diff --git a/src/user/modules/gui/modules/browsers/firefox/default.nix b/src/user/modules/gui/modules/browsers/firefox/default.nix
index 44cdef2..6f000d0 100644
--- a/src/user/modules/gui/modules/browsers/firefox/default.nix
+++ b/src/user/modules/gui/modules/browsers/firefox/default.nix
@@ -5,13 +5,38 @@ let
   cfg = config.modules.user.gui.browser.firefox;
 
 in
-{ options.modules.user.gui.browser.firefox = { enable = mkEnableOption "Enable Firefox browser"; };
+{
+  options.modules.user.gui.browser.firefox = { enable = mkEnableOption "Enable Firefox browser"; };
   config = mkIf cfg.enable {
+    home.packages = with pkgs; [
+      passff-host
+    ];
+    home.file = {
+      ".mozilla/native-messaging-hosts/passff.json" = {
+        text = ''
+          {
+            "name": "passff",
+            "description": "Host for communicating with zx2c4 pass",
+            "path": "${pkgs.passff-host}/share/passff-host/passff.py",
+            "type": "stdio",
+            "allowed_extensions": [ "passff@invicem.pro" ]
+          }
+        '';
+      };
+    };
+    assertions =
+    let
+      pinentry = config.services.gpg-agent.pinentryPackage;
+    in
+    [
+      {
+        assertion = pinentry != pkgs.pinentry-curses || pinentry != pkgs.pinentry-tty;
+        message = "Firefox plugin passff requires graphical pinentry";
+      }
+    ];
+
     programs.firefox = {
       enable = true;
-      nativeMessagingHosts = with pkgs; [
-        passff-host
-      ];
       profiles = {
         "default" = {
           bookmarks = config.user.bookmarks;
@@ -83,6 +108,7 @@ in
 
             "browser.urlbar.suggest.history" = false;
             "browser.urlbar.suggest.topsites" = false;
+            "browser.urlbar.sponsoredTopSites" = false;
             "browser.urlbar.autoFill" = false;
             "browser.toolbars.bookmarks.showOtherBookmarks" = false;
 
@@ -260,6 +286,8 @@ in
             "security.tls.version.enable-deprecated" = false;
             "extensions.webcompat-reporter.enabled" = false;
             "extensions.quarantinedDomains.enabled" = true;
+
+            "media.videocontrols.picture-in-picture.enabled" = false;
           };
         };
       };
diff --git a/src/user/modules/gui/wm/hyprland/default.nix b/src/user/modules/gui/wm/hyprland/default.nix
index f2ee20d..d0ba6b3 100644
--- a/src/user/modules/gui/wm/hyprland/default.nix
+++ b/src/user/modules/gui/wm/hyprland/default.nix
@@ -73,6 +73,7 @@ in
 
         windowrulev2 = [
           "float, title:(Android Emulator)"
+          "float, title: Extension: (PassFF)"
         ];
 
         general = {
diff --git a/src/user/modules/security/modules/gpg/default.nix b/src/user/modules/security/modules/gpg/default.nix
index 4406c72..ea17219 100644
--- a/src/user/modules/security/modules/gpg/default.nix
+++ b/src/user/modules/security/modules/gpg/default.nix
@@ -3,9 +3,13 @@
 with lib;
 let
   cfg = config.modules.user.security.gpg;
+  gui = config.modules.user.gui.wm;
+  wm = {
+    enable = builtins.any (mod: mod.enable or false) (builtins.attrValues gui);
+  };
 
 in
-{ options.modules.user.security.gpg = { enable = mkEnableOption "user.security.gpg"; };
+{ options.modules.user.security.gpg = { enable = mkEnableOption "Enable GPG module"; };
   config = mkIf cfg.enable {
     programs.gpg = {
       enable = true;
@@ -22,7 +26,12 @@ in
       enableSshSupport = true;
       enableBashIntegration = true;
       enableScDaemon = true;
-      pinentryPackage = pkgs.pinentry-tty;
+
+      pinentryPackage =
+      if wm.enable then
+        pkgs.pinentry-gtk2
+      else
+        pkgs.pinentry-curses;
     };
   };
 }