diff options
Diffstat (limited to 'modules/home.legacy/conf/firefox/config/policies')
| -rw-r--r-- | modules/home.legacy/conf/firefox/config/policies/default.nix | 146 |
1 files changed, 146 insertions, 0 deletions
diff --git a/modules/home.legacy/conf/firefox/config/policies/default.nix b/modules/home.legacy/conf/firefox/config/policies/default.nix new file mode 100644 index 00000000..02c740f6 --- /dev/null +++ b/modules/home.legacy/conf/firefox/config/policies/default.nix @@ -0,0 +1,146 @@ +{ + config, + extensions, + ... +}: let + locals = [ + "en-CA" + "de" + "sv-SE" + ]; + mkAllowedExtension = extension: { + name = extension.addonId; + value = { + installation_mode = "normal_installed"; + updates_disabled = true; + inherit (extension) default_area; + install_url = "file://${builtins.fetchurl { + inherit + (extension) + url + sha256 + ; + }}"; + }; + }; + allowedExtensions = + builtins.listToAttrs + (builtins.map mkAllowedExtension (builtins.attrValues + extensions)); + + mkBlockedExtension = id: { + name = id; + value = { + install_mode = "blocked"; + }; + }; + blockedExtensions = builtins.listToAttrs (builtins.map mkBlockedExtension [ + # these are the default search engines + "addons-search-detection@mozilla.com" + "amazon@search.mozilla.org" + "bing@search.mozilla.org" + "ddg@search.mozilla.org" + "google@search.mozilla.org" + "wikipedia@search.mozilla.org" + ]); + + language_packs = builtins.listToAttrs (builtins.map + ( + lang: { + name = "langpack-${lang}@firefox.mozilla.org"; + value = { + installation_mode = "normal_installed"; + updates_disabled = true; + install_url = "https://releases.mozilla.org/pub/firefox/releases/${config.soispha.firefox.package_version}/linux-x86_64/xpi/${lang}.xpi"; + }; + } + ) + locals); +in { + # NOTE: See https://mozilla.github.io/policy-templates for documentation <2023-10-21> + policies = { + # NixOS manages this already + DisableAppUpdate = true; + + DisableFirefoxAccounts = true; + DisableFirefoxScreenshots = true; + + # KeepassXC does this for me + DisableMasterPasswordCreation = true; + + # I use a self-hosted services for that + DisablePocket = true; + + # I don't want to lose my data + DisableProfileRefresh = true; + + DisableDeveloperTools = false; + + DisplayBookmarksToolbar = "newtab"; + DisplayMenuBar = "default-off"; + + DNSOverHTTPS = { + Enabled = true; + Locked = false; + }; + # The concept of a "default browser" does not apply to my NixOS config + DontCheckDefaultBrowser = true; + + EnableTrackingProtection = { + Value = true; + Locked = false; + Cryptomining = true; + Fingerprinting = true; + EmailTracking = true; + }; + + EncryptedMediaExtensions = { + # I want a _free_ config (and I can always just run another browser) + Enabled = false; + Locked = true; + }; + + ExtensionSettings = + { + "*" = { + # Blocking the extension install here, also blocks the 'about:debugging' page + + # blocked_install_message = '' + # You can't install a extension manually, + # please specify it in your NixOS configuration + # ''; + installation_mode = "allowed"; + }; + } + // allowedExtensions + // blockedExtensions + // language_packs; + + ExtensionUpdate = false; + + # TODO: Add handlers for the default file types <2023-10-21> + # Handlers = { + # }; + + HardwareAcceleration = true; + + # Blocking the extension install here, also blocks the 'about:debugging' page + # InstallAddonsPermission = { + # Allowed = []; + # Default = false; + # }; + + # KeepassXC and such things + OfferToSaveLogins = false; + PasswordManagerEnabled = false; + + PDFjs = { + Enabled = true; + # Don't honor documents right to be un-copy-able + EnablePermissions = false; + }; + + SearchBar = "unified"; + RequestedLocales = locals; + }; +} |