blob: 97c2cc05bc8d7c4b7fe44d3f8c1251f071953adc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
Firefox
=======
Description
-----------
The `firefox` role configures the global Firefox [policy file](https://github.com/mozilla/policy-templates/blob/master/README.md),
and enables Wayland for the browser.
The global Firefox policy can be used to install extensions automatically and
enforce various browser settings.
The global policy is stored in [/usr/lib64/firefox/distribution/policies.json](templates/usr/lib64/firefox/distribution/policies.json.j2).
Variables
---------
This role **accepts** the following variables:
Variable | Default | Description
-------------------------------------------|----------------------------------------|------------
`firefox_preferences` | `[]` | List of `about:config` items to apply (see [format](#firefox_preferences) below)
`firefox_extensions` | `[]` | List of extensions to install (see [format](#firefox_extensions) below)
`firefox_managed_bookmarks` | `[]` | List of bookmarks to add (see [format](#firefox_managed_bookmarks) below)
`firefox_managed_bookmarks_top_level_name` | `Intranet` | Folder name containing managed bookmarks
`firefox_homepage` | `about:home` | URL of homepage
`firefox_spnego_domains` | `['{{ domain }}']` | Domains for which Kerberos/GSSAPI authentication is allowed
`firefox_spnego_allow_non_fqdn` | yes | Allow GSSAPI authentication for short hostnames
`firefox_spnego_allow_proxies` | yes | Allow GSSAPI authentication over proxies
`firefox_disable_pocket` | yes | Disable Firefox Pocket (social bookmarking)
`firefox_disable_snippets` | yes | Disable Firefox Snippets (Mozilla advocacy spam)
`firefox_disable_app_update` | yes | Disable checking for updates
`firefox_disable_captive_portal` | yes | Disable captive portal detection
`firefox_disable_default_bookmarks` | yes | Disable default bookmarks added by Mozilla
`firefox_disable_feedback` | yes | Disable Mozilla user feedback
`firefox_disable_accounts` | yes | Disable Firefox Accounts
`firefox_disable_studies` | yes | Disable Firefox Studies (beta features)
`firefox_disable_telemetry` | yes | Disable telemetry
`firefox_disable_default_browser_check` | yes | Disable checking for default browser
`firefox_disable_user_messaging` | yes | Disable "What's New" messaging on updates
`firefox_disable_dns_over_https` | yes | Disable DNS over HTTPS
`firefox_disable_search_suggestions` | yes | Disable search suggestions
`firefox_disable_highlights` | yes | Disable Firefox Highlights (usage-based recommendations)
`firefox_disable_safe_browsing` | yes | Disable Mozilla safe browsing
`firefox_disable_top_sites` | yes | Disable "Top Sites" recommendation
`firefox_disable_push_notifications` | yes | Disable Mozilla push notification service
`firefox_offer_to_save_logins_default` | yes | Offer to save usernames and passwords
`firefox_use_tracking_protection` | no | Use Firefox tracking protection
`firefox_update_extensions` | yes | Update extensions automatically
`firefox_cookie_behavior` | `reject-tracker-and-partition-foreign` | Set [cookie behavior](https://github.com/mozilla/policy-templates/blob/master/README.md#cookies)
### firefox\_preferences
The `firefox_preferences` variable is used to set `about:config` items. It
should contain a list of dictionaries of the following format:
Key | Default | Description
-------------------|-----------|------------
name | | Name of `about:config` item
value | | Value of `about:config` item
status | `default` | Either `default`, `locked`, `user`, or `clear`
### firefox\_extensions
The `firefox_extensions` variable is used to install Firefox extensions. It
should contain a list of dictionaries of the following format:
Key | Default | Description
-------------------|--------------------------------|------------
id | | Extension id (found in `manifest.json` file)
name | | Name of the extension
url | `addons.mozilla.org` by `name` | URL of extension `.xpi` file
mode | `normal_installed` | Either `normal_installed`, `force_installed`, `allowed`, or `blocked`
### firefox\_managed\_bookmarks
The `firefox_managed_bookmarks` variable is used to add bookmarks for all users.
It should contain a list of dictionaries of the following format:
Key | Default | Description
-----|---------|------------
name | | Name of the bookmark
URL | | URL of the bookmark
Usage
-----
Example playbook:
````yaml
- hosts: linux_desktops
roles:
- role: firefox
vars:
firefox_offer_to_save_logins_default: no
firefox_extensions:
- name: ublock-origin
id: uBlock0@raymondhill.net
mode: force_installed
policy:
toOverwrite:
filterLists:
- user-filters
- ublock-filters
- ublock-badware
- ublock-privacy
- ublock-abuse
- ublock-unbreak
- ublock-annoyances
- easylist
- easyprivacy
- urlhaus-1
- plowe-0
- fanboy-annoyance
- fanboy-thirdparty_social
- adguard-spyware-url
- ublock-quick-fixes
toAdd:
trustedSiteDirectives:
- '{{ domain }}'
- name: bitwarden-password-manager
id: '{446900e4-71c2-419f-a6a7-df9c091e268b}'
- name: libredirect
id: 7esoorv3@alefvanoon.anonaddy.me
firefox_preferences:
- name: dom.security.https_only_mode
value: true
status: locked
firefox_managed_bookmarks:
- name: Bitwarden
url: 'https://bitwarden.{{ domain }}'
- name: Git
url: 'https://git.{{ domain }}'
- name: Wiki
url: 'https://wiki.{{ domain }}'
````
|
