Ok finally
This commit is contained in:
@@ -1,90 +1,74 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
let
|
||||
# 1. Policies (Extensions & Locks)
|
||||
# policies.json is best for installing extensions and hard-locking features.
|
||||
policiesJson = builtins.toJSON {
|
||||
policies = {
|
||||
policies = {
|
||||
DisableTelemetry = true;
|
||||
DisableFirefoxStudies = true;
|
||||
DisablePocket = true;
|
||||
DisableFirefoxAccounts = true;
|
||||
OfferToSaveLogins = false;
|
||||
DisableSafeBrowsing = true;
|
||||
|
||||
FirefoxHome = {
|
||||
Search = true;
|
||||
TopSites = true;
|
||||
SponsoredTopSites = false;
|
||||
Highlights = false;
|
||||
Pocket = false;
|
||||
SponsoredPocket = false;
|
||||
};
|
||||
|
||||
SanitizeOnShutdown = {
|
||||
Cache = true;
|
||||
Cookies = false;
|
||||
History = false;
|
||||
Sessions = true;
|
||||
SiteSettings = false;
|
||||
OfflineApps = true;
|
||||
};
|
||||
|
||||
ExtensionSettings = {
|
||||
# Bitwarden
|
||||
"{446900e4-71c2-419f-a6a7-df9c091e268b}" = {
|
||||
install_url = "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi";
|
||||
installation_mode = "force_installed";
|
||||
};
|
||||
# Floccus
|
||||
"floccus@handmadeideas.org" = {
|
||||
install_url = "https://addons.mozilla.org/firefox/downloads/latest/floccus/latest.xpi";
|
||||
installation_mode = "force_installed";
|
||||
};
|
||||
# uBlock Origin
|
||||
"uBlock0@raymondhill.net" = {
|
||||
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
|
||||
installation_mode = "force_installed";
|
||||
};
|
||||
};
|
||||
|
||||
Preferences = {
|
||||
"browser.startup.homepage" = "about:home";
|
||||
"extensions.autoDisableScopes" = 0;
|
||||
"browser.toolbars.bookmarks.visibility" = "always";
|
||||
"network.cookie.cookieBehavior" = 1;
|
||||
"extensions.activeThemeID" = "firefox-alpenglow@mozilla.org";
|
||||
"privacy.resistFingerprinting" = true;
|
||||
"browser.ml.chat.enabled" = false;
|
||||
"browser.ml.chat.sidebar" = false;
|
||||
"browser.tabs.groups.smart.userEnabled" = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
policiesFile = pkgs.writeText "librewolf-policies.json" policiesJson;
|
||||
|
||||
# 2. User Preferences (user.js)
|
||||
# These are applied to the profile directly.
|
||||
# This avoids code-signing issues with modifying the App Bundle.
|
||||
userJs = pkgs.writeText "user.js" ''
|
||||
// Force Alpenglow Theme
|
||||
user_pref("extensions.activeThemeID", "firefox-alpenglow@mozilla.org");
|
||||
|
||||
// UI Tweaks
|
||||
user_pref("sidebar.revamp", true);
|
||||
user_pref("sidebar.verticalTabs", true);
|
||||
user_pref("sidebar.main.tools", "bookmarks,history,tabs");
|
||||
user_pref("sidebar.visibility", "always");
|
||||
|
||||
// Privacy
|
||||
user_pref("privacy.clearOnShutdown.cookies", false);
|
||||
user_pref("privacy.clearOnShutdown.history", false);
|
||||
'';
|
||||
|
||||
policiesFile = pkgs.writeText "librewolf-policies.json" (builtins.toJSON policies);
|
||||
in
|
||||
{
|
||||
# Activation script to apply both Policies (System) and user.js (Profile)
|
||||
system.activationScripts.postActivation.text = ''
|
||||
# 1. Apply Policies to the App Bundle (Distribution folder is usually safe to modify)
|
||||
# We check both standard locations
|
||||
for APP_DIR in "/Applications/LibreWolf.app" "$HOME/Applications/LibreWolf.app"; do
|
||||
if [ -d "$APP_DIR" ]; then
|
||||
echo ">>> Setting LibreWolf policies in $APP_DIR..."
|
||||
DIST_DIR="$APP_DIR/Contents/Resources/distribution"
|
||||
mkdir -p "$DIST_DIR"
|
||||
cp -f ${policiesFile} "$DIST_DIR/policies.json"
|
||||
chmod 644 "$DIST_DIR/policies.json"
|
||||
echo "Applied LibreWolf policies to $APP_DIR"
|
||||
fi
|
||||
done
|
||||
|
||||
# 2. Apply user.js to the User Profile
|
||||
# LibreWolf profiles are in ~/Library/Application Support/LibreWolf/Profiles/
|
||||
LIBREWOLF_DATA="$HOME/Library/Application Support/LibreWolf/Profiles"
|
||||
if [ -d "$LIBREWOLF_DATA" ]; then
|
||||
# Find the default release profile (usually ends in .default-release or .default)
|
||||
PROFILE_DIR=$(find "$LIBREWOLF_DATA" -maxdepth 1 -type d -name "*.default-release" | head -n 1)
|
||||
|
||||
# Fallback to *.default if release not found
|
||||
if [ -z "$PROFILE_DIR" ]; then
|
||||
PROFILE_DIR=$(find "$LIBREWOLF_DATA" -maxdepth 1 -type d -name "*.default" | head -n 1)
|
||||
fi
|
||||
|
||||
if [ -n "$PROFILE_DIR" ]; then
|
||||
echo ">>> Updating LibreWolf profile: $PROFILE_DIR"
|
||||
# We cat the file to ensure we don't mess up symlinks or permissions logic
|
||||
cat ${userJs} > "$PROFILE_DIR/user.js"
|
||||
else
|
||||
echo ">>> Warning: Could not find a default LibreWolf profile to apply user.js"
|
||||
fi
|
||||
fi
|
||||
'';
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user