diff options
| author | tilpner | 2020-03-06 16:05:01 +0100 |
|---|---|---|
| committer | tilpner | 2020-03-06 16:05:01 +0100 |
| commit | 5014c0ed2160393fb787b585127bce8f27fda722 (patch) | |
| tree | b01c547725982c5ed866683c1b865381736653f8 | |
| parent | edd25555261c17f74580245b8305cf7edefa4267 (diff) | |
| download | firefox-profiles-5014c0ed2160393fb787b585127bce8f27fda722.tar.gz firefox-profiles-5014c0ed2160393fb787b585127bce8f27fda722.tar.xz firefox-profiles-5014c0ed2160393fb787b585127bce8f27fda722.zip | |
Separate policy into smaller modules
| -rw-r--r-- | default.nix | 80 | ||||
| -rw-r--r-- | nix/default.nix | 234 | ||||
| -rw-r--r-- | nix/directory.nix | 18 | ||||
| -rw-r--r-- | nix/lib.nix | 29 | ||||
| -rw-r--r-- | profiles/addons/default.nix | 51 | ||||
| -rw-r--r-- | profiles/addons/ublock/config.json (renamed from ublock-config.json) | 0 | ||||
| -rw-r--r-- | profiles/defaults.nix | 21 | ||||
| -rw-r--r-- | profiles/distrustUser.nix | 7 | ||||
| -rw-r--r-- | profiles/forgetActivity.nix | 11 | ||||
| -rw-r--r-- | profiles/lessFingerprinting.nix | 6 | ||||
| -rw-r--r-- | profiles/minimalConnections.nix | 68 | ||||
| -rw-r--r-- | profiles/minimalHome.nix | 18 | ||||
| -rw-r--r-- | profiles/noAccounts.nix | 5 | ||||
| -rw-r--r-- | profiles/noClutter.nix | 9 | ||||
| -rw-r--r-- | profiles/noLocation.nix | 12 | ||||
| -rw-r--r-- | profiles/noMedia.nix | 12 | ||||
| -rw-r--r-- | profiles/noNormandy.nix | 9 | ||||
| -rw-r--r-- | profiles/noOCSP.nix | 5 | ||||
| -rw-r--r-- | profiles/noPocket.nix | 9 | ||||
| -rw-r--r-- | profiles/noSafebrowsing.nix | 10 | ||||
| -rw-r--r-- | profiles/noStudies.nix | 11 | ||||
| -rw-r--r-- | profiles/noTunnels.nix | 13 | ||||
| -rw-r--r-- | profiles/noUpdates.nix | 25 | ||||
| -rw-r--r-- | profiles/restrict.nix | 26 |
24 files changed, 448 insertions, 241 deletions
diff --git a/default.nix b/default.nix new file mode 100644 index 0000000..e2b0656 --- /dev/null +++ b/default.nix @@ -0,0 +1,80 @@ +{ pkgs ? import <nixpkgs> {} }: + +with pkgs; + +# Where to find documentation: +# http://kb.mozillazine.org/About:config_entries +# https://www.privacy-handbuch.de/download/moderat/user.js +# https://github.com/mozilla/policy-templates, about:policies#documentation + +let + directory = callPackage nix/directory.nix {}; + ffLib = callPackage nix/lib.nix {}; + search = callPackage nix/search.nix {}; + + callProfile = p: lib.callPackageWith (pkgs // { + inherit ffLib; + }) p {}; +in rec { + profiles = directory.listDirectory callProfile ./profiles; + + disableErrorReporting.preferences = { + breakpad.reportUrl = ""; + }; + + activeProfiles = with profiles; [ + defaults + + addons.disableExtensionSignatureChecking + addons.privacybadger addons.noscript + addons.borderify + + minimalConnections + minimalHome + noAccounts + noClutter + noMedia + noNormandy + noUpdates + noStudies + noPocket + noTunnels + noLocation + noSafebrowsing + restrict + # distrustUser + + forgetActivity + + { policies.RequestedLocales = [ "de-DE" "en-US" ]; } + ]; + + config = ffLib.mergeProfiles activeProfiles; + bundleConfig = { + inherit (config) policies; + preferences = ffLib.flattenAttrs config.preferences; + }; + + bundle = ffLib.bundle bundleConfig; + launcher = ffLib.launcher bundle; + +/* + bundle = profiles.bundle { + policies = { + Preferences = profiles.flattenAttrs { + dom.event.contextmenu.enabled = false; + + extensions = { + blocklist.enabled = false; + getAddons.showPane = false; + htmlaboutaddons.recommendations.enabled = false; + }; + + security.ssl.errorReporting.enabled = false; + }; + + SearchBar = "separate"; + }; + }; + */ +} diff --git a/nix/default.nix b/nix/default.nix deleted file mode 100644 index b3ac1c2..0000000 --- a/nix/default.nix +++ /dev/null @@ -1,234 +0,0 @@ -with import <nixpkgs> {}; - -# http://kb.mozillazine.org/About:config_entries -# https://www.privacy-handbuch.de/download/moderat/user.js - -rec { - profiles = callPackage ./lib.nix {}; - search = callPackage ./search.nix {}; - - # Normandy enables Mozilla to push changes to the default settings - disableNormandy = { - app.normandy = { - enabled = false; - api_url = ""; - }; - }; - - disableTelemetry = { - toolkit.telemetry = { - enabled = false; - server = ""; - unified = false; - archive.enabled = false; - - newProfilePing.enabled = false; - firstShutdownPing.enabled = false; - shutdownPing.enabled = false; - updatePing.enabled = false; - }; - }; - - disableErrorReporting = { - breakpad.reportUrl = ""; - }; - - basic = { - network.captive-portal-service.enabled = false; - - # don't update search engines - browser.search = { - update = false; - geoSpecificDefaults = false; - "geoSpecificDefaults.url" = ""; - geoip.url = ""; - suggest.enabled = false; - reset.enabled = false; - reset.whitelist = ""; - }; - - # disable studies - # https://blog.mozilla.org/firefox/update-looking-glass-add/ - # https://mozilla.github.io/normandy/user/end_user_interaction.html#opt-out-preference - app.shield.optoutstudies.enabled = false; - - # disable pocket - extensions.pocket.enabled = false; - }; - - profile = profiles.profile { - preferences = basic; - search = search.mkSearchConfig { - engines = [ search.engines.qwantjunior ]; - }; - }; - - bundle = profiles.bundle { - # https://github.com/mozilla/policy-templates, about:policies#documentation - policies = { - BlockAboutAddons = false; - BlockAboutConfig = false; - BlockAboutProfiles = true; - - CaptivePortal = false; - - DisableMasterPasswordCreation = true; - DisableAppUpdate = true; - DisableFeedbackCommands = true; - DisableFirefoxAccounts = true; - DisableFirefoxStudies = true; - DisableFormHistory = true; - DisablePasswordReveal = true; - DisablePocket = true; - DisableProfileImport = true; - DisableProfileRefresh = true; - - DisableSecurityBypass = { - InvalidCertificate = true; - SafeBrowsing = false; - }; - - DisableSystemAddonUpdate = true; - DisableTelemetry = true; - - DNSOverHTTPS = { - Enabled = false; - Locked = true; - }; - - DontCheckDefaultBrowser = true; - - EnableTrackingProtection = { - Cryptomining = true; - Fingerprinting = true; - Value = true; - }; - - "3rdparty".Extensions = { - # uBlock Origin - "uBlock0@raymondhill.net".adminSettings = builtins.readFile ../ublock-config.json; - # Privacy Badger - "jid1-MnnxcxisBPnSXQ@jetpack" = { - showIntroPage = false; - }; - }; - - ExtensionSettings = - let - fetchAddon = args: "file://${pkgs.fetchurl args}"; - addon = args: { - installation_mode = "force_installed"; - install_url = fetchAddon args; - }; - in { - "*" = { - blocked_install_message = "Installation von Erweiterungen ist nicht zugelassen."; - install_sources = ["https://addons.mozilla.org/"]; - installation_mode = "blocked"; - allowed_types = ["extension"]; - }; - # Extension IDs as keys, .applications.gecko.id in manifest.json - # uBlock Origin - "uBlock0@raymondhill.net" = addon { - url = "https://addons.mozilla.org/firefox/downloads/file/3509800/ublock_origin-1.25.0-an+fx.xpi"; - sha256 = "0pyna4c2b2ffh8ifjj4c8ga9b73g37pk432nyinf8majyb1fq6rc"; - }; - # Privacy Badger - "jid1-MnnxcxisBPnSXQ@jetpack" = addon { - url = "https://addons.mozilla.org/firefox/downloads/file/3509922/privacy_badger-2020.2.19-an+fx.xpi"; - sha256 = "1issggv5wl5x3a4p3q8hrhbkhgsdx9f2qzbscg6y6f75yazswc20"; - }; - # NoScript - "{73a6fe31-595d-460b-a920-fcc0f8843232}" = addon { - url = "https://addons.mozilla.org/firefox/downloads/file/3517653/noscript_security_suite-11.0.15-an+fx.xpi"; - sha256 = "0gb0a6pp0rj9jpg1094arqvcwxh1rd2m47ijawlidybm29qmyyay"; - }; - }; - ExtensionUpdate = false; - - FlashPlugin.Default = false; - - FirefoxHome = { - Search = true; - TopSites = false; - Highlights = false; - Pocket = false; - Snippets = false; - Locked = true; - }; - - Homepage.StartPage = "none"; - - NewTabPage = false; - NoDefaultBookmarks = true; - NetworkPrediction = false; - - OfferToSaveLogins = false; - OverrideFirstRunPage = ""; - OverridePostUpdatePage = ""; - - PasswordManagerEnabled = false; - - Permissions.Location = { - BlockNewRequests = true; - Locked = true; - }; - - Preferences = profiles.flattenAttrs { - app.update.auto = false; - - browser = { - cache.disk.enable = false; - fixup.dns_first_for_single_words = true; - - safebrowsing = { - phishing.enabled = false; - malware.enabled = false; - }; - - search.update = false; - slowStartup.notificationDisabled = true; - }; - - dom.event.contextmenu.enabled = false; - - extensions = { - blocklist.enabled = false; - getAddons.showPane = false; - htmlaboutaddons.recommendations.enabled = false; - }; - - geo.enabled = false; - - media = { - eme.enabled = false; - gmp-gmpopenh264.enabled = false; - gmp-widevinecdm.enabled = false; - peerconnection.enabled = false; - }; - - network.IDN_show_punycode = true; - - security.ssl.errorReporting.enabled = false; - }; - - Proxy = { - Mode = "none"; - Locked = true; - }; - - RequestedLocales = [ "de-DE" "en-US" ]; - - SanitizeOnShutdown = true; - - SearchBar = "separate"; - SearchSuggestEnabled = false; - - SearchEngines = { - Remove = [ "twitter" "bing" ]; - }; - }; - }; - - launcher = profiles.launcher bundle; -} diff --git a/nix/directory.nix b/nix/directory.nix new file mode 100644 index 0000000..980c718 --- /dev/null +++ b/nix/directory.nix @@ -0,0 +1,18 @@ +{ callPackage }: + +with builtins; +rec { + listDirectory = action: dir: + let + list = readDir dir; + in listToAttrs (map + (name: { + name = replaceStrings [".nix"] [""] name; + value = action (dir + ("/" + name)); + }) + (attrNames list)); + + pathDirectory = listDirectory (x: x); + importDirectory = listDirectory import; + callDirectory = listDirectory (p: callPackage p {}); +} diff --git a/nix/lib.nix b/nix/lib.nix index df1097f..12940b1 100644 --- a/nix/lib.nix +++ b/nix/lib.nix @@ -18,10 +18,11 @@ rec { else if false == v then "false" else abort "unsupported value type: ${builtins.typeOf v}"; - toUserPrefs = settings: pkgs.writeText "user.js" + mkPrefs = settings: pkgs.writeText "prefs.js" + ("// dummy line\n" + (lib.concatStringsSep "\n" - (lib.mapAttrsToList (k: v: "user_pref(\"${k}\", ${mkValueString v});") - (flattenAttrs settings))); + (lib.mapAttrsToList (k: v: "pref(\"${k}\", ${mkValueString v}, locked);") + (flattenAttrs settings)))); toSearchConfig = settings: pkgs.runCommand "search.json.mozlz4" {} '' ${mozlz4.compress} < ${pkgs.writeText "search.json" (builtins.toJSON settings)} > $out @@ -38,25 +39,39 @@ rec { inherit policies; }); - bundle = { policies }: + mergeProfiles = profiles: + let + sanitise = args: { + policies = args.policies or {}; + preferences = args.preferences or {}; + }; + sanitised = map sanitise profiles; + final = lib.foldl lib.recursiveUpdate {} sanitised; + in final; + + bundle = { policies ? {}, preferences ? {} }: let firefox = pkgs.firefox-unwrapped; + policies' = mkPolicies policies; + preferences' = mkPrefs preferences; patched = pkgs.runCommand "firefox-bundle" { nativeBuildInputs = [ pkgs.nix ]; disallowedReferences = [ firefox ]; } '' cp -r ${firefox} $out chmod -R +w $out + # correct argv[0], which is used to locate distribution and defaults substituteInPlace $out/bin/firefox \ --replace ${firefox} $out mkdir $out/lib/firefox/distribution - cp ${mkPolicies policies} $out/lib/firefox/distribution/policies.json + cp ${policies'} $out/lib/firefox/distribution/policies.json + cp ${preferences'} $out/lib/firefox/defaults/pref/99-custom.js ''; - wrapped = pkgs.wrapFirefox patched { + wrapped = (pkgs.wrapFirefox patched { browserName = "firefox"; version = "custom"; - }; + }) // { inherit policies preferences; }; in wrapped; launcher = firefox: pkgs.writeShellScriptBin "firefox" '' diff --git a/profiles/addons/default.nix b/profiles/addons/default.nix new file mode 100644 index 0000000..0e1827f --- /dev/null +++ b/profiles/addons/default.nix @@ -0,0 +1,51 @@ +{ lib, fetchurl }: + +let + # Extension IDs are used as keys, see .applications.gecko.id in manifest.json + addon = { id, url, sha256, settings ? null }: { + policies = { + ExtensionSettings.${id} = { + installation_mode = "force_installed"; + install_url = "file://${fetchurl { inherit url sha256; }}"; + }; + } // (lib.optionalAttrs (settings != null) { + "3rdparty".Extensions.${id} = settings; + }); + }; +in { + # This can be safe-ish, if extension installation is also disabled + disableExtensionSignatureChecking.preferences = { + xpinstall.signatures.required = false; + }; + + privacybadger = addon { + id = "jid1-MnnxcxisBPnSXQ@jetpack"; + url = "https://addons.mozilla.org/firefox/downloads/file/3509922/privacy_badger-2020.2.19-an+fx.xpi"; + sha256 = "1issggv5wl5x3a4p3q8hrhbkhgsdx9f2qzbscg6y6f75yazswc20"; + settings = { + showIntroPage = false; + }; + }; + + noscript = addon { + id = "{73a6fe31-595d-460b-a920-fcc0f8843232}"; + url = "https://addons.mozilla.org/firefox/downloads/file/3517653/noscript_security_suite-11.0.15-an+fx.xpi"; + sha256 = "0gb0a6pp0rj9jpg1094arqvcwxh1rd2m47ijawlidybm29qmyyay"; + }; + + ublock = addon { + id = "uBlock0@raymondhill.net"; + url = "https://addons.mozilla.org/firefox/downloads/file/3509800/ublock_origin-1.25.0-an+fx.xpi"; + sha256 = "0pyna4c2b2ffh8ifjj4c8ga9b73g37pk432nyinf8majyb1fq6rc"; + settings.adminSettings = builtins.readFile ./ublock/config.json; + }; + +/* + borderify.policies = { + ExtensionSettings."borderify@example.com" = { + installation_mode = "force_installed"; + install_url = "file://${../../borderify.xpi}"; + }; + }; +*/ +} diff --git a/ublock-config.json b/profiles/addons/ublock/config.json index 67ba236..67ba236 100644 --- a/ublock-config.json +++ b/profiles/addons/ublock/config.json diff --git a/profiles/defaults.nix b/profiles/defaults.nix new file mode 100644 index 0000000..72315f6 --- /dev/null +++ b/profiles/defaults.nix @@ -0,0 +1,21 @@ +{ ffLib }: { + policies = { + /*EnableTrackingProtection = { + Cryptomining = true; + Fingerprinting = true; + Value = true; + };*/ + + EnableTrackingProtection = { + Cryptomining = false; + Fingerprinting = false; + Value = false; + }; + + FlashPlugin.Default = false; + }; + + preferences = { + network.IDN_show_punycode = true; + }; +} diff --git a/profiles/distrustUser.nix b/profiles/distrustUser.nix new file mode 100644 index 0000000..b90175b --- /dev/null +++ b/profiles/distrustUser.nix @@ -0,0 +1,7 @@ +{ ffLib }: { + policies = { + BlockAboutAddons = true; + BlockAboutConfig = true; + BlockAboutProfiles = true; + }; +} diff --git a/profiles/forgetActivity.nix b/profiles/forgetActivity.nix new file mode 100644 index 0000000..e810723 --- /dev/null +++ b/profiles/forgetActivity.nix @@ -0,0 +1,11 @@ +{ }: { + policies = { + OfferToSaveLogins = false; + PasswordManagerEnabled = false; + SanitizeOnShutdown = true; + }; + + preferences = { + browser.cache.disk.enabled = false; + }; +} diff --git a/profiles/lessFingerprinting.nix b/profiles/lessFingerprinting.nix new file mode 100644 index 0000000..71c8be5 --- /dev/null +++ b/profiles/lessFingerprinting.nix @@ -0,0 +1,6 @@ +{}: { + # The specific pattern of anti-fingerprinting measures taken can itself be used for fingerprinting + preferences = { + dom.battery.enabled = false; + }; +} diff --git a/profiles/minimalConnections.nix b/profiles/minimalConnections.nix new file mode 100644 index 0000000..66c931b --- /dev/null +++ b/profiles/minimalConnections.nix @@ -0,0 +1,68 @@ +{ ffLib }: { + # https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections + policies = { + CaptivePortal = false; + DisableTelemetry = true; + NetworkPrediction = false; + SearchSuggestEnabled = false; + + Preferences = ffLib.flattenAttrs { + extensions = { + blocklist.enabled = false; + getAddons.showPane = false; + htmlaboutaddons.recommendations.enabled = false; + }; + }; + }; + + preferences = { + toolkit.telemetry = { + enabled = false; + server = ""; + unified = false; + archive.enabled = false; + + newProfilePing.enabled = false; + firstShutdownPing.enabled = false; + shutdownPing.enabled = false; + shutdownPingSender.enabled = false; + + # background hang reporting + bhrPing.enabled = false; + updatePing.enabled = false; + }; + + extensions = { + blocklist.enabled = false; + getAddons.showPane = false; + getAddons.cache.enabled = false; + htmlaboutaddons.recommendations.enabled = false; + + abuseReport = { + url = ""; + amoDetailsURL = ""; + }; + }; + + network = { + predictor = { + enable-prefetch = false; + prefetch-next = false; + }; + + # Prevent FF from establishing connections on mouse-hover + http.speculative-parallel-limit = 0; + }; + + services.settings.server = ""; + + # TODO: what exactly does this block? + services.blocklist.pinning.enabled = false; + + # don't send single words to search engine + browser.fixup.dns_first_for_single_words = true; + + beacon.enabled = false; + browser.send_pings = false; + }; +} diff --git a/profiles/minimalHome.nix b/profiles/minimalHome.nix new file mode 100644 index 0000000..04df5df --- /dev/null +++ b/profiles/minimalHome.nix @@ -0,0 +1,18 @@ +{ ffLib }: { + policies = { + FirefoxHome = { + Search = true; + TopSites = false; + Highlights = false; + Pocket = false; + Snippets = false; + Locked = true; # TODO: false? + }; + + OverrideFirstRunPage = ""; + OverridePostUpdatePage = ""; + + NewTabPage = false; + NoDefaultBookmarks = true; + }; +} diff --git a/profiles/noAccounts.nix b/profiles/noAccounts.nix new file mode 100644 index 0000000..6e712a4 --- /dev/null +++ b/profiles/noAccounts.nix @@ -0,0 +1,5 @@ +{ }: { + preferences = { + identity.fxaccounts.enabled = false; + }; +} diff --git a/profiles/noClutter.nix b/profiles/noClutter.nix new file mode 100644 index 0000000..e416894 --- /dev/null +++ b/profiles/noClutter.nix @@ -0,0 +1,9 @@ +{ }: { + policies = { + HomePage.StartPage = "none"; + }; + + preferences = { + browser.slowStartup.notificationDisabled = true; + }; +} diff --git a/profiles/noLocation.nix b/profiles/noLocation.nix new file mode 100644 index 0000000..7b05a98 --- /dev/null +++ b/profiles/noLocation.nix @@ -0,0 +1,12 @@ +{ ffLib }: { + policies = { + Permissions.Location = { + BlockNewRequests = true; + Locked = true; + }; + + Preferences = ffLib.flattenAttrs { + geo.enabled = false; + }; + }; +} diff --git a/profiles/noMedia.nix b/profiles/noMedia.nix new file mode 100644 index 0000000..bd5b856 --- /dev/null +++ b/profiles/noMedia.nix @@ -0,0 +1,12 @@ +{ ffLib }: { + policies = { + Preferences = ffLib.flattenAttrs { + media = { + eme.enabled = false; + gmp-gmpopenh264.enabled = false; + gmp-widevinecdm.enabled = false; + peerconnection.enabled = false; + }; + }; + }; +} diff --git a/profiles/noNormandy.nix b/profiles/noNormandy.nix new file mode 100644 index 0000000..1daeccb --- /dev/null +++ b/profiles/noNormandy.nix @@ -0,0 +1,9 @@ +{ ffLib }: { + # Normandy enables Mozilla to push changes to the default settings + preferences = { + app.normandy = { + enabled = false; + api_url = ""; + }; + }; +} diff --git a/profiles/noOCSP.nix b/profiles/noOCSP.nix new file mode 100644 index 0000000..a61b9ed --- /dev/null +++ b/profiles/noOCSP.nix @@ -0,0 +1,5 @@ +{ }: { + preferences = { + security.OCSP.enabled = false; + }; +} diff --git a/profiles/noPocket.nix b/profiles/noPocket.nix new file mode 100644 index 0000000..0814328 --- /dev/null +++ b/profiles/noPocket.nix @@ -0,0 +1,9 @@ +{ ffLib }: { + policies = { + DisablePocket = true; + }; + + preferences = { + extensions.pocket.enabled = false; + }; +} diff --git a/profiles/noSafebrowsing.nix b/profiles/noSafebrowsing.nix new file mode 100644 index 0000000..bd53006 --- /dev/null +++ b/profiles/noSafebrowsing.nix @@ -0,0 +1,10 @@ +{ ffLib }: { + preferences = { + browser.safebrowsing = { + phishing.enabled = false; + malware.enabled = false; + downloads.enabled = false; + downloads.remote.enabled = false; + }; + }; +} diff --git a/profiles/noStudies.nix b/profiles/noStudies.nix new file mode 100644 index 0000000..222cefe --- /dev/null +++ b/profiles/noStudies.nix @@ -0,0 +1,11 @@ +{ ffLib }: { + # https://blog.mozilla.org/firefox/update-looking-glass-add/ + # https://mozilla.github.io/normandy/user/end_user_interaction.html#opt-out-preference + policies = { + DisableFirefoxStudies = true; + }; + + preferences = { + app.shield.optoutstudies.enabled = false; + }; +} diff --git a/profiles/noTunnels.nix b/profiles/noTunnels.nix new file mode 100644 index 0000000..f8f5154 --- /dev/null +++ b/profiles/noTunnels.nix @@ -0,0 +1,13 @@ +{ }: { + policies = { + DNSOverHTTPS = { + Enabled = false; + Locked = true; + }; + + Proxy = { + Mode = "none"; + Locked = true; + }; + }; +} diff --git a/profiles/noUpdates.nix b/profiles/noUpdates.nix new file mode 100644 index 0000000..67cdb43 --- /dev/null +++ b/profiles/noUpdates.nix @@ -0,0 +1,25 @@ +{ ffLib }: { + policies = { + DisableAppUpdate = true; + DisableSystemAddonUpdate = true; + ExtensionUpdate = false; + + Preferences = ffLib.flattenAttrs { + app.update.auto = false; + browser.search.update = false; + }; + }; + + preferences = { + # try really hard to prevent search engine resets, probably wrong + browser.search = { + update = false; + geoSpecificDefaults = false; + "geoSpecificDefaults.url" = ""; + geoip.url = ""; + suggest.enabled = false; + reset.enabled = false; + reset.whitelist = ""; + }; + }; +} diff --git a/profiles/restrict.nix b/profiles/restrict.nix new file mode 100644 index 0000000..d751022 --- /dev/null +++ b/profiles/restrict.nix @@ -0,0 +1,26 @@ +{ ffLib }: { + policies = { + DisableProfileImport = true; + DisableProfileRefresh = true; + + DisableMasterPasswordCreation = true; + DisableFeedbackCommands = true; + DisableFirefoxAccounts = true; + DisableFormHistory = true; + DisablePasswordReveal = true; + + DontCheckDefaultBrowser = true; + + DisableSecurityBypass = { + InvalidCertificate = true; + SafeBrowsing = false; + }; + + ExtensionSettings."*" = { + blocked_install_message = "Installation von Erweiterungen ist nicht zugelassen."; + install_sources = ["https://addons.mozilla.org/"]; + installation_mode = "blocked"; + allowed_types = ["extension"]; + }; + }; +} |