diff options
author | Soispha <soispha@vhack.eu> | 2023-10-21 22:30:59 +0200 |
---|---|---|
committer | Soispha <soispha@vhack.eu> | 2023-10-21 22:30:59 +0200 |
commit | 27a254a27df47cac88ce8053b4efe575cf9c481e (patch) | |
tree | 5441124451062b275592bf798e9da88f10851f26 /hm/soispha/conf/firefox/config/policies/default.nix | |
parent | fix(hm/conf/firefox/scr/extensions): Add required 'default_area' (diff) | |
download | nixos-config-27a254a27df47cac88ce8053b4efe575cf9c481e.zip |
feat(hm/conf/firefox): Use the policy.json file for configs
Diffstat (limited to 'hm/soispha/conf/firefox/config/policies/default.nix')
-rw-r--r-- | hm/soispha/conf/firefox/config/policies/default.nix | 141 |
1 files changed, 141 insertions, 0 deletions
diff --git a/hm/soispha/conf/firefox/config/policies/default.nix b/hm/soispha/conf/firefox/config/policies/default.nix new file mode 100644 index 00000000..ada281d8 --- /dev/null +++ b/hm/soispha/conf/firefox/config/policies/default.nix @@ -0,0 +1,141 @@ +{ + config, + extensions, + ... +}: let + locals = [ + "en-CA" + "de" + "sv-SE" + ]; +in { + policies = let + mkAllowedExtension = extension: { + name = extension.addonId; + value = { + installation_mode = "normal_installed"; + updates_disabled = true; + inherit (extension) default_area; + install_url = "file://${builtins.fetchurl { + inherit + (extension) + url + sha256 + ; + }}"; + }; + }; + allowedExtensions = + builtins.listToAttrs + (builtins.map mkAllowedExtension (builtins.attrValues + extensions)); + + mkBlockedExtension = id: { + name = id; + value = { + install_mode = "blocked"; + }; + }; + blockedExtensions = builtins.listToAttrs (builtins.map mkBlockedExtension [ + # these are the default search engines + "addons-search-detection@mozilla.com" + "amazon@search.mozilla.org" + "bing@search.mozilla.org" + "ddg@search.mozilla.org" + "google@search.mozilla.org" + "wikipedia@search.mozilla.org" + ]); + + language_packs = builtins.listToAttrs (builtins.map + ( + lang: { + name = "langpack-${lang}@firefox.mozilla.org"; + value = { + installation_mode = "normal_installed"; + install_url = "https://releases.mozilla.org/pub/firefox/releases/${config.soispha.firefox.package_version}/linux-x86_64/xpi/${lang}.xpi"; + }; + } + ) + locals); + in { + # NOTE: See https://mozilla.github.io/policy-templates for documentation <2023-10-21> + + # NixOS manages this already + DisableAppUpdate = true; + + DisableFirefoxAccounts = true; + DisableFirefoxScreenshots = true; + + # KeepassXC does this for me + DisableMasterPasswordCreation = true; + + # I use a self-hosted services for that + DisablePocket = true; + + # I don't want to lose my data + DisableProfileRefresh = true; + + DisplayBookmarksToolbar = "newtab"; + DisplayMenuBar = "default-off"; + + DNSOverHTTPS = { + Enabled = true; + Locked = false; + }; + # The concept of a "default browser" does not apply to my NixOS config + DontCheckDefaultBrowser = true; + + EnableTrackingProtection = { + Value = true; + Locked = false; + Cryptomining = true; + Fingerprinting = true; + EmailTracking = true; + }; + + EncryptedMediaExtensions = { + # I want a _free_ config (and I can always just run another browser) + Enabled = false; + Locked = true; + }; + + ExtensionSettings = + { + "*" = { + blocked_install_message = '' + You can't install a extension manually, + please specify it in your NixOS configuration + ''; + installation_mode = "blocked"; + }; + } + // allowedExtensions + // blockedExtensions + // language_packs; + ExtensionUpdate = false; + + # TODO: Add handlers for the default file types <2023-10-21> + # Handlers = { + # }; + + HardwareAcceleration = true; + + InstallAddonsPermission = { + Allowed = []; + Default = false; + }; + + # KeepassXC and such things + OfferToSaveLogins = false; + PasswordManagerEnable = false; + + PDFjs = { + Enabled = true; + # Don't honor documents right to be un-copy-able + EnablePermissions = false; + }; + + SearchBar = "unified"; + RequestedLocales = locals; + }; +} |