cyplo/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

wip on firejail for firefox

Browse source
This commit is contained in:
Cyryl Płotnicki 2022-01-15 23:43:25 +00:00
parent 9695c20f6a
commit e9b76d519e
2 changed files with 94 additions and 86 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

172
nixos/gui/default.nix
View file

@ -2,92 +2,92 @@
let let
unstable = inputs.nixpkgs-nixos-unstable.legacyPackages.${pkgs.system}; unstable = inputs.nixpkgs-nixos-unstable.legacyPackages.${pkgs.system};
in in
{ {
programs.firejail.enable = true; programs.firejail.enable = true;
programs.firejail.wrappedBinaries = {
programs.firejail.wrappedBinaries = { firefox = {
firefox = { executable = "${pkgs.lib.getBin pkgs.firefox}/bin/firefox";
executable = "${pkgs.lib.getBin pkgs.firefox}/bin/firefox"; profile = "${pkgs.firejail}/etc/firejail/firefox.profile";
profile = "${pkgs.firejail}/etc/firejail/firefox.profile"; };
}; chromium = {
chromium = { executable = "${pkgs.lib.getBin pkgs.chromium}/bin/chromium";
executable = "${pkgs.lib.getBin pkgs.chromium}/bin/chromium"; profile = "${pkgs.firejail}/etc/firejail/chromium.profile";
profile = "${pkgs.firejail}/etc/firejail/chromium.profile";
};
};
home-manager.users.cyryl = { ... }: {
gtk = {
enable = true;
iconTheme = {
name = "Adwaita";
package = pkgs.gnome3.adwaita-icon-theme;
}; };
}; };
qt = {
enable = true; home-manager.users.cyryl = { ... }: {
platformTheme = "gnome"; gtk = {
style.name = "adwaita-dark"; enable = true;
style.package = pkgs.adwaita-qt; iconTheme = {
name = "Adwaita";
package = pkgs.gnome3.adwaita-icon-theme;
};
};
qt = {
enable = true;
platformTheme = "gnome";
style.name = "adwaita-dark";
style.package = pkgs.adwaita-qt;
};
imports = [
./vscode.nix
./firejail.nix
];
home.packages = with pkgs; with pkgs.gnome3; with pkgs.python38Packages; [
anarchism
apvlv
binwalk-full
brave
cheese
digikam
discord
electrum
element-desktop
eog
evince
fontconfig
freecad
ghidra-bin
gimp
glxinfo
gnome-screenshot
gsettings-desktop-schemas
hopper
inkscape
keybase-gui
libreoffice
mindforger
modem-manager-gui
nautilus
nyxt
obs-studio
openscad
passff-host
pdfarranger
qcad
qemu
remmina
shotwell
signal-desktop
simple-scan
slack
spotify
ssb-patchwork
tlaplusToolbox
tlaps
vlc
wineFull
wireshark
wsjtx
xclip
xidlehook
yubico-piv-tool
yubikey-manager-qt
yubikey-personalization
yubikey-personalization-gui
zoom-us
];
}; };
}
imports = [
./vscode.nix
];
home.packages = with pkgs; with pkgs.gnome3; with pkgs.python38Packages; [
anarchism
apvlv
binwalk-full
brave
cheese
digikam
discord
electrum
element-desktop
eog
evince
fontconfig
freecad
ghidra-bin
gimp
glxinfo
gnome-screenshot
gsettings-desktop-schemas
hopper
inkscape
keybase-gui
libreoffice
mindforger
modem-manager-gui
nautilus
nyxt
obs-studio
openscad
passff-host
pdfarranger
qcad
qemu
remmina
shotwell
signal-desktop
simple-scan
slack
spotify
ssb-patchwork
tlaplusToolbox
tlaps
vlc
wineFull
wireshark
wsjtx
xclip
xidlehook
yubico-piv-tool
yubikey-manager-qt
yubikey-personalization
yubikey-personalization-gui
zoom-us
];
};
}

8
nixos/gui/firejail.nix Normal file
View file

@ -0,0 +1,8 @@
{ config, pkgs, lib, ... }:
{
home.file.".config/firejail/firefox.profile".text = ''
include ${pkgs.firejail}/etc/firejail/firefox.profile
ignore apparmor
ignore noexec '' + "$" + "{HOME}";
}