blob: 55fd3cff1fef86dbb156f7a79c3909b1e1ef689f (
plain) (
tree)
|
|
{
config,
extensions,
...
}: let
locals = [
"en-CA"
"de"
"sv-SE"
];
mkAllowedExtension = extension: {
name = extension.addonId;
value = {
installation_mode = "normal_installed";
updates_disabled = true;
inherit (extension) default_area;
install_url = "file://${builtins.fetchurl {
inherit
(extension)
url
sha256
;
}}";
};
};
allowedExtensions =
builtins.listToAttrs
(builtins.map mkAllowedExtension (builtins.attrValues
extensions));
mkBlockedExtension = id: {
name = id;
value = {
install_mode = "blocked";
};
};
blockedExtensions = builtins.listToAttrs (builtins.map mkBlockedExtension [
# these are the default search engines
"addons-search-detection@mozilla.com"
"amazon@search.mozilla.org"
"bing@search.mozilla.org"
"ddg@search.mozilla.org"
"google@search.mozilla.org"
"wikipedia@search.mozilla.org"
]);
language_packs = builtins.listToAttrs (builtins.map
(
lang: {
name = "langpack-${lang}@firefox.mozilla.org";
value = {
installation_mode = "normal_installed";
updates_disabled = true;
install_url = "https://releases.mozilla.org/pub/firefox/releases/${config.soispha.firefox.package_version}/linux-x86_64/xpi/${lang}.xpi";
};
}
)
locals);
in {
# NOTE: See https://mozilla.github.io/policy-templates for documentation <2023-10-21>
# NixOS manages this already
DisableAppUpdate = true;
DisableFirefoxAccounts = true;
DisableFirefoxScreenshots = true;
# KeepassXC does this for me
DisableMasterPasswordCreation = true;
# I use a self-hosted services for that
DisablePocket = true;
# I don't want to lose my data
DisableProfileRefresh = true;
DisableDeveloperTools = false;
DisplayBookmarksToolbar = "newtab";
DisplayMenuBar = "default-off";
DNSOverHTTPS = {
Enabled = true;
Locked = false;
};
# The concept of a "default browser" does not apply to my NixOS config
DontCheckDefaultBrowser = true;
EnableTrackingProtection = {
Value = true;
Locked = false;
Cryptomining = true;
Fingerprinting = true;
EmailTracking = true;
};
EncryptedMediaExtensions = {
# I want a _free_ config (and I can always just run another browser)
Enabled = false;
Locked = true;
};
ExtensionSettings =
{
"*" = {
# Blocking the extension install here, also blocks the 'about:debugging' page
# blocked_install_message = ''
# You can't install a extension manually,
# please specify it in your NixOS configuration
# '';
installation_mode = "allowed";
};
}
// allowedExtensions
// blockedExtensions
// language_packs;
ExtensionUpdate = false;
# TODO: Add handlers for the default file types <2023-10-21>
# Handlers = {
# };
HardwareAcceleration = true;
# Blocking the extension install here, also blocks the 'about:debugging' page
# InstallAddonsPermission = {
# Allowed = [];
# Default = false;
# };
# KeepassXC and such things
OfferToSaveLogins = false;
PasswordManagerEnabled = false;
PDFjs = {
Enabled = true;
# Don't honor documents right to be un-copy-able
EnablePermissions = false;
};
SearchBar = "unified";
RequestedLocales = locals;
}
|