wip on firejail for firefox

This commit is contained in:
Cyryl Płotnicki 2022-01-15 23:43:25 +00:00
parent 9695c20f6a
commit e9b76d519e
2 changed files with 94 additions and 86 deletions

View file

@ -2,9 +2,8 @@
let let
unstable = inputs.nixpkgs-nixos-unstable.legacyPackages.${pkgs.system}; unstable = inputs.nixpkgs-nixos-unstable.legacyPackages.${pkgs.system};
in in
{ {
programs.firejail.enable = true; programs.firejail.enable = true;
programs.firejail.wrappedBinaries = { programs.firejail.wrappedBinaries = {
firefox = { firefox = {
executable = "${pkgs.lib.getBin pkgs.firefox}/bin/firefox"; executable = "${pkgs.lib.getBin pkgs.firefox}/bin/firefox";
@ -33,6 +32,7 @@ in
imports = [ imports = [
./vscode.nix ./vscode.nix
./firejail.nix
]; ];
home.packages = with pkgs; with pkgs.gnome3; with pkgs.python38Packages; [ home.packages = with pkgs; with pkgs.gnome3; with pkgs.python38Packages; [
@ -90,4 +90,4 @@ in
zoom-us zoom-us
]; ];
}; };
} }

8
nixos/gui/firejail.nix Normal file
View file

@ -0,0 +1,8 @@
{ config, pkgs, lib, ... }:
{
home.file.".config/firejail/firefox.profile".text = ''
include ${pkgs.firejail}/etc/firejail/firefox.profile
ignore apparmor
ignore noexec '' + "$" + "{HOME}";
}