aboutsummaryrefslogtreecommitdiff
path: root/nix
diff options
context:
space:
mode:
authortilpner2020-03-06 16:05:01 +0100
committertilpner2020-03-06 16:05:01 +0100
commit5014c0ed2160393fb787b585127bce8f27fda722 (patch)
treeb01c547725982c5ed866683c1b865381736653f8 /nix
parentedd25555261c17f74580245b8305cf7edefa4267 (diff)
downloadfirefox-profiles-5014c0ed2160393fb787b585127bce8f27fda722.tar.gz
firefox-profiles-5014c0ed2160393fb787b585127bce8f27fda722.tar.xz
firefox-profiles-5014c0ed2160393fb787b585127bce8f27fda722.zip
Separate policy into smaller modules
Diffstat (limited to 'nix')
-rw-r--r--nix/default.nix234
-rw-r--r--nix/directory.nix18
-rw-r--r--nix/lib.nix29
3 files changed, 40 insertions, 241 deletions
diff --git a/nix/default.nix b/nix/default.nix
deleted file mode 100644
index b3ac1c2..0000000
--- a/nix/default.nix
+++ /dev/null
@@ -1,234 +0,0 @@
-with import <nixpkgs> {};
-
-# http://kb.mozillazine.org/About:config_entries
-# https://www.privacy-handbuch.de/download/moderat/user.js
-
-rec {
- profiles = callPackage ./lib.nix {};
- search = callPackage ./search.nix {};
-
- # Normandy enables Mozilla to push changes to the default settings
- disableNormandy = {
- app.normandy = {
- enabled = false;
- api_url = "";
- };
- };
-
- disableTelemetry = {
- toolkit.telemetry = {
- enabled = false;
- server = "";
- unified = false;
- archive.enabled = false;
-
- newProfilePing.enabled = false;
- firstShutdownPing.enabled = false;
- shutdownPing.enabled = false;
- updatePing.enabled = false;
- };
- };
-
- disableErrorReporting = {
- breakpad.reportUrl = "";
- };
-
- basic = {
- network.captive-portal-service.enabled = false;
-
- # don't update search engines
- browser.search = {
- update = false;
- geoSpecificDefaults = false;
- "geoSpecificDefaults.url" = "";
- geoip.url = "";
- suggest.enabled = false;
- reset.enabled = false;
- reset.whitelist = "";
- };
-
- # disable studies
- # https://blog.mozilla.org/firefox/update-looking-glass-add/
- # https://mozilla.github.io/normandy/user/end_user_interaction.html#opt-out-preference
- app.shield.optoutstudies.enabled = false;
-
- # disable pocket
- extensions.pocket.enabled = false;
- };
-
- profile = profiles.profile {
- preferences = basic;
- search = search.mkSearchConfig {
- engines = [ search.engines.qwantjunior ];
- };
- };
-
- bundle = profiles.bundle {
- # https://github.com/mozilla/policy-templates, about:policies#documentation
- policies = {
- BlockAboutAddons = false;
- BlockAboutConfig = false;
- BlockAboutProfiles = true;
-
- CaptivePortal = false;
-
- DisableMasterPasswordCreation = true;
- DisableAppUpdate = true;
- DisableFeedbackCommands = true;
- DisableFirefoxAccounts = true;
- DisableFirefoxStudies = true;
- DisableFormHistory = true;
- DisablePasswordReveal = true;
- DisablePocket = true;
- DisableProfileImport = true;
- DisableProfileRefresh = true;
-
- DisableSecurityBypass = {
- InvalidCertificate = true;
- SafeBrowsing = false;
- };
-
- DisableSystemAddonUpdate = true;
- DisableTelemetry = true;
-
- DNSOverHTTPS = {
- Enabled = false;
- Locked = true;
- };
-
- DontCheckDefaultBrowser = true;
-
- EnableTrackingProtection = {
- Cryptomining = true;
- Fingerprinting = true;
- Value = true;
- };
-
- "3rdparty".Extensions = {
- # uBlock Origin
- "uBlock0@raymondhill.net".adminSettings = builtins.readFile ../ublock-config.json;
- # Privacy Badger
- "jid1-MnnxcxisBPnSXQ@jetpack" = {
- showIntroPage = false;
- };
- };
-
- ExtensionSettings =
- let
- fetchAddon = args: "file://${pkgs.fetchurl args}";
- addon = args: {
- installation_mode = "force_installed";
- install_url = fetchAddon args;
- };
- in {
- "*" = {
- blocked_install_message = "Installation von Erweiterungen ist nicht zugelassen.";
- install_sources = ["https://addons.mozilla.org/"];
- installation_mode = "blocked";
- allowed_types = ["extension"];
- };
- # Extension IDs as keys, .applications.gecko.id in manifest.json
- # uBlock Origin
- "uBlock0@raymondhill.net" = addon {
- url = "https://addons.mozilla.org/firefox/downloads/file/3509800/ublock_origin-1.25.0-an+fx.xpi";
- sha256 = "0pyna4c2b2ffh8ifjj4c8ga9b73g37pk432nyinf8majyb1fq6rc";
- };
- # Privacy Badger
- "jid1-MnnxcxisBPnSXQ@jetpack" = addon {
- url = "https://addons.mozilla.org/firefox/downloads/file/3509922/privacy_badger-2020.2.19-an+fx.xpi";
- sha256 = "1issggv5wl5x3a4p3q8hrhbkhgsdx9f2qzbscg6y6f75yazswc20";
- };
- # NoScript
- "{73a6fe31-595d-460b-a920-fcc0f8843232}" = addon {
- url = "https://addons.mozilla.org/firefox/downloads/file/3517653/noscript_security_suite-11.0.15-an+fx.xpi";
- sha256 = "0gb0a6pp0rj9jpg1094arqvcwxh1rd2m47ijawlidybm29qmyyay";
- };
- };
- ExtensionUpdate = false;
-
- FlashPlugin.Default = false;
-
- FirefoxHome = {
- Search = true;
- TopSites = false;
- Highlights = false;
- Pocket = false;
- Snippets = false;
- Locked = true;
- };
-
- Homepage.StartPage = "none";
-
- NewTabPage = false;
- NoDefaultBookmarks = true;
- NetworkPrediction = false;
-
- OfferToSaveLogins = false;
- OverrideFirstRunPage = "";
- OverridePostUpdatePage = "";
-
- PasswordManagerEnabled = false;
-
- Permissions.Location = {
- BlockNewRequests = true;
- Locked = true;
- };
-
- Preferences = profiles.flattenAttrs {
- app.update.auto = false;
-
- browser = {
- cache.disk.enable = false;
- fixup.dns_first_for_single_words = true;
-
- safebrowsing = {
- phishing.enabled = false;
- malware.enabled = false;
- };
-
- search.update = false;
- slowStartup.notificationDisabled = true;
- };
-
- dom.event.contextmenu.enabled = false;
-
- extensions = {
- blocklist.enabled = false;
- getAddons.showPane = false;
- htmlaboutaddons.recommendations.enabled = false;
- };
-
- geo.enabled = false;
-
- media = {
- eme.enabled = false;
- gmp-gmpopenh264.enabled = false;
- gmp-widevinecdm.enabled = false;
- peerconnection.enabled = false;
- };
-
- network.IDN_show_punycode = true;
-
- security.ssl.errorReporting.enabled = false;
- };
-
- Proxy = {
- Mode = "none";
- Locked = true;
- };
-
- RequestedLocales = [ "de-DE" "en-US" ];
-
- SanitizeOnShutdown = true;
-
- SearchBar = "separate";
- SearchSuggestEnabled = false;
-
- SearchEngines = {
- Remove = [ "twitter" "bing" ];
- };
- };
- };
-
- launcher = profiles.launcher bundle;
-}
diff --git a/nix/directory.nix b/nix/directory.nix
new file mode 100644
index 0000000..980c718
--- /dev/null
+++ b/nix/directory.nix
@@ -0,0 +1,18 @@
+{ callPackage }:
+
+with builtins;
+rec {
+ listDirectory = action: dir:
+ let
+ list = readDir dir;
+ in listToAttrs (map
+ (name: {
+ name = replaceStrings [".nix"] [""] name;
+ value = action (dir + ("/" + name));
+ })
+ (attrNames list));
+
+ pathDirectory = listDirectory (x: x);
+ importDirectory = listDirectory import;
+ callDirectory = listDirectory (p: callPackage p {});
+}
diff --git a/nix/lib.nix b/nix/lib.nix
index df1097f..12940b1 100644
--- a/nix/lib.nix
+++ b/nix/lib.nix
@@ -18,10 +18,11 @@ rec {
else if false == v then "false"
else abort "unsupported value type: ${builtins.typeOf v}";
- toUserPrefs = settings: pkgs.writeText "user.js"
+ mkPrefs = settings: pkgs.writeText "prefs.js"
+ ("// dummy line\n" +
(lib.concatStringsSep "\n"
- (lib.mapAttrsToList (k: v: "user_pref(\"${k}\", ${mkValueString v});")
- (flattenAttrs settings)));
+ (lib.mapAttrsToList (k: v: "pref(\"${k}\", ${mkValueString v}, locked);")
+ (flattenAttrs settings))));
toSearchConfig = settings: pkgs.runCommand "search.json.mozlz4" {} ''
${mozlz4.compress} < ${pkgs.writeText "search.json" (builtins.toJSON settings)} > $out
@@ -38,25 +39,39 @@ rec {
inherit policies;
});
- bundle = { policies }:
+ mergeProfiles = profiles:
+ let
+ sanitise = args: {
+ policies = args.policies or {};
+ preferences = args.preferences or {};
+ };
+ sanitised = map sanitise profiles;
+ final = lib.foldl lib.recursiveUpdate {} sanitised;
+ in final;
+
+ bundle = { policies ? {}, preferences ? {} }:
let
firefox = pkgs.firefox-unwrapped;
+ policies' = mkPolicies policies;
+ preferences' = mkPrefs preferences;
patched = pkgs.runCommand "firefox-bundle" {
nativeBuildInputs = [ pkgs.nix ];
disallowedReferences = [ firefox ];
} ''
cp -r ${firefox} $out
chmod -R +w $out
+ # correct argv[0], which is used to locate distribution and defaults
substituteInPlace $out/bin/firefox \
--replace ${firefox} $out
mkdir $out/lib/firefox/distribution
- cp ${mkPolicies policies} $out/lib/firefox/distribution/policies.json
+ cp ${policies'} $out/lib/firefox/distribution/policies.json
+ cp ${preferences'} $out/lib/firefox/defaults/pref/99-custom.js
'';
- wrapped = pkgs.wrapFirefox patched {
+ wrapped = (pkgs.wrapFirefox patched {
browserName = "firefox";
version = "custom";
- };
+ }) // { inherit policies preferences; };
in wrapped;
launcher = firefox: pkgs.writeShellScriptBin "firefox" ''