1. Etienne Perot
  2. pupfiles

Commits

Etienne Perot  committed 7c343ed

Some more Firefox stuff, add Self-Destructing Cookies extension, add wrapper script that prevents it from starting until ~/.sync-decrypt is mounted

  • Participants
  • Parent commits ed69f5d
  • Branches master

Comments (0)

Files changed (13)

File modules/browser/files/firefox/newtabpage/newtabpage.html

View file
  • Ignore whitespace
+<!DOCTYPE html>
+<html>
+<head>
+	<title>New tab</title>
+	<style type="text/css">
+	body {
+		background: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACEAAAAkCAMAAAAw96PuAAAAMFBMVEUbGxsaGhoiIiIcHBwVFRUYGBggICAeHh4WFhYfHx8XFxcUFBQdHR0ZGRkhISESEhKy7ZvJAAABQUlEQVR42l1TUZLFIAiDRQpS3Xf/2+6Ugjw2X6nTxMgEAPxJ0IAXzFeeCcKFCoHJ9pKbKI5wCNBUjE+S4dR4pkhRABbcEBDUV5cWW6ebG597FF9dYMBy80zofq4LsM1MWGGNXRcWizJhhaXbKuaWr4QJ28UfiwDveQUIsbjBGcta9AJYwCgwt7b7ckKiDP/yoZ4JsU5YNCqf0zYhWs+L7fyiHLqA+UtpjXi8+4XOgfG8Suh+bUJBM6H7gYGdCclJeGsAGaimJXm/8VUThAtGr0cWJGmrR5i0gkirh8AIXRWkFTj87kdXlY4CVz1S1yotbSFC1xNPhQQNphOzEq+vjmFxXZAw/K0t/OKW+foK9QWr+2qF2oLto6sJ9QUbVaxaoV4Pdp30FaJWj9RVpavATrfCx3U9seiuhQBGPZBTYC38AccDDZOEuQAKAAAAAElFTkSuQmCC')
+	}
+	</style>
+</head>
+<body>
+</body>
+</html>

File modules/browser/files/firefox/syncwrapper/firefox.sh

View file
  • Ignore whitespace
+#!/usr/bin/env bash
+
+while [ ! -f "$HOME/.sync-decrypt/.mounted" ]; do
+	sleep 1
+done
+
+exec /usr/lib/firefox/firefox "$@"

File modules/browser/manifests/firefox.pp

View file
  • Ignore whitespace
 class browser::firefox {
 	package {'firefox':}
-	include browser::firefox::nonewtabpage
+	include browser::firefox::syncwrapper
+	include browser::firefox::newtabpage
 	include browser::firefox::nofirstrun
 	include browser::firefox::duckduckgo
 	include browser::firefox::checkdefaultbrowser
 	include browser::firefox::uacontrol
 	include browser::firefox::dotsync
 	include browser::firefox::betterprivacy
+	include browser::firefox::cookiewhitelistwithbuttons
+	include browser::firefox::selfdestructingcookies
 	include browser::firefox::fonts
+	include browser::firefox::sync
 }

File modules/browser/manifests/firefox/cookiewhitelistwithbuttons.pp

View file
  • Ignore whitespace
+class browser::firefox::cookiewhitelistwithbuttons { # What a terrible name
+	firefox_pref {'extensions.cwwb.accept_third_party':
+		value => false,
+		isdefault => true
+	}
+	firefox_pref {'extensions.cwwb.record_button_startup':
+		# Do not reset cookie management preference on startup
+		value => 2
+	}
+	firefox_pref {'extensions.cwwb.remove_www':
+		value => true
+	}
+	firefox_pref {'extensions.cwwb.select_subdomain':
+		value => true
+	}
+}

File modules/browser/manifests/firefox/flashblock.pp

View file
  • Ignore whitespace
 	firefox_pref {'flashblock.silverlight.blocked':
 		value => true
 	}
-	firefox_pref {'flashblock.whitelist':
-		value => template('browser/firefox/flashblock/whitelist.txt')
+	firefox_pref {'services.sync.prefs.sync.flashblock.whitelist':
+		value => true
 	}
 }

File modules/browser/manifests/firefox/newtabpage.pp

View file
  • Ignore whitespace
+class browser::firefox::newtabpage {
+	firefox_pref {'browser.newtabpage.enabled':
+		value => false
+	}
+	file {'/usr/share/.firefox_newtabpage':
+		ensure => directory,
+		source => 'puppet:///modules/browser/firefox/newtabpage',
+		recurse => true
+	}
+	firefox_pref {'services.sync.prefs.sync.browser.newtab.url':
+		value => false
+	}
+	firefox_pref {'browser.newtab.url':
+		value => 'file:///usr/share/.firefox_newtabpage/newtabpage.html'
+	}
+	firefox_pref {'services.sync.prefs.sync.browser.startup.homepage':
+		value => false
+	}
+	firefox_pref {'browser.startup.homepage':
+		value => 'file:///usr/share/.firefox_newtabpage/newtabpage.html'
+	}
+}

File modules/browser/manifests/firefox/nonewtabpage.pp

  • Ignore whitespace
-class browser::firefox::nonewtabpage {
-	firefox_pref {'browser.newtabpage.enabled':
-		value => false
-	}
-}

File modules/browser/manifests/firefox/privacy.pp

View file
  • Ignore whitespace
 		value => false
 	}
 	firefox_pref {'network.cookie.cookieBehavior':
-		value => 2
+		# Allow first-party cookies, do not allow third-party cookies. First-party cookies are destroyed on page close by Self-Destructing Cookies add-on.
+		value => 1
 	}
 	firefox_pref {'network.cookie.lifetimePolicy':
 		value => 2

File modules/browser/manifests/firefox/profile.pp

View file
  • Ignore whitespace
 	$default = 1
 ) {
 	enduser_file {'.mozilla':
-		ensure => directory
+		ensure => directory,
+		mode => 0644
 	}
 	enduser_file {'.mozilla/firefox':
-		ensure => directory
+		ensure => directory,
+		mode => 0644
 	}
 	enduser_file::ini {'.mozilla/firefox/profiles.ini/General/StartWithLastProfile':
 		filename => '.mozilla/firefox/profiles.ini',
 		section => 'General',
 		setting => 'StartWithLastProfile',
-		value => 1
+		value => 1,
+		mode => 0644
 	}
 	enduser_file {".mozilla/firefox/$profile":
-		ensure => directory
+		ensure => directory,
+		mode => 0644
+	}
+	enduser_file {".mozilla/firefox/$profile/user.js":
+		mode => 0644
 	}
-	enduser_file {".mozilla/firefox/$profile/user.js":}
 	$section = "Profile$profilenumber"
 	enduser_file::ini {".mozilla/firefox/profiles.ini/$section/Name":
 		filename => '.mozilla/firefox/profiles.ini',
 		section => $section,
 		setting => 'Name',
-		value => $profile
+		value => $profile,
+		mode => 0644
 	}
 	enduser_file::ini {".mozilla/firefox/profiles.ini/$section/IsRelative":
 		filename => '.mozilla/firefox/profiles.ini',
 		section => $section,
 		setting => 'IsRelative',
-		value => 1
+		value => 1,
+		mode => 0644
 	}
 	enduser_file::ini {".mozilla/firefox/profiles.ini/$section/Path":
 		filename => '.mozilla/firefox/profiles.ini',
 		section => $section,
 		setting => 'Path',
-		value => $profile
+		value => $profile,
+		mode => 0644
 	}
 	enduser_file::ini {".mozilla/firefox/profiles.ini/$section/Default":
 		filename => '.mozilla/firefox/profiles.ini',
 		section => $section,
 		setting => 'Default',
-		value => $default
+		value => $default,
+		mode => 0644
 	}
 }

File modules/browser/manifests/firefox/selfdestructingcookies.pp

View file
  • Ignore whitespace
+class browser::firefox::selfdestructingcookies {
+	# Self-destructing cookies: https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/
+	firefox_pref {'extensions.jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.displayNotification':
+		value => false
+	}
+	firefox_pref {'extensions.jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.gracePeriod':
+		value => 30
+	}
+	firefox_pref {'extensions.jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.keepIFrames':
+		value => false
+	}
+}

File modules/browser/manifests/firefox/sync.pp

View file
  • Ignore whitespace
+class browser::firefox::sync {
+	firefox_pref {'services.sync.client.name':
+		value => "$hostname - operatingsystem"
+	}
+	firefox_pref {'services.sync.addons.trustedSourceHostnames':
+		value => 'addons.mozilla.org,eff.org,www.eff.org'
+	}
+}

File modules/browser/manifests/firefox/syncwrapper.pp

View file
  • Ignore whitespace
+class browser::firefox::syncwrapper {
+	file {'/usr/bin/firefox':
+		mode => 755,
+		source => 'puppet:///modules/browser/firefox/syncwrapper/firefox.sh'
+	}
+}

File modules/browser/templates/firefox/flashblock/whitelist.txt

  • Ignore whitespace
-w.soundcloud.com,player.vimeo.com,theportalwiki.com