starred/nix-config
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-03-28 20:31:51 +01:00
Code Issues Packages Projects Releases 10 Wiki Activity
Files
d8d7010dc0f52fc9d5bbfa78fac7d76406c981e2
nix-config/hardening/firejail/default.nix

72 lines
2.8 KiB
Nix
Raw Blame History

{pkgs, ...}: let
firejailWrapper = import ./firejailWrapper.nix pkgs;
in {
programs.firejail.enable = true;
# Add firejailed Apps into nixsuper, and reference them in home-manager or other nixos modules
nixpkgs.overlays = [
(_: super: {
firejailed = {
steam = firejailWrapper {
name = "steam-firejailed";
executable = "${super.steam}/bin/steam";
profile = "${super.firejail}/etc/firejail/steam.profile";
};
steam-run = firejailWrapper {
name = "steam-run-firejailed";
executable = "${super.steam}/bin/steam-run";
profile = "${super.firejail}/etc/firejail/steam.profile";
};
# firefox = firejailWrapper {
# name = "firefox-firejailed";
# executable = "${super.lib.getBin super.firefox-wayland}/bin/firefox";
# profile = "${super.firejail}/etc/firejail/firefox.profile";
# };
# chromium = firejailWrapper {
# name = "chromium-firejailed";
# executable = "${super.lib.getBin super.ungoogled-chromium}/bin/chromium";
# profile = "${super.firejail}/etc/firejail/chromium.profile";
# };
mpv = firejailWrapper {
executable = "${super.lib.getBin super.mpv}/bin/mpv";
profile = "${super.firejail}/etc/firejail/mpv.profile";
};
imv = firejailWrapper {
executable = "${super.lib.getBin super.imv}/bin/imv";
profile = "${super.firejail}/etc/firejail/imv.profile";
};
zathura = firejailWrapper {
executable = "${super.lib.getBin super.zathura}/bin/zathura";
profile = "${super.firejail}/etc/firejail/zathura.profile";
};
slack = firejailWrapper {
executable = "${super.lib.getBin super.slack}/bin/slack";
profile = "${super.firejail}/etc/firejail/slack.profile";
};
telegram-desktop = firejailWrapper {
executable = "${super.lib.getBin super.tdesktop}/bin/telegram-desktop";
profile = "${super.firejail}/etc/firejail/telegram-desktop.profile";
};
brave = firejailWrapper {
executable = "${super.lib.getBin super.brave}/bin/brave";
profile = "${super.firejail}/etc/firejail/brave.profile";
};
qutebrowser = firejailWrapper {
executable = "${super.lib.getBin super.qutebrowser}/bin/qutebrowser";
profile = "${super.firejail}/etc/firejail/qutebrowser.profile";
};
thunar = firejailWrapper {
executable = "${super.lib.getBin super.xfce.thunar}/bin/thunar";
profile = "${super.firejail}/etc/firejail/thunar.profile";
};
vscodium = firejailWrapper {
executable = "${super.lib.getBin super.vscodium}/bin/vscodium";
profile = "${super.firejail}/etc/firejail/vscodium.profile";
};
};
})
];
}
Reference in New Issue View Git Blame Copy Permalink