From 5014c0ed2160393fb787b585127bce8f27fda722 Mon Sep 17 00:00:00 2001
From: tilpner
Date: Fri, 6 Mar 2020 16:05:01 +0100
Subject: Separate policy into smaller modules

---
 profiles/addons/default.nix | 51 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 profiles/addons/default.nix

(limited to 'profiles/addons/default.nix')

diff --git a/profiles/addons/default.nix b/profiles/addons/default.nix
new file mode 100644
index 0000000..0e1827f
--- /dev/null
+++ b/profiles/addons/default.nix
@@ -0,0 +1,51 @@
+{ lib, fetchurl }:
+
+let
+  # Extension IDs are used as keys, see .applications.gecko.id in manifest.json
+  addon = { id, url, sha256, settings ? null }: {
+    policies = {
+      ExtensionSettings.${id} = {
+        installation_mode = "force_installed";
+        install_url = "file://${fetchurl { inherit url sha256; }}";
+      };
+    } // (lib.optionalAttrs (settings != null) {
+      "3rdparty".Extensions.${id} = settings;
+    });
+  };
+in {
+  # This can be safe-ish, if extension installation is also disabled
+  disableExtensionSignatureChecking.preferences = {
+    xpinstall.signatures.required = false;
+  };
+
+  privacybadger = addon {
+    id = "jid1-MnnxcxisBPnSXQ@jetpack";
+    url = "https://addons.mozilla.org/firefox/downloads/file/3509922/privacy_badger-2020.2.19-an+fx.xpi";
+    sha256 = "1issggv5wl5x3a4p3q8hrhbkhgsdx9f2qzbscg6y6f75yazswc20";
+    settings = {
+      showIntroPage = false;
+    };
+  };
+
+  noscript = addon {
+    id = "{73a6fe31-595d-460b-a920-fcc0f8843232}";
+    url = "https://addons.mozilla.org/firefox/downloads/file/3517653/noscript_security_suite-11.0.15-an+fx.xpi";
+    sha256 = "0gb0a6pp0rj9jpg1094arqvcwxh1rd2m47ijawlidybm29qmyyay";
+  };
+
+  ublock = addon {
+    id = "uBlock0@raymondhill.net";
+    url = "https://addons.mozilla.org/firefox/downloads/file/3509800/ublock_origin-1.25.0-an+fx.xpi";
+    sha256 = "0pyna4c2b2ffh8ifjj4c8ga9b73g37pk432nyinf8majyb1fq6rc";
+    settings.adminSettings = builtins.readFile ./ublock/config.json;
+  };
+
+/*
+  borderify.policies = {
+    ExtensionSettings."borderify@example.com" = {
+      installation_mode = "force_installed";
+      install_url = "file://${../../borderify.xpi}";
+    };
+  };
+*/
+}
-- 
cgit v1.2.3