Spent entirely too much time today trying to cleanly (declaratively, #Nix-ily) have #firefox set up with my preferred prefs and extensions, before eventually giving up and writing a small Python program to hack it.
I don't actually speak Python, I suspect this is obvious to anyone reading it that does.
(Usage notes: it sets the toolkit.policies.perUserDir pref to make firefox look for policies.json in /run/user/$UID somewhere instead of in its own lib directory - because that's readonly on Nix. Then it writes the policy json in that place. One should note that /run is ephemeral, so probably need to run this on every login)
GitHub Gist: instantly share code, notes, and snippets.Gist