Firefox with extensions and global config

[Qubasa]

This pull request adds two main features.

1. To be able to configure Firefox extensions through nix packages
2. Added many configuration options like

  , extraPrefs ? ""
  , extraExtensions ? [ ]
  , noNewProfileOnFFUpdate ? false
  , allowNonSigned ? false
  , disablePocket ? false
  , disableTelemetry ? true
  , disableDrmPlugin ? false
  , showPunycodeUrls ? true
  , enableUserchromeCSS ? false
  , disableFirefoxStudies ? true
  , disableFirefoxSync ? false
  , disableFirefoxUpdatePage ? true
  , useSystemCertificates ? true
  , dontCheckDefaultBrowser ? false
  # For more information about anti tracking (german website)
  # vist https://wiki.kairaven.de/open/app/firefox
  , activateAntiTracking ? true
  , disableFeedbackCommands ? true
  , disableDNSOverHTTPS ? true
  , disableGoogleSafebrowsing ? true
  , clearDataOnShutdown ? false
  , homepage ? "about:home"
  , enableDarkDevTools ? false
  # For more information about policies visit
  # https://github.com/mozilla/policy-templates#enterprisepoliciesenabled
  , extraPolicies ? {}

I used and added features to the code from #57554 as a reference as the pull request is sadly on hold.

An example for a Firefox extension nix package would be:
https://github.com/Luis-Hebendanz/nix-configs/blob/master/own-pkgs/ublock-origin/default.nix
or if the extension does not provide an extension id it would be like this:
https://github.com/Luis-Hebendanz/nix-configs/blob/master/own-pkgs/canvas-fingerprint-defender/default.nix

An example on how to call the wrapper is located here:
https://github.com/Luis-Hebendanz/nix-configs/blob/master/firefox.nix

I am sure that some things can be improved. Sadly I have very limited time but many people want this so I am putting this up. If you have improvement ideas please add them directly as a commit because I do not have the time to implement them myself ^^

Things done

• Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
• Built on platform(s)
  • NixOS
  • macOS
  • other Linux distributions
• Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
• Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
• [ x ] Tested execution of all binary files (usually in ./result/bin/)
• Determined the impact on package closure size (by running nix path-info -S before and after)
• Ensured that relevant documentation is up to date
• Fits CONTRIBUTING.md.

Notify maintainers

cc @Lassulus

[jtojnar]

It looks like you did not push the commits in question. Please fix the branch locally force push to update it here.

Also I am not sure how well will adding all the config options as top-level arguments scale – maybe grouping it under common attrset will be nicer.

[7c6f434c]

# For more information about anti tracking # vist https://wiki.kairaven.de/open/app/firefox

Maybe mention that the page is in German?

, activateAntiTracking ? true

What is the promise here? Enable the Enterprise policy? Policy plus some extra about:config settings? Will the set of extras be updated? I think a nice first step would be to have policies and config entries as two attrset arguments, with commented defaults and `deepMerge` of the arguments on top of the defaults. And use exactly the upstream names/paths.

, enableDarkDevTools ? true

This is just colour scheme application? Why set it to not-upstream-default? Maybe also add a default-off option for honouring userChrome.css?

[andir]

The Firefox wrapper is reaching a point where we should probably have tests for it. Otherwise this looks great but I do not think anyone is happily maintaining this without some supportive tests for (each of?) the features.

Also did you solve the uninstall of firefox extensions? Previous attempts always fell short on that and I do not feel like adding support for adding but not removing plugins.

[Qubasa]

Maybe mention that the page is in German?
, activateAntiTracking ? true
, enableDarkDevTools ? true
This is just colour scheme application? Why set it to not-upstream-default? Maybe also add a default-off option for honouring userChrome.css?

I changed the enableDarkDevTools to false and made a note that the link is a german website.
I also added the options "enableUserchromeCSS".

What is the promise here? Enable the Enterprise policy? Policy plus some extra about:config settings? Will the set of extras be updated? I think a nice first step would be to have policies and config entries as two attrset arguments, with commented defaults and deepMerge of the arguments on top of the defaults. And use exactly the upstream names/paths.

This is already the case. The options extraPrefs and extraPolicies do exactly that. The other options are convenience features that I think are important to make visible and abstract away. Because otherwise nobody knows these options are available or how exactly to set them ( as often times you have to set multiple settings in userPref.json and in the enterprise Policy to have the desired effect)

[Qubasa]

The Firefox wrapper is reaching a point where we should probably have tests for it. Otherwise this looks great but I do not think anyone is happily maintaining this without some supportive tests for (each of?) the features.

I agree having tests for it is probably a good idea. Sadly I don't have the time and resources to do that but maybe someone else?
I also thought about nicely asking Mozilla to update the userPref.json attributes, as they do provide the wrapper and firefox package for Nixos and have the most in depth knowledge about it (of course)

Also did you solve the uninstall of firefox extensions? Previous attempts always fell short on that and I do not feel like adding support for adding but not removing plugins.

Yes this does remove the addons! Because here we work with the enterprise whitelist for extensions. If the extension is not whitelisted then it will automatically be removed from every profile

[jtojnar]

This is already the case. The options extraPrefs and extraPolicies do exactly that. The other options are convenience features that I think are important to make visible and abstract away. Because otherwise nobody knows these options are available or how exactly to set them ( as often times you have to set multiple settings in userPref.json and in the enterprise Policy to have the desired effect)

I am still not convinced the package should expose convenience features. Could we have the low-level options and let the convenience be handled by external helpers? Something like this overlay:

(self: super: {
  firefoxCustomization.enableDarkDevTools = config: super.lib.recursiveUpdate config {
    lockPrefs = {
      "devtools.theme" = "dark";
    };
  };

  firefoxCustomization.disableManualExtensions = config: super.lib.recursiveUpdate config {
    policies = {
        ExtensionSettings = {
          "*" = {
            blocked_install_message = "You can't have manual extension mixed with nix extensions";
            installation_mode = "blocked";
          };
        };
    };
    lockPrefs = {
      "extensions.getAddons.showPane" = false;
      "extensions.htmlaboutaddons.recommendations.enabled" = false;
      "app.update.auto" = false;
    };
  };

  myFirefox = super.firefox.override {
    config = super.lib.pipe super.firefox.defaultConfig [
      self.firefoxCustomization.enableDarkDevTools
      self.firefoxCustomization.disableManualExtensions
    ];
  };
})

[Qubasa]

I am still not convinced the package should expose convenience features. Could we have the low-level options and let the convenience be handled by external helpers? Something like this overlay:

Ohh this is nice. Yeah seems like a good idea

[Qubasa]

Sorry somehow I cherry picked the wrong commit version. I added now everything that was missing.

[7c6f434c]

I don't have anything against expanding gitignore, but another-package-specific entry is probably too unrelted

[7c6f434c]

I think '' strips indentation if it is equal throught the string, so no need to have zero indentation here

[7c6f434c]

If we generate the policy unconditionally, shouldn't disbling any functionlity be conditional on some flag?

[stale]

Thank you for your contributions.
This has been automatically marked as stale because it has had no activity for 180 days.
If this is still important to you, we ask that you leave a comment below. Your comment can be as simple as "still important to me". This lets people see that at least one person still cares about this. Someone will have to do this at most twice a year if there is no other activity.
Here are suggestions that might help resolve this more quickly:

1. Search for maintainers and people that previously touched the
   related code and @ mention them in a comment.
2. Ask on the NixOS Discourse. 3. Ask on the #nixos channel on
   irc.freenode.net.

[bjornfor]

Oh, sad to see this closed. Didn't look at the implementation, but the feature is wanted (by me at least).

[Qubasa]

I made an overhauled version of it: #91724