add firejail & clamav

This commit is contained in:
Cyryl Płotnicki 2022-01-15 09:38:11 +00:00
parent 5d5ec44e5e
commit 742bc9c1df
4 changed files with 16 additions and 2 deletions

View file

@ -3,6 +3,19 @@ let
unstable = inputs.nixpkgs-nixos-unstable.legacyPackages.${pkgs.system};
in
{
programs.firejail.enable = true;
programs.firejail.wrappedBinaries = {
firefox = {
executable = "${pkgs.lib.getBin pkgs.firefox}/bin/firefox";
profile = "${pkgs.firejail}/etc/firejail/firefox.profile";
};
chromium = {
executable = "${pkgs.lib.getBin pkgs.chromium}/bin/chromium";
profile = "${pkgs.firejail}/etc/firejail/chromium.profile";
};
};
home-manager.users.cyryl = { ... }: {
gtk = {
enable = true;

View file

@ -17,7 +17,6 @@
};
taskwarrior.enable = true;
fzf.enable = true;
chromium.enable = true;
go.enable = true;
bat.enable = true;
browserpass.enable = true;

View file

@ -42,7 +42,6 @@
./home.nix
];
home.packages = with pkgs; [
firefox
];
};
}

View file

@ -8,6 +8,9 @@
security.apparmor.enable = true;
services.haveged.enable = true;
networking.firewall.enable = true;
services.clamav.daemon.enable = true;
services.clamav.updater.enable = true;
security.chromiumSuidSandbox.enable = true;
boot.kernelParams = [
"page_poison=1"
"page_alloc.shuffle=1"