diff options
| -rw-r--r-- | hm/soispha/conf/firefox/config/policies/default.nix | 235 |
1 files changed, 116 insertions, 119 deletions
diff --git a/hm/soispha/conf/firefox/config/policies/default.nix b/hm/soispha/conf/firefox/config/policies/default.nix index ada281d8..9aaf81b8 100644 --- a/hm/soispha/conf/firefox/config/policies/default.nix +++ b/hm/soispha/conf/firefox/config/policies/default.nix @@ -8,134 +8,131 @@ "de" "sv-SE" ]; -in { - policies = let - mkAllowedExtension = extension: { - name = extension.addonId; - value = { - installation_mode = "normal_installed"; - updates_disabled = true; - inherit (extension) default_area; - install_url = "file://${builtins.fetchurl { - inherit - (extension) - url - sha256 - ; - }}"; - }; - }; - allowedExtensions = - builtins.listToAttrs - (builtins.map mkAllowedExtension (builtins.attrValues - extensions)); - - mkBlockedExtension = id: { - name = id; - value = { - install_mode = "blocked"; - }; + mkAllowedExtension = extension: { + name = extension.addonId; + value = { + installation_mode = "normal_installed"; + updates_disabled = true; + inherit (extension) default_area; + install_url = "file://${builtins.fetchurl { + inherit + (extension) + url + sha256 + ; + }}"; }; - blockedExtensions = builtins.listToAttrs (builtins.map mkBlockedExtension [ - # these are the default search engines - "addons-search-detection@mozilla.com" - "amazon@search.mozilla.org" - "bing@search.mozilla.org" - "ddg@search.mozilla.org" - "google@search.mozilla.org" - "wikipedia@search.mozilla.org" - ]); - - language_packs = builtins.listToAttrs (builtins.map - ( - lang: { - name = "langpack-${lang}@firefox.mozilla.org"; - value = { - installation_mode = "normal_installed"; - install_url = "https://releases.mozilla.org/pub/firefox/releases/${config.soispha.firefox.package_version}/linux-x86_64/xpi/${lang}.xpi"; - }; - } - ) - locals); - in { - # NOTE: See https://mozilla.github.io/policy-templates for documentation <2023-10-21> - - # NixOS manages this already - DisableAppUpdate = true; - - DisableFirefoxAccounts = true; - DisableFirefoxScreenshots = true; - - # KeepassXC does this for me - DisableMasterPasswordCreation = true; - - # I use a self-hosted services for that - DisablePocket = true; - - # I don't want to lose my data - DisableProfileRefresh = true; - - DisplayBookmarksToolbar = "newtab"; - DisplayMenuBar = "default-off"; - - DNSOverHTTPS = { - Enabled = true; - Locked = false; - }; - # The concept of a "default browser" does not apply to my NixOS config - DontCheckDefaultBrowser = true; - - EnableTrackingProtection = { - Value = true; - Locked = false; - Cryptomining = true; - Fingerprinting = true; - EmailTracking = true; - }; - - EncryptedMediaExtensions = { - # I want a _free_ config (and I can always just run another browser) - Enabled = false; - Locked = true; + }; + allowedExtensions = + builtins.listToAttrs + (builtins.map mkAllowedExtension (builtins.attrValues + extensions)); + + mkBlockedExtension = id: { + name = id; + value = { + install_mode = "blocked"; }; - - ExtensionSettings = - { - "*" = { - blocked_install_message = '' - You can't install a extension manually, - please specify it in your NixOS configuration - ''; - installation_mode = "blocked"; + }; + blockedExtensions = builtins.listToAttrs (builtins.map mkBlockedExtension [ + # these are the default search engines + "addons-search-detection@mozilla.com" + "amazon@search.mozilla.org" + "bing@search.mozilla.org" + "ddg@search.mozilla.org" + "google@search.mozilla.org" + "wikipedia@search.mozilla.org" + ]); + + language_packs = builtins.listToAttrs (builtins.map + ( + lang: { + name = "langpack-${lang}@firefox.mozilla.org"; + value = { + installation_mode = "normal_installed"; + install_url = "https://releases.mozilla.org/pub/firefox/releases/${config.soispha.firefox.package_version}/linux-x86_64/xpi/${lang}.xpi"; }; } - // allowedExtensions - // blockedExtensions - // language_packs; - ExtensionUpdate = false; + ) + locals); +in { + # NOTE: See https://mozilla.github.io/policy-templates for documentation <2023-10-21> - # TODO: Add handlers for the default file types <2023-10-21> - # Handlers = { - # }; + # NixOS manages this already + DisableAppUpdate = true; - HardwareAcceleration = true; + DisableFirefoxAccounts = true; + DisableFirefoxScreenshots = true; - InstallAddonsPermission = { - Allowed = []; - Default = false; - }; + # KeepassXC does this for me + DisableMasterPasswordCreation = true; - # KeepassXC and such things - OfferToSaveLogins = false; - PasswordManagerEnable = false; + # I use a self-hosted services for that + DisablePocket = true; - PDFjs = { - Enabled = true; - # Don't honor documents right to be un-copy-able - EnablePermissions = false; - }; + # I don't want to lose my data + DisableProfileRefresh = true; + + DisplayBookmarksToolbar = "newtab"; + DisplayMenuBar = "default-off"; - SearchBar = "unified"; - RequestedLocales = locals; + DNSOverHTTPS = { + Enabled = true; + Locked = false; }; + # The concept of a "default browser" does not apply to my NixOS config + DontCheckDefaultBrowser = true; + + EnableTrackingProtection = { + Value = true; + Locked = false; + Cryptomining = true; + Fingerprinting = true; + EmailTracking = true; + }; + + EncryptedMediaExtensions = { + # I want a _free_ config (and I can always just run another browser) + Enabled = false; + Locked = true; + }; + + ExtensionSettings = + { + "*" = { + blocked_install_message = '' + You can't install a extension manually, + please specify it in your NixOS configuration + ''; + installation_mode = "blocked"; + }; + } + // allowedExtensions + // blockedExtensions + // language_packs; + ExtensionUpdate = false; + + # TODO: Add handlers for the default file types <2023-10-21> + # Handlers = { + # }; + + HardwareAcceleration = true; + + InstallAddonsPermission = { + Allowed = []; + Default = false; + }; + + # KeepassXC and such things + OfferToSaveLogins = false; + PasswordManagerEnable = false; + + PDFjs = { + Enabled = true; + # Don't honor documents right to be un-copy-able + EnablePermissions = false; + }; + + SearchBar = "unified"; + RequestedLocales = locals; } |