profiles/noUpdates.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

{ ffLib }: {
  meta.description = ''
    Disable all automatic updates, including:
      - Firefox itself
      - Extensions
      - Search providers

    If some or all of these are externally managed, we may want to prevent automatic
    updates from undoing our changes.

    If any properties of our deployment have been audited, automatic updates may introduce
    unaudited components and compromise any guarantees made about the users security or privacy.
  '';

  policies = {
    DisableAppUpdate = true;
    DisableSystemAddonUpdate = true;
    ExtensionUpdate = false;

    Preferences = ffLib.flattenAttrs {
      app.update.auto = false;
      browser.search.update = false;
    };
  };

  preferences = {
    # try really hard to prevent search engine resets, probably wrong
    browser.search = {
      update = false;
      geoSpecificDefaults = false;
      "geoSpecificDefaults.url" = "";
      geoip.url = "";
      suggest.enabled = false;
      reset.enabled = false;
      reset.whitelist = "";
    };
  };
}