From 5014c0ed2160393fb787b585127bce8f27fda722 Mon Sep 17 00:00:00 2001
From: tilpner
Date: Fri, 6 Mar 2020 16:05:01 +0100
Subject: Separate policy into smaller modules

---
 profiles/minimalConnections.nix | 68 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100644 profiles/minimalConnections.nix

(limited to 'profiles/minimalConnections.nix')

diff --git a/profiles/minimalConnections.nix b/profiles/minimalConnections.nix
new file mode 100644
index 0000000..66c931b
--- /dev/null
+++ b/profiles/minimalConnections.nix
@@ -0,0 +1,68 @@
+{ ffLib }: {
+  # https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections
+  policies = {
+    CaptivePortal = false;
+    DisableTelemetry = true;
+    NetworkPrediction = false;
+    SearchSuggestEnabled = false;
+
+    Preferences = ffLib.flattenAttrs {
+      extensions = {
+        blocklist.enabled = false;
+        getAddons.showPane = false;
+        htmlaboutaddons.recommendations.enabled = false;
+      };
+    };
+  };
+
+  preferences = {
+    toolkit.telemetry = {
+      enabled = false;       
+      server = "";                 
+      unified = false;
+      archive.enabled = false;
+    
+      newProfilePing.enabled = false;
+      firstShutdownPing.enabled = false;
+      shutdownPing.enabled = false;
+      shutdownPingSender.enabled = false;
+
+      # background hang reporting
+      bhrPing.enabled = false;
+      updatePing.enabled = false;
+    };
+
+    extensions = {
+      blocklist.enabled = false;
+      getAddons.showPane = false;
+      getAddons.cache.enabled = false;
+      htmlaboutaddons.recommendations.enabled = false;
+
+      abuseReport = {
+        url = "";
+        amoDetailsURL = "";
+      };
+    };
+    
+    network = {
+      predictor = {
+        enable-prefetch = false;
+        prefetch-next = false;
+      };
+
+      # Prevent FF from establishing connections on mouse-hover
+      http.speculative-parallel-limit = 0;
+    };
+
+    services.settings.server = "";
+    
+    # TODO: what exactly does this block?
+    services.blocklist.pinning.enabled = false;
+
+    # don't send single words to search engine
+    browser.fixup.dns_first_for_single_words = true;
+
+    beacon.enabled = false;
+    browser.send_pings = false;
+  };
+}
-- 
cgit v1.2.3