NixOS · AndersonTorres · Nov 11, 2022 · Nov 10, 2022
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
@@ -1390,6 +1390,16 @@ signald -d /var/lib/signald/db \
           for those who want to use it.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          A NixOS module for Firefox has been added which allows
+          preferences and
+          <link xlink:href="https://github.com/mozilla/policy-templates/blob/master/README.md">policies</link>
+          to be set. This also allows extensions to be installed via the
+          <literal>ExtensionSettings</literal> policy. The new options
+          are under <literal>programs.firefox</literal>.
+        </para>
+      </listitem>
     </itemizedlist>
   </section>
 </section>
diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md
@@ -420,4 +420,6 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
 
 - The `mame` package does not ship with its tools anymore in the default output. They were moved to a separate `tools` output instead. For convenience, `mame-tools` package was added for those who want to use it.
 
+- A NixOS module for Firefox has been added which allows preferences and [policies](https://github.com/mozilla/policy-templates/blob/master/README.md) to be set. This also allows extensions to be installed via the `ExtensionSettings` policy. The new options are under `programs.firefox`.
+
 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
@@ -157,6 +157,7 @@
   ./programs/extra-container.nix
   ./programs/feedbackd.nix
   ./programs/file-roller.nix
+  ./programs/firefox.nix
   ./programs/firejail.nix
   ./programs/fish.nix
   ./programs/flashrom.nix

diff --git a/nixos/modules/programs/firefox.nix b/nixos/modules/programs/firefox.nix
@@ -0,0 +1,91 @@
+{ pkgs, config, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.programs.firefox;
+
+  policyFormat = pkgs.formats.json { };
+
+  organisationInfo = ''
+    When this option is in use, Firefox will inform you that "your browser
+    is managed by your organisation". That message appears because NixOS
+    installs what you have declared here such that it cannot be overridden
+    through the user interface. It does not mean that someone else has been
+    given control of your browser, unless of course they also control your
+    NixOS configuration.
+  '';
+
+in {
+  options.programs.firefox = {
+    enable = mkEnableOption (mdDoc "the Firefox web browser");
+
+    package = mkOption {
+      description = mdDoc "Firefox package to use.";
+      type = types.package;
+      default = pkgs.firefox;
+      defaultText = literalExpression "pkgs.firefox";
+      relatedPackages = [
+        "firefox"
+        "firefox-beta-bin"
+        "firefox-bin"
+        "firefox-devedition-bin"
+        "firefox-esr"
+        "firefox-esr-wayland"
+        "firefox-wayland"
+      ];
+    };
+
+    policies = mkOption {
+      description = mdDoc ''
+        Group policies to install.
+
+        See [Mozilla's documentation](https://github.com/mozilla/policy-templates/blob/master/README.md")
+        for a list of available options.
+
+        This can be used to install extensions declaratively! Check out the
+        documentation of the `ExtensionSettings` policy for details.
+
+        ${organisationInfo}
+      '';
+      type = policyFormat.type;
+      default = {};
+    };
+
+    preferences = mkOption {
+      description = mdDoc ''
+        Preferences to set from `about://config`.
+
+        Some of these might be able to be configured more ergonomically
+        using policies.
+
+        ${organisationInfo}
+      '';
+      type = with types; attrsOf (oneOf [ bool int string ]);
+      default = {};
+    };
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = [ cfg.package ];
+
+    environment.etc."firefox/policies/policies.json".source =
+      let policiesJSON =
+        policyFormat.generate
+        "firefox-policies.json"
+        { inherit (cfg) policies; };
+      in mkIf (cfg.policies != {}) "${policiesJSON}";
+
+    # Preferences are converted into a policy
+    programs.firefox.policies =
+      mkIf (cfg.preferences != {})
+      {
+        Preferences = (mapAttrs (name: value: {
+          Value = value;
+          Status = "locked";
+        }) cfg.preferences);
+      };
+  };
+
+  meta.maintainers = with maintainers; [ danth ];
+}