },
+    "nur": {
+      "locked": {
+        "lastModified": 1701565337,
+        "narHash": "sha256-Ws3V2ymJ9fTl9VC0nOG766NTPDrcuAv5zUJzHkpecYA=",
+        "owner": "nix-community",
+        "repo": "nur",
+        "rev": "910ea1ac6db158f066cb2f666fb9c86e3bea2051",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nur",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "home-manager": "home-manager",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs",
+        "nur": "nur"
       }
     }
   },
diff --git a/flake.nix b/flake.nix
index 2e73b5d..dea2736 100644
--- a/flake.nix
+++ b/flake.nix
@@ -5,6 +5,7 @@
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
     home-manager.url = "github:nix-community/home-manager";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
+    nur.url = "github:nix-community/nur";
   };
 
   outputs = { self, nixpkgs, home-manager, ... }@inputs: {
@@ -41,7 +42,7 @@
 
     homeConfigurations = {
       till = home-manager.lib.homeManagerConfiguration {
-        pkgs = nixpkgs.legacyPackages.x86_64-linux;
+        pkgs = nixpkgs.legacyPackages.x86_64-linux.extend inputs.nur.overlay;
         extraSpecialArgs = { inherit inputs; };
         modules = [ 
           ./home
diff --git a/home/default.nix b/home/default.nix
index e3cc4ea..d3dc580 100644
--- a/home/default.nix
+++ b/home/default.nix
@@ -22,6 +22,7 @@
     pictures = "${config.home.homeDirectory}/media/img";
     videos = "${config.home.homeDirectory}/media/vid";
     documents = "${config.home.homeDirectory}/misc";
+    templates = "${config.xdg.dataHome}/templates";
   };
 
   services.syncthing.enable = true;
@@ -62,7 +63,6 @@
     khal
     khard
     taskopen
-    gnome.gnome-sound-recorder
     okular
     xournalpp
     evolution
@@ -120,6 +120,7 @@
     ./nvim
     ./foot.nix
     ./fish.nix
+    ./firefox.nix
     ./calendars
     ./mail
     ./tex.nix
@@ -155,10 +156,6 @@
     };
   };
 
-  programs.firefox = {
-    enable = true;
-  };
-
   programs.taskwarrior = {
     enable = true;
     dataLocation = "${config.xdg.dataHome}/taskwarrior/tasks";
diff --git a/home/firefox.nix b/home/firefox.nix
new file mode 100644
index 0000000..9c782e5
--- /dev/null
+++ b/home/firefox.nix
@@ -0,0 +1,55 @@
+{ config, pkgs, ... }:
+
+{
+  programs.firefox = {
+    enable = true;
+    # package = pkgs.firefox.override {
+    #   cfg = {
+    #     enableTridactylNative = true;
+    #     enableKeePassXC = true;
+    #   };
+    # };
+    policies = {
+      DisableFirefoxAccounts = true;
+      DisablePocket = true;
+      DisableTelemetry = true;
+      DownloadDirectory = "${config.home.homeDirectory}/tmp";
+      EnableTrackingProtection = {
+        Value = true;
+        Cryptomining = true;
+        Fingerprinting = true;
+      };
+    };
+    profiles = {
+      till = {
+        name = "till";
+        isDefault = true;
+        extensions = with pkgs.nur.repos.rycee.firefox-addons; [
+          ublock-origin
+          linkhints
+          keepassxc-browser
+        ];
+        extraConfig = ''
+          user_pref("browser.aboutConfig.showWarning", false);
+          user_pref("toolkit.telemetry.server", "");
+          user_pref("intl.accept_languages", "de-de,en-us,en");
+          user_pref("intl.regional_prefs.use_os_locales", true);
+          user_pref("media.eme.enabled", true);
+          user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false);
+          user_pref("extensions.pocket.enabled", true);
+          user_pref("privacy.annotate_channels.strict_list.enabled", true);
+          user_pref("privacy.globalprivacycontrol.enabled", true);
+          user_pref("privacy.donottrackheader.enabled", true);
+          user_pref("signon.rememberSignons", false);
+          user_pref("extensions.formautofill.creditCards.enabled", false);
+          user_pref("toolkit.telemetry.enabled", false);
+          user_pref("app.shield.optoutstudies.enabled", false);
+          user_pref("dom.security.https_only_mode", true);
+          user_pref("network.trr.custom_uri", "https://dns.quad9.net/dns-query	");
+          user_pref("network.trr.mode", 3);
+          user_pref("network.trr.uri", "https://dns.quad9.net/dns-query");
+        '';
+      };
+    };
+  };
+}
diff --git a/system/gnome.nix b/system/gnome.nix
index 6a76fe2..0ab8e3b 100644
--- a/system/gnome.nix
+++ b/system/gnome.nix
@@ -14,6 +14,7 @@
      gnome-initial-setup
    ]);
    environment.systemPackages = with pkgs.gnome; [
+     gnome-sound-recorder
      gnome-tweaks
      gedit
      gnome-boxes
diff --git a/system/hardware-nova.nix b/system/hardware-nova.nix
index 6e609ef..7f50b9b 100644
--- a/system/hardware-nova.nix
+++ b/system/hardware-nova.nix
@@ -28,10 +28,9 @@ in
   # /home/till/.local/share/Steam
   # /home/till/.cache
   # /home/till/tmp
-
-  # todo:
-  # /home/till/.mozilla/firefox
+  # /home/till/.mozilla/firefox/till/storage
   # /home/till/.config/Mattermost/Cache
+  # /home/till/.config/Mattermost/Code\ Cache
 
   fileSystems."/nix" = subvolume // {
     options = [ "subvol=nix" "compress=zstd" "noatime" "discard=async" ];