firefox/policy.nix

{
  CaptivePortal = false;

  Cookies = {
    Behavior = "reject-tracker-and-partition-foreign";
    BehivorPrivateBrowsing = "reject-tracker-and-partition-foreign";
  };

  DNSOverHTTPS.Enabled = false;
  DisableEncryptedClientHello = false;
  DisableFeedbackCommands = true;
  DisableFirefoxStudies = true;
  DisablePocket = true;
  DisableTelemetry = true;
  DontCheckDefaultBrowser = true;
  
  EnableTrackingProtection = {
    Value = true;
    Cryptomining = true;
    Fingerprinting = true;
    EmailTracking = true;
  };
  
  EncryptedMediaExtensions.Enabled = true;

  ExtensionSettings = [
    {
      "@testpilot-containers" = {
        installation_mode = "normal_installed";
        install_url = "https://addons.mozilla.org/firefox/downloads/latest/multi-account-containers/latest.xpi";
      };
    
      "uBlock0@raymondhill.net" = {
        installation_mode = "normal_installed";
        install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
      };

      "gdpr@cavi.au.dk" = {
        installation_mode = "normal_installed";
        install_url = "https://addons.mozilla.org/firefox/downloads/latest/consent-o-matic/latest.xpi";
      }

      "jid1-BoFifL9Vbdl2zQ@jetpack" = {
        installation_mode = "normal_installed";
        install_url = "https://addons.mozilla.org/firefox/downloads/latest/decentraleyes/latest.xpi";
      };
    }
  ];

  FirefoxHome = {
    SponsoredTopSites = false;
    SponsoredPocket = false;
  };

  FirefoxSuggest = {
    SponsoredSuggestions = false;
    ImproveSuggest = false;
  };

  HardwareAcceleration = true;
  HomePage.StartPage = "previous-session";
  HttpsOnlyMode = "force_enabled";
  NewTabPage = false;
  OverrideFirstRunPage = "";
  OverrideFirstRunPage = "";

  PDFjs = {
    Enabled = true;
    EnablePermissions = false;
  };

  Permissions.AutoPlay.Default = "block-audio-video";
  PopupBlocking.Default = true;
  PostQuantumKeyAgreementEnabled = true;

  Preferences = let
    default = value: {
      Status = "default";
      Value = value;
    };

    locked = value: {
      Status = "locked";
      Value = value;
    };
  in {
    # cache
    "browser.cache.memory.enable" = default true;
    "browser.cache.memory.capacity" = default 262144;
    "browser.cache.disk.enable" = default true;
    "browser.cache.disk.capacity" = default 16777216;

    # hardware acceleration
    "gfx.webrender.all" = default true;
    "media.ffmpeg.vaapi.enabled" = default true;

    # disable Normandy
    "app.normandy.enabled" = locked false;
    "app.normandy.api_url" = locked "";
    "app.shield.optoutstudies.enabled" = locked false;

    # disable sending of file hashes
    "browser.safebrowsing.downloads.remote.enabled" = default false;
    "browser.safebrowsing.downloads.remote.url" = default "";

    # disable accessibility
    "accessibility.force_disabled" = default true;

    # disable crash reporting
    "browser.tabs.crashReporting.sendReport" = locked false;
    "breakpad.reportURL" = locked "";

    # disable beacon API
    "beacon.enabled" = locked false;

    # disable pings
    "browser.send_pings" = locked false;

    # strip cross‐origin referrers
    "network.http.referrer.XOriginTrimmingPolicy" = default 2;

    # strip tracking query parameters
    "privacy.query_stripping.enabled" = default true;
    "privacy.query_stripping.enabled.pbmode" = default true;

    # TLS
    "security.ssl.require_safe_negotiation" = default true;
    "security.tls.hello_downgrade_check" = default true;
    "security.OCSP.enabled" = default 1;
    "security.OCSP.require" = default true;
    "security.cert_pinning.enforcement_level" = default 2;
    "security.pki.crlite_mode" = default 2;

    # enable ECN
    "network.http.http3.ecn" = default true;
  };
  
  PromptForDownloadLocation = true;
  ShowHomeButton = false;
  SSLVersionMin = "tls1.3";
  TranslateEnabled = true;
}