fix and simplify firefoy addon management

default.nix

@@ -76,7 +76,13 @@ in {
       plugins = mkOption {
         type = types.attrsOf types.str;
         default = {};
-        description = "set of plugins to install. Format: uid = url";
+        description = "set of plugins to install. Format: guid = short-id";
+      };
+
+      disableUserPlugins = mkOption {
+        type = types.bool;
+        default = false;
+        description = "disables user controlled plugins";
       };
     };
   };

modules/firefox.nix

@@ -9,20 +9,24 @@ in {
       languagePacks = [ "de" "en-US" ];
       policies = {
         ExtensionSettings = lib.mkMerge [
-          {} # global rules. Potentially add blocking of regularly installed addons here.
-          (lib.mapAttrs (uid: url: { # explicit plugins by config 
-            install_url = url;
+          (lib.mkIf cfg.firefox.disableUserPlugins {
+            "*".installation_mode = "blocked";
+          } )
+          (lib.mapAttrs (guid: shortId: { # explicit plugins by config 
+            install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi";
             installation_mode = "force_installed";
           } ) cfg.firefox.plugins )
           (lib.mkIf (cfg.tooling.enable && cfg.tooling.pass) { # password-store support
-            install_url = "https://addons.mozilla.org/firefox/downloads/latest/passff/latest.xpi";
-            installation_mode = "force_installed";
+            "passff@invicem.pro" = {
+              install_url = "https://addons.mozilla.org/firefox/downloads/latest/passff/latest.xpi";
+              installation_mode = "force_installed";
+            };
           })
         ];
         DisableTelemetry = true;
         DisableFirefoxStudies = true;
         EnableTrackingProtection = {
-          Value= true;
+          Value = true;
           Locked = true;
           Cryptomining = true;
           Fingerprinting = true;