blob: ed5cccb648fe6d5f80c1d3fae04002d749175dc6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
{ config, lib, ff, ... }: with lib; {
options.features.disableUpdates = mkOption {
type = types.bool;
default = false;
description = ''
Disable all automatic updates, including:
- Firefox itself
- Extensions
- Search providers
If some or all of these are externally managed, we may want to prevent automatic
updates from undoing our changes.
If any properties of our deployment have been audited, automatic updates may introduce
unaudited components and compromise any guarantees made about the users security or privacy.
'';
};
config = lib.mkIf config.features.disableUpdates {
policies = {
DisableAppUpdate = true;
DisableSystemAddonUpdate = true;
ExtensionUpdate = false;
Preferences = ff.flattenAttrs {
app.update.auto = false;
browser.search.update = false;
};
};
preferences = {
# try really hard to prevent search engine resets, probably wrong
browser.search = {
update = false;
geoSpecificDefaults = false;
"geoSpecificDefaults.url" = "";
geoip.url = "";
suggest.enabled = false;
reset.enabled = false;
reset.whitelist = "";
};
};
};
}
|