wip on firejail for firefox
This commit is contained in:
parent
9695c20f6a
commit
e9b76d519e
2 changed files with 94 additions and 86 deletions
|
@ -2,9 +2,8 @@
|
||||||
let
|
let
|
||||||
unstable = inputs.nixpkgs-nixos-unstable.legacyPackages.${pkgs.system};
|
unstable = inputs.nixpkgs-nixos-unstable.legacyPackages.${pkgs.system};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
programs.firejail.enable = true;
|
programs.firejail.enable = true;
|
||||||
|
|
||||||
programs.firejail.wrappedBinaries = {
|
programs.firejail.wrappedBinaries = {
|
||||||
firefox = {
|
firefox = {
|
||||||
executable = "${pkgs.lib.getBin pkgs.firefox}/bin/firefox";
|
executable = "${pkgs.lib.getBin pkgs.firefox}/bin/firefox";
|
||||||
|
@ -33,6 +32,7 @@ in
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
./vscode.nix
|
./vscode.nix
|
||||||
|
./firejail.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
home.packages = with pkgs; with pkgs.gnome3; with pkgs.python38Packages; [
|
home.packages = with pkgs; with pkgs.gnome3; with pkgs.python38Packages; [
|
||||||
|
@ -90,4 +90,4 @@ in
|
||||||
zoom-us
|
zoom-us
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
8
nixos/gui/firejail.nix
Normal file
8
nixos/gui/firejail.nix
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
{
|
||||||
|
home.file.".config/firejail/firefox.profile".text = ''
|
||||||
|
include ${pkgs.firejail}/etc/firejail/firefox.profile
|
||||||
|
|
||||||
|
ignore apparmor
|
||||||
|
ignore noexec '' + "$" + "{HOME}";
|
||||||
|
}
|
Loading…
Reference in a new issue