WIP towards module based configuration

author: tilpner 2020-06-15 09:53:06 +0200
committer: tilpner 2020-06-15 09:53:06 +0200
commit: 367b0c114f38d5c332f5ee971ad13dd69e302dec (patch)
tree: ec0c5ee3e7e1f0a30517599e51bd0c8172635158 /profiles/disableNormandy.nix
parent: 2992d92e6ce0d7c96ccded0747d8815d8cfed956 (diff)
download: firefox-profiles-367b0c114f38d5c332f5ee971ad13dd69e302dec.tar.gz
firefox-profiles-367b0c114f38d5c332f5ee971ad13dd69e302dec.tar.xz
firefox-profiles-367b0c114f38d5c332f5ee971ad13dd69e302dec.zip
1 files changed, 23 insertions, 0 deletions
diff --git a/profiles/disableNormandy.nix b/profiles/disableNormandy.nix
new file mode 100644
index 0000000..1dc2dc9
--- /dev/null
+++ b/profiles/disableNormandy.nix
@@ -0,0 +1,23 @@
+{ config, lib, ... }: with lib; {
+  options.features.disableNormandy = mkOption {
+    type = types.bool;
+    default = false;
+    description = ''
+      Normandy enables Mozilla to push changes to the default settings.
+      Recently this was used to re-enable TLS 1.0 and 1.1 in FF 74, without releasing
+      a new update.
+
+      Normandy could be used to improve security, by pushing fixes to the default configuration
+      after a bad release, but it can also be used to introduce/enable anti-features.
+
+      Past activity can be reviewed at https://normandy.cdn.mozilla.net/api/v1/recipe/
+    '';
+  };
+
+  config.preferences = mkIf config.features.disableNormandy {
+    app.normandy = {
+      enabled = false;
+      api_url = "";
+    };
+  };
+}
author	tilpner	2020-06-15 09:53:06 +0200
committer	tilpner	2020-06-15 09:53:06 +0200
commit	367b0c114f38d5c332f5ee971ad13dd69e302dec (patch)
tree	ec0c5ee3e7e1f0a30517599e51bd0c8172635158 /profiles/disableNormandy.nix
parent	2992d92e6ce0d7c96ccded0747d8815d8cfed956 (diff)
download	firefox-profiles-367b0c114f38d5c332f5ee971ad13dd69e302dec.tar.gz firefox-profiles-367b0c114f38d5c332f5ee971ad13dd69e302dec.tar.xz firefox-profiles-367b0c114f38d5c332f5ee971ad13dd69e302dec.zip