conf/firefox-forbidden-policies.js

@@ -49,7 +49,7 @@ lockPref("privacy.fingerprintingProtection", true);
 //lockPref("privacy.fingerprintingProtection", false);
 pref(
 	"privacy.fingerprintingProtection.overrides",
-	"+AllTargets,-KeyboardEvents,-SpeechSynthesis,-CSSPrefersColorScheme,-CSSPrefersReducedMotion,-NavigatorUserAgent,-JSDateTimeUTC",
+	"+AllTargets,-KeyboardEvents,-SpeechSynthesis,-CSSPrefersColorScheme,-CSSPrefersReducedMotion,-NavigatorPlatform,-NavigatorUserAgent,-JSDateTimeUTC",
 );
 //clearPref("privacy.fingerprintingProtection.overrides");
 lockPref("privacy.fingerprintingProtection.pbmode", true);
@@ -65,6 +65,16 @@ lockPref("privacy.resistFingerprinting.letterboxing", true);
 //lockPref("privacy.resistFingerprinting.pbmode", false);
 clearPref("privacy.resistFingerprinting.pbmode");
 
+// Which extension requires container tabs? My policy and this file. This
+// particular option is so forbidden, it cannot be set either in the policy
+// or autoconfig.js
+lockPref("privacy.userContext.extension", "");
+// Enable containers without extensions (although those are forced by the
+// policy. TODO: Remove these as they are in the policy, but disallowed by
+// current ESR
+lockPref("privacy.userContext.enabled", true);
+lockPref("privacy.userContext.ui.enabled", true);
+
 // Enables reading mode for all pages (at least in theory)
 lockPref("reader.parse-on-load.force-enabled", true);
 

etc/firefox/policies/policies.json

@@ -43,10 +43,7 @@
               "challenges.cloudflare.com",
               "duckduckgo.com",
               "ecosia.org",
-              "firefox.com",
               "keyoxide.org",
-              "mozilla.net",
-              "mozilla.org",
               "moz-extension-scheme",
               "research.cloudflare.com"
             ]
@@ -402,8 +399,8 @@
         "Value": false
       },
       "extensions.webextensions.restrictedDomains": {
-        "Comment": "Don't protect Mozilla domains from privacy extensions. Always reset it to modified/empty so I can access the original value if I ever need it.",
-        "Status": "user",
+        "Comment": "Don't protect Mozilla domains from privacy extensions.",
+        "Status": "locked",
         "Type": "string",
         "Value": ""
       },
@@ -470,12 +467,6 @@
         "Type": "boolean",
         "Value": true
       },
-      "layout.css.always_underline_links": {
-        "Comment": "Underscore links by default, disabling allowed",
-        "Status": "default",
-        "Type": "boolean",
-        "Value": true
-      },
       "layout.css.devPixelsPerPx": {
         "Status": "default",
         "Type": "string",
@@ -631,7 +622,7 @@
         "Comment": "Preference not allowed for stability reasons. :( https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargets.inc",
         "Status": "locked",
         "Type": "string",
-        "Value": "+AllTargets,-KeyboardEvents,-SpeechSynthesis,-CSSPrefersColorScheme,-CSSPrefersReducedMotion,-NavigatorUserAgent,-JSDateTimeUTC"
+        "Value": "+AllTargets,-KeyboardEvents,-SpeechSynthesis,-CSSPrefersColorScheme,-CSSPrefersReducedMotion,-NavigatorPlatform,-NavigatorUserAgent,-JSDateTimeUTC"
       },
       "privacy.fingerprintingProtection.pbmode": {
         "Comment": "Preference not allowed for stability reasons. :(",

etc/opt/chromium/policies/managed/aminda-extensions.json

@@ -14,10 +14,7 @@
             "challenges.cloudflare.com",
             "duckduckgo.com",
             "ecosia.org",
-            "firefox.com",
             "keyoxide.org",
-            "mozilla.net",
-            "mozilla.org",
             "moz-extension-scheme",
             "research.cloudflare.com"
           ]

install

@@ -3,14 +3,16 @@
 set -x
 
 if [ -d ~/src/gitea.blesmrt.net/Mikaela/ssh-allowed_signers ]; then
-	git verify-commit HEAD
-	sleep 3
+	printf "\n[OK] ssh-allowed_signers exists\n\n"
 else
 	echo "Keys not found, cloning..."
 	mkdir -vp ~/src/gitea.blesmrt.net/Mikaela/
 	git clone https://gitea.blesmrt.net/Mikaela/ssh-allowed_signers.git ~/src/gitea.blesmrt.net/Mikaela/ssh-allowed_signers
 fi
 
+git verify-commit HEAD
+sleep 3
+
 export MIKAELA_GREP=$HOME/.MIKAELA_GREP
 
 cat rc/bashrc >~/.bashrc