From 27d96070dfdbd226856c5342a5b65394812c342f Mon Sep 17 00:00:00 2001 From: Simon Bruder Date: Thu, 25 Oct 2018 21:43:02 +0000 Subject: [PATCH 1/5] add firefox config and extensions --- packer/ansible/playbook.yml | 10 ++++-- packer/ansible/roles/firefox/files/firefox.js | 33 +++++++++++++++++++ .../ansible/roles/firefox/files/policies.json | 26 +++++++++++++++ .../roles/firefox/tasks/extensions.yml | 6 ++++ packer/ansible/roles/firefox/tasks/main.yml | 18 ++++++++-- 5 files changed, 89 insertions(+), 4 deletions(-) create mode 100644 packer/ansible/roles/firefox/files/firefox.js create mode 100644 packer/ansible/roles/firefox/files/policies.json create mode 100644 packer/ansible/roles/firefox/tasks/extensions.yml diff --git a/packer/ansible/playbook.yml b/packer/ansible/playbook.yml index e7909ea..04010c0 100644 --- a/packer/ansible/playbook.yml +++ b/packer/ansible/playbook.yml @@ -43,8 +43,14 @@ metalcut: socket: laser.lab.fablab-nea.de:9000 dockerimage: r.jalr.de/fablab/metalcut - firefox_language_packs: - - de + firefox: + language_packs: + - de + extensions: + - id: uBlock0@raymondhill.net + url: https://addons.mozilla.org/firefox/downloads/file/1114441/ublock_origin-1.17.2-an+fx.xpi + - id: https-everywhere@eff.org + url: https://addons.mozilla.org/firefox/downloads/file/1082984/https_everywhere-2018.9.19-an+fx.xpi debian_sections: - main - contrib diff --git a/packer/ansible/roles/firefox/files/firefox.js b/packer/ansible/roles/firefox/files/firefox.js new file mode 100644 index 0000000..8a6134e --- /dev/null +++ b/packer/ansible/roles/firefox/files/firefox.js @@ -0,0 +1,33 @@ +// debian settings +pref("extensions.update.enabled", true); +pref("intl.locale.requested", ""); +pref("browser.shell.checkDefaultBrowser", false); + +// disable trackers +lockPref("app.normandy.enabled", false); +lockPref("browser.chrome.errorReporter.enabled", false); +lockPref("browser.safebrowsing.downloads.enabled", false); +lockPref("browser.safebrowsing.downloads.remote.enabled", false); +lockPref("browser.safebrowsing.malware.enabled", false); +lockPref("browser.safebrowsing.passwords.enabled", false); +lockPref("browser.safebrowsing.phishing.enabled", false); +lockPref("browser.tabs.crashReporting.sendReport", false); +lockPref("datareporting.healthreport.uploadEnabled", false); +lockPref("datareporting.policy.dataSubmissionEnabled", false); +lockPref("security.ssl.errorReporting.enabled", false); + +// design +pref("browser.newtabpage.enabled", false); +pref("browser.uiCustomization.state", '{"placements":{"widget-overflow-fixed-list":[],"PersonalToolbar":["personal-bookmarks"],"nav-bar":["back-button","forward-button","home-button","urlbar-container","stop-reload-button","downloads-button","library-button"],"TabsToolbar":["tabbrowser-tabs","new-tab-button","alltabs-button"],"toolbar-menubar":["menubar-items"]},"seen":["developer-button"],"dirtyAreaCache":["PersonalToolbar","nav-bar","TabsToolbar","toolbar-menubar"],"currentVersion":14,"newElementCount":3}'); + +// privacy +pref("privacy.donottrackheader.enabled", true); + +pref("privacy.history.custom", true); +pref("places.history.enabled", false); +pref("browser.formfill.enable", false); + +// search +pref("browser.search.hiddenOneOffs", "Google,Amazon.de,Bing,Debian packages,DuckDuckGo,eBay,Ecosia,LEO Eng-Deu,Wikipedia (de)"); // hide „one click“ search eingines +pref("browser.search.suggest.enabled", false); +pref("browser.urlbar.placeholderName", "DuckDuckGo"); // defaults to google, even if DuckDuckGo is the default diff --git a/packer/ansible/roles/firefox/files/policies.json b/packer/ansible/roles/firefox/files/policies.json new file mode 100644 index 0000000..8daf3f1 --- /dev/null +++ b/packer/ansible/roles/firefox/files/policies.json @@ -0,0 +1,26 @@ +{ + "policies": { + "DNSOverHTTPS": { + "Enabled": false, + "Locked": false + }, + "DisableFeedbackCommands": true, + "DisableFirefoxAccounts": true, + "DisableFirefoxStudies": true, + "DisablePocket": true, + "DisableTelemetry": true, + "EnableTrackingProtection": { + "Value": true, + "Locked": true + }, + "NoDefaultBookmarks": true, + "OfferToSaveLogins": true, + "Homepage": { + "URL": "about:blank" + }, + "OverrideFirstRunPage": "", + "SearchEngines": { + "Default": "DuckDuckGo" + } + } +} diff --git a/packer/ansible/roles/firefox/tasks/extensions.yml b/packer/ansible/roles/firefox/tasks/extensions.yml new file mode 100644 index 0000000..76273ca --- /dev/null +++ b/packer/ansible/roles/firefox/tasks/extensions.yml @@ -0,0 +1,6 @@ +--- +- name: install firefox extensions + get_url: + url: "{{ item.url }}" + dest: "/usr/lib/firefox-esr/browser/extensions/{{ item.id }}.xpi" + loop: "{{ firefox.extensions }}" diff --git a/packer/ansible/roles/firefox/tasks/main.yml b/packer/ansible/roles/firefox/tasks/main.yml index 69d91ea..1668cd4 100644 --- a/packer/ansible/roles/firefox/tasks/main.yml +++ b/packer/ansible/roles/firefox/tasks/main.yml @@ -7,8 +7,22 @@ apt: name: "firefox-esr-l10n-{{ item }}" with_items: - - "{{ firefox_language_packs }}" - when: firefox_language_packs is defined + - "{{ firefox.language_packs }}" + when: firefox.language_packs is defined + + - name: install firefox config + copy: + src: firefox.js + dest: /etc/firefox-esr/firefox-esr.js + + - name: install firefox policies + copy: + src: policies.json + dest: /usr/share/firefox-esr/distribution/policies.json + + - import_tasks: extensions.yml + tags: + - firefox:extensions tags: - firefox -- 2.51.2 From ae708d423ebe719f0b3d4c07c6e3ebaea87a5a25 Mon Sep 17 00:00:00 2001 From: Simon Bruder Date: Thu, 8 Nov 2018 20:21:41 +0000 Subject: [PATCH 2/5] always download latest extension version --- packer/ansible/playbook.yml | 6 ++---- .../ansible/roles/firefox/tasks/extensions.yml | 17 +++++++++++++---- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/packer/ansible/playbook.yml b/packer/ansible/playbook.yml index 04010c0..930619c 100644 --- a/packer/ansible/playbook.yml +++ b/packer/ansible/playbook.yml @@ -47,10 +47,8 @@ language_packs: - de extensions: - - id: uBlock0@raymondhill.net - url: https://addons.mozilla.org/firefox/downloads/file/1114441/ublock_origin-1.17.2-an+fx.xpi - - id: https-everywhere@eff.org - url: https://addons.mozilla.org/firefox/downloads/file/1082984/https_everywhere-2018.9.19-an+fx.xpi + - uBlock0@raymondhill.net + - https-everywhere@eff.org debian_sections: - main - contrib diff --git a/packer/ansible/roles/firefox/tasks/extensions.yml b/packer/ansible/roles/firefox/tasks/extensions.yml index 76273ca..abd9e76 100644 --- a/packer/ansible/roles/firefox/tasks/extensions.yml +++ b/packer/ansible/roles/firefox/tasks/extensions.yml @@ -1,6 +1,15 @@ --- -- name: install firefox extensions - get_url: - url: "{{ item.url }}" - dest: "/usr/lib/firefox-esr/browser/extensions/{{ item.id }}.xpi" +- name: get extensions info + uri: + url: "https://addons.mozilla.org/api/v4/addons/addon/{{ item }}/" + return_content: yes + register: extension_infos loop: "{{ firefox.extensions }}" + +- name: install extensions + get_url: + url: "{{ item.json.current_version.files[0].url }}" + dest: "/usr/lib/firefox-esr/browser/extensions/{{ item.item }}.xpi" + loop: "{{ extension_infos.results }}" + loop_control: + label: "{{ item.url }}" -- 2.51.2 From b2a5fb222c9905467ce3d0bd11ddc04f0d52a38d Mon Sep 17 00:00:00 2001 From: Simon Bruder Date: Thu, 8 Nov 2018 20:22:35 +0000 Subject: [PATCH 3/5] replace ssh-key --- packer/ansible/roles/superuser/files/authorized_keys | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packer/ansible/roles/superuser/files/authorized_keys b/packer/ansible/roles/superuser/files/authorized_keys index d6f54be..ea8ecf8 100644 --- a/packer/ansible/roles/superuser/files/authorized_keys +++ b/packer/ansible/roles/superuser/files/authorized_keys @@ -1,2 +1,2 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD0f7+Y4QSUsSvd360eq0Q/ESVfE/s0WxJIrzvW8cazTcmld8/rKxGQR2xrxApu7pzZlZC3LDbQrx3B6nNVEZi0dPUgkJz9oEKRY5vSJ6x0H9cZ0iFfTcCTz5znflqGaFI6E6W6Vtl+DzIrmkFgaR0wNmV9DCcYAJreW4E32t8dKsG1Pv347N0eAZs3shokPYr7dmGoNiKzTOn/ILQ1Hxppzqy1ch2h8k2KL0+FM6wO76ijivBzfMZRJW0DVYsmebO6Je5HglkzYXvrNUtcD2gIrNE0YKByjorTjjf3336S+0uBGxetzhnl+XA2PxHB/3n9AzYC4DI/Nb9wgLBo6Ql+EYaPLKnGl3JHvtcOyAfoNVPdNDfbZz+tfe8cBUt1IPTlm26RYKgwCnJvcBD6dk/5mxu1ogjSfgEIqihJaq3j3+NfIY1CUFx1U6ISG40SWEXF5xV1qW3NZg5FqqA8sOfWLlkON/yFkPJ2shXUXmiZtjXMWM6XLIO054EN7cpUxHGPspjgynU9XLc45c4k5lKF1xQv13B8n8dHNEL01MU21svfdGcpuOsRvzagLX51+rVRJObYP1bZudyYVDgsxB6B/TiBHw3Xl3mwEs4KVi/cqVsPpaG3hwqCreDlV+NeCVtb0qb1WJ2Sae83CA6NEcUvRbrwAnU/vEhJepfo6j7WSw== jalr@jalr-tp -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIN2OoowP25rTyS62coHoHuJD2134DsoAM7d0z5u7KvyK9hGs/3FWf6EQkdN/eHVrzjT4+yS+zNKPNAv9dBsC5iXS9xk2iZcscQIEsy57S5WtGmMaX50xWtwPN7RXp783eCKe9arU4Ttq6xDpL0ASHEq3BiMGcGT20X1c88bN1kxAQOYPsZGQRhwgLnMty8CJSxdJYgfjBJk01srp6I+YEZFPbS3IERDsYGrUyHBOkXnWbO6NAyDnlD97QOAVr32dgZfoqBDhGd0GVdU2PWI1A0IYFjvqB0xs8FJNF9ivrg1zH8KZ29HyGDzG+E6kYd8PQI97CcRrNR8ZwwP5F4/K/ simon@pita +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCs0igb6TTxPkKEQ96pk/NEqqWvQH/miJEBAEe1bzHlo5n5ThnGYvVPadfHIwq1ix0IdAfyWoG8duaKVDJAUAFBtegRO7vRBYBYR04V8DE8n66MgDbbLDuu7Kbm4JWMUNg43KwJDzZtSvEKjyh5/u/TT59D1F+toxMfet++jNG03mFa6ANhMTjghbkFHj3eyuiXA/SxZLorhkCFW6Tri3u5FFLGpjaom1dZ5PAcic0+ZOECpgEwTj8FpOzmldjsu8gFxdPYGrqfA1dOxL3OQ6/rB0LfHjwrN9i3DrZzG+RfJxZbgO4/RLQz2sHYM6S6d1MtCcXThozCXSbmpdNdwdPp simon@kipf -- 2.51.2 From b61b7bd9b8e3bd99ea693fe1cb5974ff90e450dc Mon Sep 17 00:00:00 2001 From: Simon Bruder Date: Thu, 8 Nov 2018 20:26:16 +0000 Subject: [PATCH 4/5] firefox: only accept cookies from visited third parties --- packer/ansible/roles/firefox/files/policies.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/packer/ansible/roles/firefox/files/policies.json b/packer/ansible/roles/firefox/files/policies.json index 8daf3f1..65685f9 100644 --- a/packer/ansible/roles/firefox/files/policies.json +++ b/packer/ansible/roles/firefox/files/policies.json @@ -1,5 +1,8 @@ { "policies": { + "Cookies": { + "AcceptThirdParty": "from-visited" + }, "DNSOverHTTPS": { "Enabled": false, "Locked": false -- 2.51.2 From b0e3e6d2401b2123e4992625d79c9a4cea9f2a05 Mon Sep 17 00:00:00 2001 From: Simon Bruder Date: Thu, 8 Nov 2018 20:27:59 +0000 Subject: [PATCH 5/5] firefox: add settings for experienced users --- packer/ansible/roles/firefox/files/firefox.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/packer/ansible/roles/firefox/files/firefox.js b/packer/ansible/roles/firefox/files/firefox.js index 8a6134e..9f5690e 100644 --- a/packer/ansible/roles/firefox/files/firefox.js +++ b/packer/ansible/roles/firefox/files/firefox.js @@ -20,6 +20,10 @@ lockPref("security.ssl.errorReporting.enabled", false); pref("browser.newtabpage.enabled", false); pref("browser.uiCustomization.state", '{"placements":{"widget-overflow-fixed-list":[],"PersonalToolbar":["personal-bookmarks"],"nav-bar":["back-button","forward-button","home-button","urlbar-container","stop-reload-button","downloads-button","library-button"],"TabsToolbar":["tabbrowser-tabs","new-tab-button","alltabs-button"],"toolbar-menubar":["menubar-items"]},"seen":["developer-button"],"dirtyAreaCache":["PersonalToolbar","nav-bar","TabsToolbar","toolbar-menubar"],"currentVersion":14,"newElementCount":3}'); +// for experienced users +pref("browser.urlbar.trimURLs", false); +pref("browser.fixup.alternate.enabled", false); + // privacy pref("privacy.donottrackheader.enabled", true); -- 2.51.2