cyplo/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add firejail & clamav

Browse source
This commit is contained in:
Cyryl Płotnicki 2022-01-15 09:38:11 +00:00
parent 5d5ec44e5e
commit 742bc9c1df
4 changed files with 16 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
nixos/gui/default.nix
View file

@ -3,6 +3,19 @@ let
unstable = inputs.nixpkgs-nixos-unstable.legacyPackages.${pkgs.system}; unstable = inputs.nixpkgs-nixos-unstable.legacyPackages.${pkgs.system};
in in
{ {
programs.firejail.enable = true;
programs.firejail.wrappedBinaries = {
firefox = {
executable = "${pkgs.lib.getBin pkgs.firefox}/bin/firefox";
profile = "${pkgs.firejail}/etc/firejail/firefox.profile";
};
chromium = {
executable = "${pkgs.lib.getBin pkgs.chromium}/bin/chromium";
profile = "${pkgs.firejail}/etc/firejail/chromium.profile";
};
};
home-manager.users.cyryl = { ... }: { home-manager.users.cyryl = { ... }: {
gtk = { gtk = {
enable = true; enable = true;

1
nixos/home-manager/programs.nix
View file

@ -17,7 +17,6 @@
}; };
taskwarrior.enable = true; taskwarrior.enable = true;
fzf.enable = true; fzf.enable = true;
chromium.enable = true;
go.enable = true; go.enable = true;
bat.enable = true; bat.enable = true;
browserpass.enable = true; browserpass.enable = true;

1
nixos/i3/default.nix
View file

@ -42,7 +42,6 @@
./home.nix ./home.nix
]; ];
home.packages = with pkgs; [ home.packages = with pkgs; [
firefox
]; ];
}; };
} }

3
nixos/security.nix
View file

@ -8,6 +8,9 @@
security.apparmor.enable = true; security.apparmor.enable = true;
services.haveged.enable = true; services.haveged.enable = true;
networking.firewall.enable = true; networking.firewall.enable = true;
services.clamav.daemon.enable = true;
services.clamav.updater.enable = true;
security.chromiumSuidSandbox.enable = true;
boot.kernelParams = [ boot.kernelParams = [
"page_poison=1" "page_poison=1"
"page_alloc.shuffle=1" "page_alloc.shuffle=1"