diff options
author | tilpner | 2020-03-06 16:05:01 +0100 |
---|---|---|
committer | tilpner | 2020-03-06 16:05:01 +0100 |
commit | 5014c0ed2160393fb787b585127bce8f27fda722 (patch) | |
tree | b01c547725982c5ed866683c1b865381736653f8 /nix | |
parent | edd25555261c17f74580245b8305cf7edefa4267 (diff) | |
download | firefox-profiles-5014c0ed2160393fb787b585127bce8f27fda722.tar.gz firefox-profiles-5014c0ed2160393fb787b585127bce8f27fda722.tar.xz firefox-profiles-5014c0ed2160393fb787b585127bce8f27fda722.zip |
Separate policy into smaller modules
Diffstat (limited to 'nix')
-rw-r--r-- | nix/default.nix | 234 | ||||
-rw-r--r-- | nix/directory.nix | 18 | ||||
-rw-r--r-- | nix/lib.nix | 29 |
3 files changed, 40 insertions, 241 deletions
diff --git a/nix/default.nix b/nix/default.nix deleted file mode 100644 index b3ac1c2..0000000 --- a/nix/default.nix +++ /dev/null @@ -1,234 +0,0 @@ -with import <nixpkgs> {}; - -# http://kb.mozillazine.org/About:config_entries -# https://www.privacy-handbuch.de/download/moderat/user.js - -rec { - profiles = callPackage ./lib.nix {}; - search = callPackage ./search.nix {}; - - # Normandy enables Mozilla to push changes to the default settings - disableNormandy = { - app.normandy = { - enabled = false; - api_url = ""; - }; - }; - - disableTelemetry = { - toolkit.telemetry = { - enabled = false; - server = ""; - unified = false; - archive.enabled = false; - - newProfilePing.enabled = false; - firstShutdownPing.enabled = false; - shutdownPing.enabled = false; - updatePing.enabled = false; - }; - }; - - disableErrorReporting = { - breakpad.reportUrl = ""; - }; - - basic = { - network.captive-portal-service.enabled = false; - - # don't update search engines - browser.search = { - update = false; - geoSpecificDefaults = false; - "geoSpecificDefaults.url" = ""; - geoip.url = ""; - suggest.enabled = false; - reset.enabled = false; - reset.whitelist = ""; - }; - - # disable studies - # https://blog.mozilla.org/firefox/update-looking-glass-add/ - # https://mozilla.github.io/normandy/user/end_user_interaction.html#opt-out-preference - app.shield.optoutstudies.enabled = false; - - # disable pocket - extensions.pocket.enabled = false; - }; - - profile = profiles.profile { - preferences = basic; - search = search.mkSearchConfig { - engines = [ search.engines.qwantjunior ]; - }; - }; - - bundle = profiles.bundle { - # https://github.com/mozilla/policy-templates, about:policies#documentation - policies = { - BlockAboutAddons = false; - BlockAboutConfig = false; - BlockAboutProfiles = true; - - CaptivePortal = false; - - DisableMasterPasswordCreation = true; - DisableAppUpdate = true; - DisableFeedbackCommands = true; - DisableFirefoxAccounts = true; - DisableFirefoxStudies = true; - DisableFormHistory = true; - DisablePasswordReveal = true; - DisablePocket = true; - DisableProfileImport = true; - DisableProfileRefresh = true; - - DisableSecurityBypass = { - InvalidCertificate = true; - SafeBrowsing = false; - }; - - DisableSystemAddonUpdate = true; - DisableTelemetry = true; - - DNSOverHTTPS = { - Enabled = false; - Locked = true; - }; - - DontCheckDefaultBrowser = true; - - EnableTrackingProtection = { - Cryptomining = true; - Fingerprinting = true; - Value = true; - }; - - "3rdparty".Extensions = { - # uBlock Origin - "uBlock0@raymondhill.net".adminSettings = builtins.readFile ../ublock-config.json; - # Privacy Badger - "jid1-MnnxcxisBPnSXQ@jetpack" = { - showIntroPage = false; - }; - }; - - ExtensionSettings = - let - fetchAddon = args: "file://${pkgs.fetchurl args}"; - addon = args: { - installation_mode = "force_installed"; - install_url = fetchAddon args; - }; - in { - "*" = { - blocked_install_message = "Installation von Erweiterungen ist nicht zugelassen."; - install_sources = ["https://addons.mozilla.org/"]; - installation_mode = "blocked"; - allowed_types = ["extension"]; - }; - # Extension IDs as keys, .applications.gecko.id in manifest.json - # uBlock Origin - "uBlock0@raymondhill.net" = addon { - url = "https://addons.mozilla.org/firefox/downloads/file/3509800/ublock_origin-1.25.0-an+fx.xpi"; - sha256 = "0pyna4c2b2ffh8ifjj4c8ga9b73g37pk432nyinf8majyb1fq6rc"; - }; - # Privacy Badger - "jid1-MnnxcxisBPnSXQ@jetpack" = addon { - url = "https://addons.mozilla.org/firefox/downloads/file/3509922/privacy_badger-2020.2.19-an+fx.xpi"; - sha256 = "1issggv5wl5x3a4p3q8hrhbkhgsdx9f2qzbscg6y6f75yazswc20"; - }; - # NoScript - "{73a6fe31-595d-460b-a920-fcc0f8843232}" = addon { - url = "https://addons.mozilla.org/firefox/downloads/file/3517653/noscript_security_suite-11.0.15-an+fx.xpi"; - sha256 = "0gb0a6pp0rj9jpg1094arqvcwxh1rd2m47ijawlidybm29qmyyay"; - }; - }; - ExtensionUpdate = false; - - FlashPlugin.Default = false; - - FirefoxHome = { - Search = true; - TopSites = false; - Highlights = false; - Pocket = false; - Snippets = false; - Locked = true; - }; - - Homepage.StartPage = "none"; - - NewTabPage = false; - NoDefaultBookmarks = true; - NetworkPrediction = false; - - OfferToSaveLogins = false; - OverrideFirstRunPage = ""; - OverridePostUpdatePage = ""; - - PasswordManagerEnabled = false; - - Permissions.Location = { - BlockNewRequests = true; - Locked = true; - }; - - Preferences = profiles.flattenAttrs { - app.update.auto = false; - - browser = { - cache.disk.enable = false; - fixup.dns_first_for_single_words = true; - - safebrowsing = { - phishing.enabled = false; - malware.enabled = false; - }; - - search.update = false; - slowStartup.notificationDisabled = true; - }; - - dom.event.contextmenu.enabled = false; - - extensions = { - blocklist.enabled = false; - getAddons.showPane = false; - htmlaboutaddons.recommendations.enabled = false; - }; - - geo.enabled = false; - - media = { - eme.enabled = false; - gmp-gmpopenh264.enabled = false; - gmp-widevinecdm.enabled = false; - peerconnection.enabled = false; - }; - - network.IDN_show_punycode = true; - - security.ssl.errorReporting.enabled = false; - }; - - Proxy = { - Mode = "none"; - Locked = true; - }; - - RequestedLocales = [ "de-DE" "en-US" ]; - - SanitizeOnShutdown = true; - - SearchBar = "separate"; - SearchSuggestEnabled = false; - - SearchEngines = { - Remove = [ "twitter" "bing" ]; - }; - }; - }; - - launcher = profiles.launcher bundle; -} diff --git a/nix/directory.nix b/nix/directory.nix new file mode 100644 index 0000000..980c718 --- /dev/null +++ b/nix/directory.nix @@ -0,0 +1,18 @@ +{ callPackage }: + +with builtins; +rec { + listDirectory = action: dir: + let + list = readDir dir; + in listToAttrs (map + (name: { + name = replaceStrings [".nix"] [""] name; + value = action (dir + ("/" + name)); + }) + (attrNames list)); + + pathDirectory = listDirectory (x: x); + importDirectory = listDirectory import; + callDirectory = listDirectory (p: callPackage p {}); +} diff --git a/nix/lib.nix b/nix/lib.nix index df1097f..12940b1 100644 --- a/nix/lib.nix +++ b/nix/lib.nix @@ -18,10 +18,11 @@ rec { else if false == v then "false" else abort "unsupported value type: ${builtins.typeOf v}"; - toUserPrefs = settings: pkgs.writeText "user.js" + mkPrefs = settings: pkgs.writeText "prefs.js" + ("// dummy line\n" + (lib.concatStringsSep "\n" - (lib.mapAttrsToList (k: v: "user_pref(\"${k}\", ${mkValueString v});") - (flattenAttrs settings))); + (lib.mapAttrsToList (k: v: "pref(\"${k}\", ${mkValueString v}, locked);") + (flattenAttrs settings)))); toSearchConfig = settings: pkgs.runCommand "search.json.mozlz4" {} '' ${mozlz4.compress} < ${pkgs.writeText "search.json" (builtins.toJSON settings)} > $out @@ -38,25 +39,39 @@ rec { inherit policies; }); - bundle = { policies }: + mergeProfiles = profiles: + let + sanitise = args: { + policies = args.policies or {}; + preferences = args.preferences or {}; + }; + sanitised = map sanitise profiles; + final = lib.foldl lib.recursiveUpdate {} sanitised; + in final; + + bundle = { policies ? {}, preferences ? {} }: let firefox = pkgs.firefox-unwrapped; + policies' = mkPolicies policies; + preferences' = mkPrefs preferences; patched = pkgs.runCommand "firefox-bundle" { nativeBuildInputs = [ pkgs.nix ]; disallowedReferences = [ firefox ]; } '' cp -r ${firefox} $out chmod -R +w $out + # correct argv[0], which is used to locate distribution and defaults substituteInPlace $out/bin/firefox \ --replace ${firefox} $out mkdir $out/lib/firefox/distribution - cp ${mkPolicies policies} $out/lib/firefox/distribution/policies.json + cp ${policies'} $out/lib/firefox/distribution/policies.json + cp ${preferences'} $out/lib/firefox/defaults/pref/99-custom.js ''; - wrapped = pkgs.wrapFirefox patched { + wrapped = (pkgs.wrapFirefox patched { browserName = "firefox"; version = "custom"; - }; + }) // { inherit policies preferences; }; in wrapped; launcher = firefox: pkgs.writeShellScriptBin "firefox" '' |