diff --git a/default.nix b/default.nix index 22bfcfa..94fd18a 100644 --- a/default.nix +++ b/default.nix @@ -76,7 +76,13 @@ in { plugins = mkOption { type = types.attrsOf types.str; default = {}; - description = "set of plugins to install. Format: uid = url"; + description = "set of plugins to install. Format: guid = short-id"; + }; + + disableUserPlugins = mkOption { + type = types.bool; + default = false; + description = "disables user controlled plugins"; }; }; }; diff --git a/modules/firefox.nix b/modules/firefox.nix index 96ea6cb..c7a42e7 100644 --- a/modules/firefox.nix +++ b/modules/firefox.nix @@ -9,20 +9,24 @@ in { languagePacks = [ "de" "en-US" ]; policies = { ExtensionSettings = lib.mkMerge [ - {} # global rules. Potentially add blocking of regularly installed addons here. - (lib.mapAttrs (uid: url: { # explicit plugins by config - install_url = url; + (lib.mkIf cfg.firefox.disableUserPlugins { + "*".installation_mode = "blocked"; + } ) + (lib.mapAttrs (guid: shortId: { # explicit plugins by config + install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi"; installation_mode = "force_installed"; } ) cfg.firefox.plugins ) (lib.mkIf (cfg.tooling.enable && cfg.tooling.pass) { # password-store support - install_url = "https://addons.mozilla.org/firefox/downloads/latest/passff/latest.xpi"; - installation_mode = "force_installed"; + "passff@invicem.pro" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/passff/latest.xpi"; + installation_mode = "force_installed"; + }; }) ]; DisableTelemetry = true; DisableFirefoxStudies = true; EnableTrackingProtection = { - Value= true; + Value = true; Locked = true; Cryptomining = true; Fingerprinting = true;