about summary refs log blame commit diff stats
path: root/hm/soispha/conf/firefox/config/policies/default.nix
blob: 55fd3cff1fef86dbb156f7a79c3909b1e1ef689f (plain) (tree)
1
2
3
4
5
6
7
8
9
10








             











                                                 
      








                                                         
      















                                                                             
                                  
                                                                                                                                                   
          


                                                                                       
 
                              
 
                                   
 
                                       
 
                                         
 

                                
                                
                                     
 

                   
    


















                                                                        





                                                                                     



                        
 






                                                              



                                                                               

                             
                                 







                                                    
 
{
  config,
  extensions,
  ...
}: let
  locals = [
    "en-CA"
    "de"
    "sv-SE"
  ];
  mkAllowedExtension = extension: {
    name = extension.addonId;
    value = {
      installation_mode = "normal_installed";
      updates_disabled = true;
      inherit (extension) default_area;
      install_url = "file://${builtins.fetchurl {
        inherit
          (extension)
          url
          sha256
          ;
      }}";
    };
  };
  allowedExtensions =
    builtins.listToAttrs
    (builtins.map mkAllowedExtension (builtins.attrValues
        extensions));

  mkBlockedExtension = id: {
    name = id;
    value = {
      install_mode = "blocked";
    };
  };
  blockedExtensions = builtins.listToAttrs (builtins.map mkBlockedExtension [
    # these are the default search engines
    "addons-search-detection@mozilla.com"
    "amazon@search.mozilla.org"
    "bing@search.mozilla.org"
    "ddg@search.mozilla.org"
    "google@search.mozilla.org"
    "wikipedia@search.mozilla.org"
  ]);

  language_packs = builtins.listToAttrs (builtins.map
    (
      lang: {
        name = "langpack-${lang}@firefox.mozilla.org";
        value = {
          installation_mode = "normal_installed";
          updates_disabled = true;
          install_url = "https://releases.mozilla.org/pub/firefox/releases/${config.soispha.firefox.package_version}/linux-x86_64/xpi/${lang}.xpi";
        };
      }
    )
    locals);
in {
  # NOTE: See https://mozilla.github.io/policy-templates for documentation <2023-10-21>

  # NixOS manages this already
  DisableAppUpdate = true;

  DisableFirefoxAccounts = true;
  DisableFirefoxScreenshots = true;

  # KeepassXC does this for me
  DisableMasterPasswordCreation = true;

  # I use a self-hosted services for that
  DisablePocket = true;

  # I don't want to lose my data
  DisableProfileRefresh = true;

  DisableDeveloperTools = false;

  DisplayBookmarksToolbar = "newtab";
  DisplayMenuBar = "default-off";

  DNSOverHTTPS = {
    Enabled = true;
    Locked = false;
  };
  # The concept of a "default browser" does not apply to my NixOS config
  DontCheckDefaultBrowser = true;

  EnableTrackingProtection = {
    Value = true;
    Locked = false;
    Cryptomining = true;
    Fingerprinting = true;
    EmailTracking = true;
  };

  EncryptedMediaExtensions = {
    # I want a _free_ config (and I can always just run another browser)
    Enabled = false;
    Locked = true;
  };

  ExtensionSettings =
    {
      "*" = {
        # Blocking the extension install here, also blocks the 'about:debugging' page

        # blocked_install_message = ''
        #   You can't install a extension manually,
        #   please specify it in your NixOS configuration
        # '';
        installation_mode = "allowed";
      };
    }
    // allowedExtensions
    // blockedExtensions
    // language_packs;

  ExtensionUpdate = false;

  # TODO: Add handlers for the default file types <2023-10-21>
  # Handlers = {
  # };

  HardwareAcceleration = true;

  # Blocking the extension install here, also blocks the 'about:debugging' page
  # InstallAddonsPermission = {
  #   Allowed = [];
  #   Default = false;
  # };

  # KeepassXC and such things
  OfferToSaveLogins = false;
  PasswordManagerEnabled = false;

  PDFjs = {
    Enabled = true;
    # Don't honor documents right to be un-copy-able
    EnablePermissions = false;
  };

  SearchBar = "unified";
  RequestedLocales = locals;
}