firefox/policy.nix

149 lines
4.2 KiB
Nix
Raw Permalink Normal View History

2024-11-16 17:03:21 +01:00
{ lib, firefox ? false, thunderbird ? false }: let
inherit (lib) optionals optionalAttrs;
in assert (lib.xor firefox thunderbird); {
2024-11-16 16:04:35 +01:00
CaptivePortal = false;
Cookies = {
Behavior = "reject-tracker-and-partition-foreign";
BehivorPrivateBrowsing = "reject-tracker-and-partition-foreign";
};
DNSOverHTTPS.Enabled = false;
DisableEncryptedClientHello = false;
DisableFeedbackCommands = true;
DisableFirefoxStudies = true;
DisablePocket = true;
DisableTelemetry = true;
DontCheckDefaultBrowser = true;
EnableTrackingProtection = {
Value = true;
Cryptomining = true;
Fingerprinting = true;
EmailTracking = true;
};
EncryptedMediaExtensions.Enabled = true;
2024-11-16 17:03:21 +01:00
ExtensionSettings = {
"uBlock0@raymondhill.net" = {
installation_mode = "normal_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
};
} // optionalAttrs firefox {
"@testpilot-containers" = {
installation_mode = "normal_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/multi-account-containers/latest.xpi";
};
"gdpr@cavi.au.dk" = {
installation_mode = "normal_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/consent-o-matic/latest.xpi";
};
"jid1-BoFifL9Vbdl2zQ@jetpack" = {
installation_mode = "normal_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/decentraleyes/latest.xpi";
};
};
2024-11-16 16:04:35 +01:00
FirefoxHome = {
SponsoredTopSites = false;
SponsoredPocket = false;
};
FirefoxSuggest = {
SponsoredSuggestions = false;
ImproveSuggest = false;
};
HardwareAcceleration = true;
HomePage.StartPage = "previous-session";
HttpsOnlyMode = "force_enabled";
NewTabPage = false;
OverrideFirstRunPage = "";
PDFjs = {
Enabled = true;
EnablePermissions = false;
};
Permissions.AutoPlay.Default = "block-audio-video";
PopupBlocking.Default = true;
PostQuantumKeyAgreementEnabled = true;
Preferences = let
default = value: {
Status = "default";
Value = value;
};
locked = value: {
Status = "locked";
Value = value;
};
in {
2024-11-16 17:03:21 +01:00
# date and time formats
"intl.date_time.pattern_override.date_short" = default "yyyy-MM-dd";
"intl.date_time.pattern_override.time_short" = default "HH:mm";
2024-11-16 16:04:35 +01:00
# cache
"browser.cache.memory.enable" = default true;
"browser.cache.memory.capacity" = default 262144;
"browser.cache.disk.enable" = default true;
"browser.cache.disk.capacity" = default 16777216;
2024-11-19 19:02:09 +01:00
# disable WebGL by default
"webgl.disabled" = default true;
2024-11-16 16:04:35 +01:00
# disable Normandy
"app.normandy.enabled" = locked false;
"app.normandy.api_url" = locked "";
"app.shield.optoutstudies.enabled" = locked false;
# disable sending of file hashes
"browser.safebrowsing.downloads.remote.enabled" = default false;
"browser.safebrowsing.downloads.remote.url" = default "";
# disable accessibility
"accessibility.force_disabled" = default true;
# disable crash reporting
"browser.tabs.crashReporting.sendReport" = locked false;
"breakpad.reportURL" = locked "";
# disable beacon API
"beacon.enabled" = locked false;
# disable pings
"browser.send_pings" = locked false;
# strip crossorigin referrers
"network.http.referrer.XOriginTrimmingPolicy" = default 2;
# strip tracking query parameters
"privacy.query_stripping.enabled" = default true;
"privacy.query_stripping.enabled.pbmode" = default true;
# TLS
"security.ssl.require_safe_negotiation" = default true;
"security.tls.hello_downgrade_check" = default true;
"security.OCSP.enabled" = default 1;
"security.OCSP.require" = default true;
"security.cert_pinning.enforcement_level" = default 2;
"security.pki.crlite_mode" = default 2;
# enable ECN
"network.http.http3.ecn" = default true;
2024-11-16 17:03:21 +01:00
} // optionalAttrs firefox {
# hardware acceleration
"gfx.webrender.all" = default true;
"media.ffmpeg.vaapi.enabled" = default true;
2024-11-16 16:04:35 +01:00
};
PromptForDownloadLocation = true;
ShowHomeButton = false;
SSLVersionMin = "tls1.3";
TranslateEnabled = true;
}