Ranomier/NixToSee
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
NixToSee/modules/sec_auth/firejail.nix
Ranomier 6e143facef seperate hosts in each file
2024-09-29 12:05:41 +02:00

61 lines
1.9 KiB
Nix
Raw Blame History

# TODO refine firejail it seems that / is not shielded enough and app armor does not work
{ pkgs, ... }:
{
programs.firejail = {
enable = true;
wrappedBinaries = {
firefox = {
executable = "${pkgs.firefox}/bin/firefox";
profile = "${pkgs.firejail}/etc/firejail/firefox.profile";
extraArgs = [
# Required for U2F USB stick
"--ignore=private-dev"
# Enforce dark mode
"--env=GTK_THEME=Adwaita:dark"
# Enable system notifications
"--dbus-user.talk=org.freedesktop.Notifications"
# For screen sharing
"--dbus-user.talk=org.freedesktop.portal.*"
];
};
element-desktop = {
executable = "${pkgs.element-desktop}/bin/element-desktop";
profile = "${pkgs.firejail}/etc/firejail/element-desktop.profile";
extraArgs = [
# Required for U2F USB stick
"--ignore=private-dev"
# Enforce dark mode
"--env=GTK_THEME=Adwaita:dark"
# Enable system notifications
"--dbus-user.talk=org.freedesktop.Notifications"
# For screen sharing
"--dbus-user.talk=org.freedesktop.portal.*"
];
};
brave = {
executable = "${pkgs.brave}/bin/brave";
profile = "${pkgs.firejail}/etc/firejail/brave.profile";
extraArgs = [
# Required for U2F USB stick
"--ignore=private-dev"
# Enforce dark mode
"--env=GTK_THEME=Adwaita:dark"
# Enable system notifications
"--dbus-user.talk=org.freedesktop.Notifications"
# For screen sharing
"--dbus-user.talk=org.freedesktop.portal.*"
];
};
};
};
environment.etc = {
"firejail/brave.local".text = ''
whitelist ''${HOME}/.config/brave
whitelist ''${HOME}/.local
whitelist ''${HOME}/Downloads
'';
};
}
Reference in a new issue View git blame Copy permalink