Firefox: Extend policy config.

This commit is contained in:
Dmitry Voronin 2024-11-10 12:39:15 +03:00
parent 5193b4167e
commit 7ccaf8ebf5
Signed by: voronind
SSH key fingerprint: SHA256:3kBb4iV2ahufEBNq+vFbUe4QYfHt98DHQjN7QaptY9k

View file

@ -24,6 +24,7 @@
(mkSearchEngine "aw" "Arch Wiki" "https://wiki.archlinux.org/index.php?search={searchTerms}") (mkSearchEngine "aw" "Arch Wiki" "https://wiki.archlinux.org/index.php?search={searchTerms}")
(mkSearchEngine "gh" "GitHub" "https://github.com/search?q={searchTerms}") (mkSearchEngine "gh" "GitHub" "https://github.com/search?q={searchTerms}")
(mkSearchEngine "ghc" "GitHub Code" "https://github.com/search?q={searchTerms}&type=code") (mkSearchEngine "ghc" "GitHub Code" "https://github.com/search?q={searchTerms}&type=code")
(mkSearchEngine "ghn" "GitHub Notif" "https://github.com/notifications?query={searchTerms}")
(mkSearchEngine "hm" "Home Manager" "https://home-manager-options.extranix.com/?query={searchTerms}") (mkSearchEngine "hm" "Home Manager" "https://home-manager-options.extranix.com/?query={searchTerms}")
(mkSearchEngine "no" "NixOS Options" "https://search.nixos.org/options?query={searchTerms}") (mkSearchEngine "no" "NixOS Options" "https://search.nixos.org/options?query={searchTerms}")
(mkSearchEngine "np" "NixOS Packages" "https://search.nixos.org/packages?query={searchTerms}") (mkSearchEngine "np" "NixOS Packages" "https://search.nixos.org/packages?query={searchTerms}")
@ -79,46 +80,14 @@
(mkLockedPref "browser.fullscreen.animateUp" 0) (mkLockedPref "browser.fullscreen.animateUp" 0)
(mkLockedPref "browser.fullscreen.autohide" true) (mkLockedPref "browser.fullscreen.autohide" true)
# Homepage.
(mkLockedPref "browser.newtabpage.enabled" false)
(mkLockedPref "browser.startup.homepage" "https://home.voronind.com/")
(mkLockedPref "browser.startup.page" 3)
# Passwords.
(mkLockedPref "signon.prefillForms" false)
(mkLockedPref "signon.rememberSignons" false)
# Formats. # Formats.
(mkLockedPref "image.jxl.enabled" true) (mkLockedPref "image.jxl.enabled" true)
# User agent.
# (mkLockedPref "general.useragent.override" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36")
# Disable HTTP3. # Disable HTTP3.
(mkLockedPref "network.http.http3.enable" false) # (mkLockedPref "network.http.http3.enable" false)
# Disable built-in DoH.
(mkLockedPref "doh-rollout.disable-heuristics" true)
(mkLockedPref "network.trr.mode" 5)
# HTTPS only mode.
(mkLockedPref "dom.security.https_only_mode" true)
(mkLockedPref "dom.security.https_only_mode_ever_enabled" true)
# Style. # Style.
(mkLockedPref "toolkit.legacyUserProfileCustomizations.stylesheets" true) (mkLockedPref "toolkit.legacyUserProfileCustomizations.stylesheets" true)
# Disable auto gain for the mic.
# (mkLockedPref "media.getusermedia.audio.processing.aec" 0)
# (mkLockedPref "media.getusermedia.audio.processing.aec.enabled" false)
# (mkLockedPref "media.getusermedia.audio.processing.agc" 0)
# (mkLockedPref "media.getusermedia.audio.processing.agc.enabled" false)
# (mkLockedPref "media.getusermedia.audio.processing.agc2.forced" false
# (mkLockedPref "media.getusermedia.audio.processing.hpf.enabled" false)
# (mkLockedPref "media.getusermedia.audio.processing.noise" 0)
# (mkLockedPref "media.getusermedia.audio.processing.noise.enabled" false)
# (mkLockedPref "media.getusermedia.audio.processing.platform.enabled" false)
# (mkLockedPref "media.getusermedia.audio.processing.transient.enabled" false)
]; ];
userChrome = '' userChrome = ''
@ -164,18 +133,15 @@
mkSearchEngine = Alias: Description: URLTemplate: { mkSearchEngine = Alias: Description: URLTemplate: {
inherit Alias Description URLTemplate; inherit Alias Description URLTemplate;
Method = "GET"; Method = "GET";
Name = Description; Name = Description;
}; };
mkPref = Name: Value: Status: { mkPref = Name: Value: Status: {
${Name} = { ${Name} = { inherit Value Status; };
inherit Value Status;
};
}; };
mkLockedPref = Name: Value: mkPref Name Value "locked"; mkLockedPref = Name: Value: mkPref Name Value "locked";
mkUserPref = Name: Value: mkPref Name Value "user"; mkUserPref = Name: Value: mkPref Name Value "user";
in in {
{
enable = true; enable = true;
package = pkgs.firefox-esr; package = pkgs.firefox-esr;
# languagePacks = [ "en-US" "ru" ]; # languagePacks = [ "en-US" "ru" ];
@ -184,30 +150,69 @@ in
}; };
# REF: https://mozilla.github.io/policy-templates/ # REF: https://mozilla.github.io/policy-templates/
policies = { policies = {
AppAutoUpdate = false; AppAutoUpdate = false;
BackgroundAppUpdate = false; AutofillAddressEnabled = true;
DisableBuiltinPDFViewer = true; AutofillCreditCardEnabled = false;
DisableFirefoxAccounts = true; BackgroundAppUpdate = false;
DisableFirefoxStudies = true; CaptivePortal = true;
DisableFormHistory = true; DisableBuiltinPDFViewer = true;
DisableMasterPasswordCreation = true; DisableFirefoxAccounts = true;
DisablePasswordReveal = true; DisableFirefoxStudies = true;
DisablePocket = true; DisableFormHistory = true;
DisableProfileImport = true; DisableMasterPasswordCreation = true;
DisableSetDesktopBackground = true; DisablePasswordReveal = true;
DisableTelemetry = true; DisablePocket = true;
DontCheckDefaultBrowser = true; DisableProfileImport = true;
ExtensionUpdate = true; DisableSafeMode = true;
ManagedBookmarks = [ { toplevel_name = "Pin"; } ] ++ bookmarks; DisableSetDesktopBackground = true;
NoDefaultBookmarks = true; DisableTelemetry = true;
OfferToSaveLogins = false; DontCheckDefaultBrowser = false;
PasswordManagerEnabled = false; ExtensionUpdate = true;
Preferences = builtins.foldl' (acc: pref: acc // pref) { } prefs; HttpsOnlyMode = "enabled";
PromptForDownloadLocation = false; ManagedBookmarks = [ { toplevel_name = "Pin"; } ] ++ bookmarks;
SearchSuggestEnabled = false; NetworkPrediction = false;
ShowHomeButton = false; NoDefaultBookmarks = true;
StartDownloadsInTempDirectory = false; OfferToSaveLogins = false;
UseSystemPrintDialog = true; PasswordManagerEnabled = false;
PostQuantumKeyAgreementEnabled = true;
Preferences = builtins.foldl' (acc: pref: acc // pref) { } prefs;
PromptForDownloadLocation = false;
SearchSuggestEnabled = false;
ShowHomeButton = false;
StartDownloadsInTempDirectory = false;
TranslateEnabled = false;
UseSystemPrintDialog = true;
WebsiteFilter = [ ];
PopupBlocking = {
Allow = [];
Default = true;
Locked = true;
};
Homepage = {
Locked = true;
StartPage = "previous-session";
URL = "https://home.voronind.com";
};
DNSOverHTTPS = {
Enabled = false;
# Fallback = false;
Locked = false;
ProviderURL = "https://dns.quad9.net/dns-query";
};
Cookies = {
Behavior = "reject-foreign";
AllowSession = [
"https://yandex.ru"
];
Block = [
"https://google.com"
];
};
# Containers = {}; # TODO: Use containers? https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/
Certificates = {
ImportEnterpriseRoots = false;
Install = [ ];
};
EnableTrackingProtection = { EnableTrackingProtection = {
Value = true; Value = true;
Locked = false; Locked = false;
@ -317,6 +322,9 @@ in
longitude = null; longitude = null;
}; };
}; };
"{446900e4-71c2-419f-a6a7-df9c091e268b}".environment = {
base = "https://pass.voronind.com";
};
}; };
# NOTE: `firefox-esr` edition is required to change search engines. # NOTE: `firefox-esr` edition is required to change search engines.
SearchEngines = { SearchEngines = {