infra/nix/modules/firejail.nix

{
  config,
  pkgs,
  ...
}: {
  programs.firejail.enable = true;

  # required to run chromium
  security.chromiumSuidSandbox.enable = true;

  # create system-wide executables firefox and chromium
  # that will wrap the real binaries so everything
  # work out of the box.
  programs.firejail.wrappedBinaries = {
    jailfirefox = {
      executable = "${pkgs.lib.getBin pkgs.firefox}/bin/firefox";
      profile = "${pkgs.firejail}/etc/firejail/firefox.profile";
    };
    jailchromium = {
      executable = "${pkgs.lib.getBin pkgs.chromium}/bin/chromium";
      profile = "${pkgs.firejail}/etc/firejail/chromium.profile";
    };
  };
}
nix(t14): add some firejail programs 2023-12-11 12:47:36 +01:00			`{`
			`config,`
			`pkgs,`
			`...`
			`}: {`
			`programs.firejail.enable = true;`

			`# required to run chromium`
			`security.chromiumSuidSandbox.enable = true;`

			`# create system-wide executables firefox and chromium`
			`# that will wrap the real binaries so everything`
			`# work out of the box.`
			`programs.firejail.wrappedBinaries = {`
			`jailfirefox = {`
			`executable = "${pkgs.lib.getBin pkgs.firefox}/bin/firefox";`
			`profile = "${pkgs.firejail}/etc/firejail/firefox.profile";`
			`};`
			`jailchromium = {`
			`executable = "${pkgs.lib.getBin pkgs.chromium}/bin/chromium";`
			`profile = "${pkgs.firejail}/etc/firejail/chromium.profile";`
			`};`
			`};`
			`}`