initial commit

4 files changed, 162 insertions, 0 deletions

diff --git a/roles/firefox/defaults/main.yml b/roles/firefox/defaults/main.yml
new file mode 100644
index 0000000..20ba32e
--- /dev/null
+++ b/roles/firefox/defaults/main.yml
@@ -0,0 +1,33 @@
+firefox_preferences: []
+firefox_extensions: []
+firefox_managed_bookmarks: []
+firefox_managed_bookmarks_top_level_name: Intranet
+
+firefox_homepage: 'about:home'
+
+firefox_spnego_domains: ['{{ domain }}']
+firefox_spnego_allow_non_fqdn: yes
+firefox_spnego_allow_proxies: yes
+
+firefox_disable_pocket: yes
+firefox_disable_snippets: yes
+firefox_disable_app_update: yes
+firefox_disable_captive_portal: yes
+firefox_disable_default_bookmarks: yes
+firefox_disable_feedback: yes
+firefox_disable_accounts: yes
+firefox_disable_studies: yes
+firefox_disable_telemetry: yes
+firefox_disable_default_browser_check: yes
+firefox_disable_user_messaging: yes
+firefox_disable_dns_over_https: yes
+firefox_disable_search_suggestions: yes
+firefox_disable_highlights: yes
+firefox_disable_safe_browsing: yes
+firefox_disable_top_sites: yes
+
+firefox_offer_to_save_logins_default: yes
+firefox_use_tracking_protection: no
+firefox_update_extensions: yes
+
+firefox_cookie_behavior: reject-tracker-and-partition-foreign
diff --git a/roles/firefox/files/etc/profile.d/firefox.sh b/roles/firefox/files/etc/profile.d/firefox.sh
new file mode 100644
index 0000000..faaadbf
--- /dev/null
+++ b/roles/firefox/files/etc/profile.d/firefox.sh
@@ -0,0 +1,3 @@
+if [ "$XDG_SESSION_TYPE" = wayland ]; then
+  export MOZ_ENABLE_WAYLAND=1
+fi
diff --git a/roles/firefox/tasks/main.yml b/roles/firefox/tasks/main.yml
new file mode 100644
index 0000000..d759407
--- /dev/null
+++ b/roles/firefox/tasks/main.yml
@@ -0,0 +1,10 @@
+- name: generate firefox policy
+  template:
+    lstrip_blocks: yes
+    src: usr/lib64/firefox/distribution/policies.json.j2
+    dest: /usr/lib64/firefox/distribution/policies.json
+
+- name: enable wayland for firefox
+  copy:
+    src: etc/profile.d/firefox.sh
+    dest: /etc/profile.d/firefox.sh
diff --git a/roles/firefox/templates/usr/lib64/firefox/distribution/policies.json.j2 b/roles/firefox/templates/usr/lib64/firefox/distribution/policies.json.j2
new file mode 100644
index 0000000..6b0b0e2
--- /dev/null
+++ b/roles/firefox/templates/usr/lib64/firefox/distribution/policies.json.j2
@@ -0,0 +1,116 @@
+{
+  "policies": {
+    "ExtensionSettings": {
+      {% for ext in firefox_extensions %}
+      {{ ext.id | to_json }}: {
+        "install_url": {{ (ext.url if ext.url is defined else 'https://addons.mozilla.org/firefox/downloads/latest/' ~ ext.name ~ '/latest.xpi') | to_json }},
+        "installation_mode": {{ ext.mode | default('normal_installed') | to_json }}
+      }{% if not loop.last %},{% endif %}
+
+      {% endfor %}
+    },
+    "3rdparty": {
+      "Extensions": {
+        {% for ext in firefox_extensions | selectattr('policy', 'defined') %}
+        {{ ext.id | to_json }}: {{ ext.policy | to_json }}{% if not loop.last %},{% endif %}
+
+        {% endfor %}
+      }
+    },
+    {% if firefox_disable_user_messaging %}
+    "UserMessaging": {
+      "WhatsNew": false,
+      "ExtensionRecommendations": false,
+      "UrlbarInterventions": false,
+      "SkipOnboarding": true
+    },
+    "OverridePostUpdatePage": "",
+    "OverrideFirstRunPage": "",
+    {% endif %}
+    "EnableTrackingProtection": {
+      {% for s in ['Value', 'Cryptomining', 'Fingerprinting'] %}
+      "{{ s }}": {{ firefox_use_tracking_protection | bool | to_json }},
+      {% endfor %}
+      "Locked": false
+    },
+    "Cookies": {
+      "Behavior": "{{ firefox_cookie_behavior }}",
+      "BehaviorPrivateBrowsing": "{{ firefox_cookie_behavior }}"
+    },
+    "Authentication": {
+      "SPNEGO": {{ firefox_spnego_domains | to_json }},
+      "AllowNonFQDN": {
+        "SPNEGO": {{ firefox_spnego_allow_non_fqdn | bool | to_json }}
+      },
+      "AllowProxies": {
+        "SPNEGO": {{ firefox_spnego_allow_proxies | bool | to_json }}
+      }
+    },
+    "NoDefaultBookmarks": {{ firefox_disable_default_bookmarks | bool | to_json }},
+    "DisablePocket": {{ firefox_disable_pocket | bool | to_json }},
+    "DisableAppUpdate": {{ firefox_disable_app_update | to_json }},
+    "CaptivePortal": {{ (not firefox_disable_captive_portal) | to_json }},
+    "DisableFeedbackCommands": {{ firefox_disable_feedback | bool | to_json }},
+    "DisableFirefoxAccounts": {{ firefox_disable_accounts | bool | to_json }},
+    "DisableFirefoxStudies": {{ firefox_disable_studies | bool | to_json }},
+    "DisableTelemetry": {{ firefox_disable_telemetry | bool | to_json }},
+    "DontCheckDefaultBrowser": {{ firefox_disable_default_browser_check | bool | to_json }},
+    "OfferToSaveLoginsDefault": {{ firefox_offer_to_save_logins_default | bool | to_json }},
+    "DNSOverHTTPS": {
+      "Enabled": {{ (not firefox_disable_dns_over_https) | to_json }}
+    },
+    "SearchSuggestEnabled": {{ (not firefox_disable_search_suggestions) | to_json }},
+    "Homepage": {
+      "URL": {{ firefox_homepage | to_json }},
+      "StartPage": "homepage"
+    },
+    "FirefoxHome": {
+      "Search": true,
+      "TopSites": {{ (not firefox_disable_top_sites) | to_json }},
+      "SponsoredTopSites": false,
+      "Highlights": {{ (not firefox_disable_highlights) | to_json }},
+      "Pocket": {{ (not firefox_disable_pocket) | to_json }},
+      "SponsoredPocket": {{ (not firefox_disable_pocket) | to_json }},
+      "Snippets": {{ (not firefox_disable_snippets) | to_json }}
+    },
+    {% if firefox_managed_bookmarks %}
+    "ManagedBookmarks": [
+      {
+        "toplevel_name": {{ firefox_managed_bookmarks_top_level_name | to_json }}
+      },
+      {% for bookmark in firefox_managed_bookmarks %}
+      {
+        "url": {{ bookmark.url | to_json }},
+        "name": {{ bookmark.name | to_json }}
+      }{% if not loop.last %},{% endif %}
+
+      {% endfor %}
+    ],
+    {% endif %}
+    "ExtensionUpdate": {{ firefox_update_extensions | bool | to_json }},
+    "Preferences": {
+      {% for pref in firefox_preferences  %}
+      {{ pref.name | to_json }}: {
+        "Value": {{ pref.value | to_json }},
+        "Status": {{ pref.status | default('default') | to_json }}
+      },
+
+      {% endfor %}
+      "privacy.trackingprotection.socialtracking.enabled": {
+        "Value": {{ firefox_use_tracking_protection | bool | to_json }},
+        "Status": "locked"
+      },
+      "browser.toolbars.bookmarks.visibility": {
+        "Value": "newtab",
+        "Status": "default"
+      },
+      {% for s in ['malware', 'phishing', 'downloads'] %}
+      "browser.safebrowsing.{{ s }}.enabled": {
+        "Value": {{ (not firefox_disable_safe_browsing) | to_json }},
+        "Status": "locked"
+      }{% if not loop.last %},{% endif %}
+
+      {% endfor %}
+    }
+  }
+}