with import <nixpkgs> {};

# http://kb.mozillazine.org/About:config_entries
# https://www.privacy-handbuch.de/download/moderat/user.js

rec {
  profiles = callPackage ./lib.nix {};
  search = callPackage ./search.nix {};

  # Normandy enables Mozilla to push changes to the default settings
  disableNormandy = {
    app.normandy = {
      enabled = false;
      api_url = "";
    };
  };

  disableTelemetry = {
    toolkit.telemetry = {
      enabled = false;
      server = "";
      unified = false;
      archive.enabled = false;

      newProfilePing.enabled = false;
      firstShutdownPing.enabled = false;
      shutdownPing.enabled = false;
      updatePing.enabled = false;
    };
  };

  disableErrorReporting = {
    breakpad.reportUrl = "";
  };

  basic = {
    network.captive-portal-service.enabled = false;
    
    # don't update search engines
    browser.search = {
      update = false;
      geoSpecificDefaults = false;
      "geoSpecificDefaults.url" = "";
      geoip.url = "";
      suggest.enabled = false;
      reset.enabled = false;
      reset.whitelist = "";
    };

    # disable studies
    # https://blog.mozilla.org/firefox/update-looking-glass-add/
    # https://mozilla.github.io/normandy/user/end_user_interaction.html#opt-out-preference
    app.shield.optoutstudies.enabled = false;

    # disable pocket
    extensions.pocket.enabled = false;
  };

  profile = profiles.profile {
    preferences = basic;
    search = search.mkSearchConfig {
      engines = [ search.engines.qwantjunior ];
    };
  };

  bundle = profiles.bundle {
    # https://github.com/mozilla/policy-templates, about:policies#documentation
    policies = {
      BlockAboutAddons = false;
      BlockAboutConfig = false;
      BlockAboutProfiles = true;

      CaptivePortal = false;

      DisableMasterPasswordCreation = true;
      DisableAppUpdate = true;
      DisableFeedbackCommands = true;
      DisableFirefoxAccounts = true;
      DisableFirefoxStudies = true;
      DisableFormHistory = true;
      DisablePasswordReveal = true;
      DisablePocket = true;
      DisableProfileImport = true;
      DisableProfileRefresh = true;

      DisableSecurityBypass = {
        InvalidCertificate = true;
        SafeBrowsing = false;
      };

      DisableSystemAddonUpdate = true;
      DisableTelemetry = true;

      DNSOverHTTPS = {
        Enabled = false;
        Locked = true;
      };

      DontCheckDefaultBrowser = true;

      EnableTrackingProtection = {
        Cryptomining = true;
        Fingerprinting = true;
        Value = true;
      };

      "3rdparty".Extensions = {
        # uBlock Origin
        "uBlock0@raymondhill.net".adminSettings = builtins.readFile ../ublock-config.json;
        # Privacy Badger
        "jid1-MnnxcxisBPnSXQ@jetpack" = {
          showIntroPage = false;
        };
      };

      ExtensionSettings =
        let
          fetchAddon = args: "file://${pkgs.fetchurl args}";
          addon = args: {
            installation_mode = "force_installed";
            install_url = fetchAddon args;
          };
        in {
        "*" = {
          blocked_install_message = "Installation von Erweiterungen ist nicht zugelassen.";
          install_sources = ["https://addons.mozilla.org/"];
          installation_mode = "blocked";
          allowed_types = ["extension"];
        };
        # Extension IDs as keys, .applications.gecko.id in manifest.json
        # uBlock Origin
        "uBlock0@raymondhill.net" = addon {
          url = "https://addons.mozilla.org/firefox/downloads/file/3509800/ublock_origin-1.25.0-an+fx.xpi";
          sha256 = "0pyna4c2b2ffh8ifjj4c8ga9b73g37pk432nyinf8majyb1fq6rc";
        };
        # Privacy Badger
        "jid1-MnnxcxisBPnSXQ@jetpack" = addon {
          url = "https://addons.mozilla.org/firefox/downloads/file/3509922/privacy_badger-2020.2.19-an+fx.xpi";
          sha256 = "1issggv5wl5x3a4p3q8hrhbkhgsdx9f2qzbscg6y6f75yazswc20";
        };
        # NoScript
        "{73a6fe31-595d-460b-a920-fcc0f8843232}" = addon {
          url = "https://addons.mozilla.org/firefox/downloads/file/3517653/noscript_security_suite-11.0.15-an+fx.xpi";
          sha256 = "0gb0a6pp0rj9jpg1094arqvcwxh1rd2m47ijawlidybm29qmyyay";
        };
      };
      ExtensionUpdate = false;

      FlashPlugin.Default = false;

      FirefoxHome = {
        Search = true;
        TopSites = false;
        Highlights = false;
        Pocket = false;
        Snippets = false;
        Locked = true;
      };

      Homepage.StartPage = "none";

      NewTabPage = false;
      NoDefaultBookmarks = true;
      NetworkPrediction = false;

      OfferToSaveLogins = false;
      OverrideFirstRunPage = "";
      OverridePostUpdatePage = "";

      PasswordManagerEnabled = false;

      Permissions.Location = {
        BlockNewRequests = true;
        Locked = true;
      };

      Preferences = profiles.flattenAttrs {
        app.update.auto = false;

        browser = {
          cache.disk.enable = false;
          fixup.dns_first_for_single_words = true;

          safebrowsing = {
            phishing.enabled = false;
            malware.enabled = false;
          };

          search.update = false;
          slowStartup.notificationDisabled = true;
        };

        dom.event.contextmenu.enabled = false;

        extensions = {
          blocklist.enabled = false;
          getAddons.showPane = false;
          htmlaboutaddons.recommendations.enabled = false;
        };

        geo.enabled = false;

        media = {
          eme.enabled = false;
          gmp-gmpopenh264.enabled = false;
          gmp-widevinecdm.enabled = false;
          peerconnection.enabled = false;
        };

        network.IDN_show_punycode = true;

        security.ssl.errorReporting.enabled = false;
      };

      Proxy = {
        Mode = "none";
        Locked = true;
      };

      RequestedLocales = [ "de-DE" "en-US" ];

      SanitizeOnShutdown = true;

      SearchBar = "separate";
      SearchSuggestEnabled = false;

      SearchEngines = {
        Remove = [ "twitter" "bing" ];
      };
    };
  };

  launcher = profiles.launcher bundle;
}