From c52c7f314ccadcc2fcd91e28c8fd1b88f6d5ce0c Mon Sep 17 00:00:00 2001 From: Benedikt Peetz Date: Fri, 18 Oct 2024 17:07:46 +0200 Subject: refactor(modules): Move all system modules to `by-name` From now on all modules should be added to the new `by-name` directory. This should help remove the (superficial and utterly useless) distinction between `home-manager` and `NixOS` modules. --- .../home/conf/firefox/config/policies/default.nix | 146 --------------------- 1 file changed, 146 deletions(-) delete mode 100644 modules/home/conf/firefox/config/policies/default.nix (limited to 'modules/home/conf/firefox/config/policies/default.nix') diff --git a/modules/home/conf/firefox/config/policies/default.nix b/modules/home/conf/firefox/config/policies/default.nix deleted file mode 100644 index 02c740f6..00000000 --- a/modules/home/conf/firefox/config/policies/default.nix +++ /dev/null @@ -1,146 +0,0 @@ -{ - config, - extensions, - ... -}: let - locals = [ - "en-CA" - "de" - "sv-SE" - ]; - mkAllowedExtension = extension: { - name = extension.addonId; - value = { - installation_mode = "normal_installed"; - updates_disabled = true; - inherit (extension) default_area; - install_url = "file://${builtins.fetchurl { - inherit - (extension) - url - sha256 - ; - }}"; - }; - }; - allowedExtensions = - builtins.listToAttrs - (builtins.map mkAllowedExtension (builtins.attrValues - extensions)); - - mkBlockedExtension = id: { - name = id; - value = { - install_mode = "blocked"; - }; - }; - blockedExtensions = builtins.listToAttrs (builtins.map mkBlockedExtension [ - # these are the default search engines - "addons-search-detection@mozilla.com" - "amazon@search.mozilla.org" - "bing@search.mozilla.org" - "ddg@search.mozilla.org" - "google@search.mozilla.org" - "wikipedia@search.mozilla.org" - ]); - - language_packs = builtins.listToAttrs (builtins.map - ( - lang: { - name = "langpack-${lang}@firefox.mozilla.org"; - value = { - installation_mode = "normal_installed"; - updates_disabled = true; - install_url = "https://releases.mozilla.org/pub/firefox/releases/${config.soispha.firefox.package_version}/linux-x86_64/xpi/${lang}.xpi"; - }; - } - ) - locals); -in { - # NOTE: See https://mozilla.github.io/policy-templates for documentation <2023-10-21> - policies = { - # NixOS manages this already - DisableAppUpdate = true; - - DisableFirefoxAccounts = true; - DisableFirefoxScreenshots = true; - - # KeepassXC does this for me - DisableMasterPasswordCreation = true; - - # I use a self-hosted services for that - DisablePocket = true; - - # I don't want to lose my data - DisableProfileRefresh = true; - - DisableDeveloperTools = false; - - DisplayBookmarksToolbar = "newtab"; - DisplayMenuBar = "default-off"; - - DNSOverHTTPS = { - Enabled = true; - Locked = false; - }; - # The concept of a "default browser" does not apply to my NixOS config - DontCheckDefaultBrowser = true; - - EnableTrackingProtection = { - Value = true; - Locked = false; - Cryptomining = true; - Fingerprinting = true; - EmailTracking = true; - }; - - EncryptedMediaExtensions = { - # I want a _free_ config (and I can always just run another browser) - Enabled = false; - Locked = true; - }; - - ExtensionSettings = - { - "*" = { - # Blocking the extension install here, also blocks the 'about:debugging' page - - # blocked_install_message = '' - # You can't install a extension manually, - # please specify it in your NixOS configuration - # ''; - installation_mode = "allowed"; - }; - } - // allowedExtensions - // blockedExtensions - // language_packs; - - ExtensionUpdate = false; - - # TODO: Add handlers for the default file types <2023-10-21> - # Handlers = { - # }; - - HardwareAcceleration = true; - - # Blocking the extension install here, also blocks the 'about:debugging' page - # InstallAddonsPermission = { - # Allowed = []; - # Default = false; - # }; - - # KeepassXC and such things - OfferToSaveLogins = false; - PasswordManagerEnabled = false; - - PDFjs = { - Enabled = true; - # Don't honor documents right to be un-copy-able - EnablePermissions = false; - }; - - SearchBar = "unified"; - RequestedLocales = locals; - }; -} -- cgit 1.4.1