wip on firejail for firefox

This commit is contained in:
Cyryl Płotnicki 2022-01-15 23:43:25 +00:00
parent 9695c20f6a
commit e9b76d519e
2 changed files with 94 additions and 86 deletions

View file

@ -2,9 +2,8 @@
let
unstable = inputs.nixpkgs-nixos-unstable.legacyPackages.${pkgs.system};
in
{
{
programs.firejail.enable = true;
programs.firejail.wrappedBinaries = {
firefox = {
executable = "${pkgs.lib.getBin pkgs.firefox}/bin/firefox";
@ -33,6 +32,7 @@ in
imports = [
./vscode.nix
./firejail.nix
];
home.packages = with pkgs; with pkgs.gnome3; with pkgs.python38Packages; [
@ -90,4 +90,4 @@ in
zoom-us
];
};
}
}

8
nixos/gui/firejail.nix Normal file
View file

@ -0,0 +1,8 @@
{ config, pkgs, lib, ... }:
{
home.file.".config/firejail/firefox.profile".text = ''
include ${pkgs.firejail}/etc/firejail/firefox.profile
ignore apparmor
ignore noexec '' + "$" + "{HOME}";
}