Remove DoH settings from Firefox profiles

fix: Use /etc policy for DNS
2025-08-02 19:19:16 -05:00 · 2025-08-02 19:18:46 -05:00
3 changed files with 14 additions and 20 deletions
--- a/playbook.yaml
+++ b/playbook.yaml
@ -217,24 +217,11 @@
        name: "*"
        state: latest # noqa: package-latest
    # Install a policy file to force Firefox to use encrypted DNS
-    - name: Create Firefox DNS policy, line 1
+    - name: Create Firefox DNS policy
-      ansible.builtin.lineinfile:
+      ansible.builtin.template:
-        path: /usr/lib64/firefox/defaults/pref/autoconfig.js
+        src: templates/policies.json
        dest: /etc/firefox/policies/policies.json
        mode: "644"
        create: true
        line: lockPref("network.trr.mode", 3);
    - name: Create Firefox DNS policy, line 1
      ansible.builtin.lineinfile:
        path: /usr/lib64/firefox/defaults/pref/autoconfig.js
        mode: "644"
        create: true
        line: lockPref("network.trr.url", "{{ dns_server }}");
    - name: Create Firefox DNS policy, line 1
      ansible.builtin.lineinfile:
        path: /usr/lib64/firefox/defaults/pref/autoconfig.js
        mode: "644"
        create: true
        line: lockPref("network.trr.custom_uri", "{{ dns_server }}");
 # Generally speaking, I try to install Flatpak applications at the user level
 # b/c that really gives more credence to the whole sandboxing idea (concept of
--- a/programs/firefox.nix
+++ b/programs/firefox.nix
@ -237,9 +237,6 @@
          "extensions.formautofill.addresses.enabled" = false;
          "extensions.formautofill.creditCards.enabled" = false;
          "extensions.autoDisableScopes" = 0;
          "network.trr.mode" = 3; # DNS over HTTPS always
          "network.trr.uri" = "https://family.dns.mullvad.net/dns-query";
          "network.trr.custom_uri" = "https://family.dns.mullvad.net/dns-query";
          "privacy.bounceTrackingProtection.mode" = 1;
          "privacy.clearOnShutdown_v2.browsingHistoryAndDownloads" = false;
          "privacy.clearOnShutdown_v2.cache" = true;
--- a/templates/policies.json
+++ b/templates/policies.json
@ -0,0 +1,10 @@
 {
  "policies": {
    "DNSOverHTTPS": {
      "Enabled": true,
      "ProviderURL": "{{ dns_server }}",
      "Locked": true,
      "Fallback": false
    }
  }
 }
Author	SHA1	Message	Date
Thomas A. Christensen II	9660522100	Remove DoH settings from Firefox profiles	2025-08-02 19:19:16 -05:00
Thomas A. Christensen II	e64c1dcad5	fix: Use /etc policy for DNS	2025-08-02 19:18:46 -05:00