profiles/disableNormandy.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

{ config, lib, ... }: with lib; {
  options.features.disableNormandy = mkOption {
    type = types.bool;
    default = false;
    description = ''
      Normandy enables Mozilla to push changes to the default settings.
      Recently this was used to re-enable TLS 1.0 and 1.1 in FF 74, without releasing
      a new update.

      Normandy could be used to improve security, by pushing fixes to the default configuration
      after a bad release, but it can also be used to introduce/enable anti-features.

      Past activity can be reviewed at https://normandy.cdn.mozilla.net/api/v1/recipe/
    '';
  };

  config.preferences = mkIf config.features.disableNormandy {
    app.normandy = {
      enabled = false;
      api_url = "";
    };
  };
}