about summary refs log tree commit diff stats
path: root/hm/soispha/conf/firefox/config/policies/default.nix
diff options
context:
space:
mode:
authorSoispha <soispha@vhack.eu>2023-10-21 22:30:59 +0200
committerSoispha <soispha@vhack.eu>2023-10-21 22:30:59 +0200
commit27a254a27df47cac88ce8053b4efe575cf9c481e (patch)
tree5441124451062b275592bf798e9da88f10851f26 /hm/soispha/conf/firefox/config/policies/default.nix
parentfix(hm/conf/firefox/scr/extensions): Add required 'default_area' (diff)
downloadnixos-config-27a254a27df47cac88ce8053b4efe575cf9c481e.zip
feat(hm/conf/firefox): Use the policy.json file for configs
Diffstat (limited to 'hm/soispha/conf/firefox/config/policies/default.nix')
-rw-r--r--hm/soispha/conf/firefox/config/policies/default.nix141
1 files changed, 141 insertions, 0 deletions
diff --git a/hm/soispha/conf/firefox/config/policies/default.nix b/hm/soispha/conf/firefox/config/policies/default.nix
new file mode 100644
index 00000000..ada281d8
--- /dev/null
+++ b/hm/soispha/conf/firefox/config/policies/default.nix
@@ -0,0 +1,141 @@
+{
+  config,
+  extensions,
+  ...
+}: let
+  locals = [
+    "en-CA"
+    "de"
+    "sv-SE"
+  ];
+in {
+  policies = let
+    mkAllowedExtension = extension: {
+      name = extension.addonId;
+      value = {
+        installation_mode = "normal_installed";
+        updates_disabled = true;
+        inherit (extension) default_area;
+        install_url = "file://${builtins.fetchurl {
+          inherit
+            (extension)
+            url
+            sha256
+            ;
+        }}";
+      };
+    };
+    allowedExtensions =
+      builtins.listToAttrs
+      (builtins.map mkAllowedExtension (builtins.attrValues
+          extensions));
+
+    mkBlockedExtension = id: {
+      name = id;
+      value = {
+        install_mode = "blocked";
+      };
+    };
+    blockedExtensions = builtins.listToAttrs (builtins.map mkBlockedExtension [
+      # these are the default search engines
+      "addons-search-detection@mozilla.com"
+      "amazon@search.mozilla.org"
+      "bing@search.mozilla.org"
+      "ddg@search.mozilla.org"
+      "google@search.mozilla.org"
+      "wikipedia@search.mozilla.org"
+    ]);
+
+    language_packs = builtins.listToAttrs (builtins.map
+      (
+        lang: {
+          name = "langpack-${lang}@firefox.mozilla.org";
+          value = {
+            installation_mode = "normal_installed";
+            install_url = "https://releases.mozilla.org/pub/firefox/releases/${config.soispha.firefox.package_version}/linux-x86_64/xpi/${lang}.xpi";
+          };
+        }
+      )
+      locals);
+  in {
+    # NOTE: See https://mozilla.github.io/policy-templates for documentation <2023-10-21>
+
+    # NixOS manages this already
+    DisableAppUpdate = true;
+
+    DisableFirefoxAccounts = true;
+    DisableFirefoxScreenshots = true;
+
+    # KeepassXC does this for me
+    DisableMasterPasswordCreation = true;
+
+    # I use a self-hosted services for that
+    DisablePocket = true;
+
+    # I don't want to lose my data
+    DisableProfileRefresh = true;
+
+    DisplayBookmarksToolbar = "newtab";
+    DisplayMenuBar = "default-off";
+
+    DNSOverHTTPS = {
+      Enabled = true;
+      Locked = false;
+    };
+    # The concept of a "default browser" does not apply to my NixOS config
+    DontCheckDefaultBrowser = true;
+
+    EnableTrackingProtection = {
+      Value = true;
+      Locked = false;
+      Cryptomining = true;
+      Fingerprinting = true;
+      EmailTracking = true;
+    };
+
+    EncryptedMediaExtensions = {
+      # I want a _free_ config (and I can always just run another browser)
+      Enabled = false;
+      Locked = true;
+    };
+
+    ExtensionSettings =
+      {
+        "*" = {
+          blocked_install_message = ''
+            You can't install a extension manually,
+            please specify it in your NixOS configuration
+          '';
+          installation_mode = "blocked";
+        };
+      }
+      // allowedExtensions
+      // blockedExtensions
+      // language_packs;
+    ExtensionUpdate = false;
+
+    # TODO: Add handlers for the default file types <2023-10-21>
+    # Handlers = {
+    # };
+
+    HardwareAcceleration = true;
+
+    InstallAddonsPermission = {
+      Allowed = [];
+      Default = false;
+    };
+
+    # KeepassXC and such things
+    OfferToSaveLogins = false;
+    PasswordManagerEnable = false;
+
+    PDFjs = {
+      Enabled = true;
+      # Don't honor documents right to be un-copy-able
+      EnablePermissions = false;
+    };
+
+    SearchBar = "unified";
+    RequestedLocales = locals;
+  };
+}