surtur
221190a5c7
it's just a firefox nightly that runs as a systemd user service with no recollection of past history and no super-tight security tweaks (browser-wise). encapsulated using systemd-interfaced kernel capabilities to protect the home. the alias is supposed to encompass the purpose of use.
40 lines
909 B
SYSTEMD
40 lines
909 B
SYSTEMD
# /etc/systemd/system/ffnn.service
|
|
[Unit]
|
|
Description=sh*tbrowser
|
|
PartOf=sway-session.target
|
|
After=sway-session.target
|
|
|
|
[Service]
|
|
; RemainAfterExit=yes
|
|
|
|
; Security
|
|
; PrivateUsers=true
|
|
; ProtectKernelModules=yes
|
|
DevicePolicy=closed
|
|
ProtectHome=true
|
|
ProtectSystem=strict
|
|
ReadWritePaths=-%h/Downloads/firefox-nightly
|
|
ReadWritePaths=-%h/Downloads
|
|
NoNewPrivileges=true
|
|
ProtectProc=invisible
|
|
PrivateTmp=yes
|
|
LockPersonality=true
|
|
SystemCallArchitectures=native
|
|
|
|
Environment=MOZ_ENABLE_WAYLAND=1
|
|
Environment=MOZ_DBUS_REMOTE=1
|
|
Environment=MOZ_USE_XINPUT2=1
|
|
Environment=QT_QPA_PLATFORM=wayland
|
|
Environment=XDG_SESSION_TYPE=wayland
|
|
Environment=SDL_VIDEODRIVER=wayland
|
|
Environment=NO_AT_BRIDGE=1
|
|
ExecStart=
|
|
ExecStart=-%h/Downloads/firefox-nightly/firefox-bin
|
|
; ExecStart=-%h/Downloads/firefox-nightly/firefox-bin -desktop
|
|
Restart=on-failure
|
|
StartLimitBurst=3
|
|
StartLimitInterval=60s
|
|
|
|
[Install]
|
|
WantedBy=sway-session.target
|