{ inputs, ... }: {
  flake.homeManagerModules.wisdomBrowsersZen =
    { config, lib, pkgs, ... }:
    let
      root = config.chiasson.home;
      cfg = config.chiasson.home.browsers.zen;
    in
    {
      imports = [ inputs.zen-browser.homeModules.beta ];

      options.chiasson.home.browsers.zen.enable = lib.mkEnableOption "Zen Browser + locked-down policies / extensions.";

      config = lib.mkIf (root.enable && cfg.enable) {
        programs.zen-browser = {
          enable = true;
          policies = {
            PasswordManagerEnabled = false;
            AutofillCreditCardEnabled = false;
            AutofillAddressEnabled = false;
            DisableAppUpdate = true;
            DisableFeedbackCommands = true;
            DisableFirefoxStudies = true;
            DisablePocket = true;
            DisableTelemetry = true;
            OfferToSaveLogins = false;
            EnableTrackingProtection = {
              Value = true;
              Locked = true;
              Cryptomining = true;
              Fingerprinting = true;
            };
            ExtensionSettings = {
              "{446900e4-71c2-419f-a6a7-df9c091e268b}" = {
                install_url = "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi";
                installation_mode = "normal_installed";
              };
              "uBlock0@raymondhill.net" = {
                install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
                installation_mode = "normal_installed";
              };
              "{762f9885-5a13-4abd-9c77-433dcd38b8fd}" = {
                install_url = "https://addons.mozilla.org/firefox/downloads/latest/return-youtube-dislikes/latest.xpi";
                installation_mode = "normal_installed";
              };
            };
          };
        };

        home.packages = [
          (pkgs.writeShellApplication {
            name = "extract-firefox-extension";
            runtimeInputs = with pkgs; [
              wget
              unzip
              jq
            ];
            text = ''
              if [ -z "$1" ]; then
                  echo "usage: $0 <firefox-addon-url>"
                  exit 1
              fi

              PLUGIN_URL="$1"
              TEMP_DIR="extension-id-$(date +%s)"
              mkdir "$TEMP_DIR" || exit 1
              cd "$TEMP_DIR" || exit 1

              DOWNLOAD_URL=$(echo "$PLUGIN_URL" \
                  | sed -E 's|https://addons.mozilla.org/firefox/downloads/file/[0-9]+/([^/]+)-[^/]+\.xpi|\1|' \
                  | tr '_' '-' \
                  | awk '{print "https://addons.mozilla.org/firefox/downloads/latest/" $1 "/latest.xpi"}')

              wget -q "$DOWNLOAD_URL" -O latest.xpi || { cd ..; rm -rf "$TEMP_DIR"; exit 1; }
              unzip -q latest.xpi -d unpacked || { cd ..; rm -rf "$TEMP_DIR"; exit 1; }

              jq -r '.browser_specific_settings.gecko.id' unpacked/manifest.json || { cd ..; rm -rf "$TEMP_DIR"; exit 1; }

              cd ..
              rm -rf "$TEMP_DIR"
            '';
          })
        ];
      };
    };
}