From edd25555261c17f74580245b8305cf7edefa4267 Mon Sep 17 00:00:00 2001 From: tilpner Date: Thu, 5 Mar 2020 16:45:36 +0100 Subject: Initial commit --- nix/default.nix | 234 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 234 insertions(+) create mode 100644 nix/default.nix (limited to 'nix/default.nix') diff --git a/nix/default.nix b/nix/default.nix new file mode 100644 index 0000000..b3ac1c2 --- /dev/null +++ b/nix/default.nix @@ -0,0 +1,234 @@ +with import {}; + +# http://kb.mozillazine.org/About:config_entries +# https://www.privacy-handbuch.de/download/moderat/user.js + +rec { + profiles = callPackage ./lib.nix {}; + search = callPackage ./search.nix {}; + + # Normandy enables Mozilla to push changes to the default settings + disableNormandy = { + app.normandy = { + enabled = false; + api_url = ""; + }; + }; + + disableTelemetry = { + toolkit.telemetry = { + enabled = false; + server = ""; + unified = false; + archive.enabled = false; + + newProfilePing.enabled = false; + firstShutdownPing.enabled = false; + shutdownPing.enabled = false; + updatePing.enabled = false; + }; + }; + + disableErrorReporting = { + breakpad.reportUrl = ""; + }; + + basic = { + network.captive-portal-service.enabled = false; + + # don't update search engines + browser.search = { + update = false; + geoSpecificDefaults = false; + "geoSpecificDefaults.url" = ""; + geoip.url = ""; + suggest.enabled = false; + reset.enabled = false; + reset.whitelist = ""; + }; + + # disable studies + # https://blog.mozilla.org/firefox/update-looking-glass-add/ + # https://mozilla.github.io/normandy/user/end_user_interaction.html#opt-out-preference + app.shield.optoutstudies.enabled = false; + + # disable pocket + extensions.pocket.enabled = false; + }; + + profile = profiles.profile { + preferences = basic; + search = search.mkSearchConfig { + engines = [ search.engines.qwantjunior ]; + }; + }; + + bundle = profiles.bundle { + # https://github.com/mozilla/policy-templates, about:policies#documentation + policies = { + BlockAboutAddons = false; + BlockAboutConfig = false; + BlockAboutProfiles = true; + + CaptivePortal = false; + + DisableMasterPasswordCreation = true; + DisableAppUpdate = true; + DisableFeedbackCommands = true; + DisableFirefoxAccounts = true; + DisableFirefoxStudies = true; + DisableFormHistory = true; + DisablePasswordReveal = true; + DisablePocket = true; + DisableProfileImport = true; + DisableProfileRefresh = true; + + DisableSecurityBypass = { + InvalidCertificate = true; + SafeBrowsing = false; + }; + + DisableSystemAddonUpdate = true; + DisableTelemetry = true; + + DNSOverHTTPS = { + Enabled = false; + Locked = true; + }; + + DontCheckDefaultBrowser = true; + + EnableTrackingProtection = { + Cryptomining = true; + Fingerprinting = true; + Value = true; + }; + + "3rdparty".Extensions = { + # uBlock Origin + "uBlock0@raymondhill.net".adminSettings = builtins.readFile ../ublock-config.json; + # Privacy Badger + "jid1-MnnxcxisBPnSXQ@jetpack" = { + showIntroPage = false; + }; + }; + + ExtensionSettings = + let + fetchAddon = args: "file://${pkgs.fetchurl args}"; + addon = args: { + installation_mode = "force_installed"; + install_url = fetchAddon args; + }; + in { + "*" = { + blocked_install_message = "Installation von Erweiterungen ist nicht zugelassen."; + install_sources = ["https://addons.mozilla.org/"]; + installation_mode = "blocked"; + allowed_types = ["extension"]; + }; + # Extension IDs as keys, .applications.gecko.id in manifest.json + # uBlock Origin + "uBlock0@raymondhill.net" = addon { + url = "https://addons.mozilla.org/firefox/downloads/file/3509800/ublock_origin-1.25.0-an+fx.xpi"; + sha256 = "0pyna4c2b2ffh8ifjj4c8ga9b73g37pk432nyinf8majyb1fq6rc"; + }; + # Privacy Badger + "jid1-MnnxcxisBPnSXQ@jetpack" = addon { + url = "https://addons.mozilla.org/firefox/downloads/file/3509922/privacy_badger-2020.2.19-an+fx.xpi"; + sha256 = "1issggv5wl5x3a4p3q8hrhbkhgsdx9f2qzbscg6y6f75yazswc20"; + }; + # NoScript + "{73a6fe31-595d-460b-a920-fcc0f8843232}" = addon { + url = "https://addons.mozilla.org/firefox/downloads/file/3517653/noscript_security_suite-11.0.15-an+fx.xpi"; + sha256 = "0gb0a6pp0rj9jpg1094arqvcwxh1rd2m47ijawlidybm29qmyyay"; + }; + }; + ExtensionUpdate = false; + + FlashPlugin.Default = false; + + FirefoxHome = { + Search = true; + TopSites = false; + Highlights = false; + Pocket = false; + Snippets = false; + Locked = true; + }; + + Homepage.StartPage = "none"; + + NewTabPage = false; + NoDefaultBookmarks = true; + NetworkPrediction = false; + + OfferToSaveLogins = false; + OverrideFirstRunPage = ""; + OverridePostUpdatePage = ""; + + PasswordManagerEnabled = false; + + Permissions.Location = { + BlockNewRequests = true; + Locked = true; + }; + + Preferences = profiles.flattenAttrs { + app.update.auto = false; + + browser = { + cache.disk.enable = false; + fixup.dns_first_for_single_words = true; + + safebrowsing = { + phishing.enabled = false; + malware.enabled = false; + }; + + search.update = false; + slowStartup.notificationDisabled = true; + }; + + dom.event.contextmenu.enabled = false; + + extensions = { + blocklist.enabled = false; + getAddons.showPane = false; + htmlaboutaddons.recommendations.enabled = false; + }; + + geo.enabled = false; + + media = { + eme.enabled = false; + gmp-gmpopenh264.enabled = false; + gmp-widevinecdm.enabled = false; + peerconnection.enabled = false; + }; + + network.IDN_show_punycode = true; + + security.ssl.errorReporting.enabled = false; + }; + + Proxy = { + Mode = "none"; + Locked = true; + }; + + RequestedLocales = [ "de-DE" "en-US" ]; + + SanitizeOnShutdown = true; + + SearchBar = "separate"; + SearchSuggestEnabled = false; + + SearchEngines = { + Remove = [ "twitter" "bing" ]; + }; + }; + }; + + launcher = profiles.launcher bundle; +} -- cgit v1.2.3