25 lines
642 B
Nix
25 lines
642 B
Nix
{
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
programs.firejail.enable = true;
|
|
|
|
# required to run chromium
|
|
security.chromiumSuidSandbox.enable = true;
|
|
|
|
# create system-wide executables firefox and chromium
|
|
# that will wrap the real binaries so everything
|
|
# work out of the box.
|
|
programs.firejail.wrappedBinaries = {
|
|
jailfirefox = {
|
|
executable = "${pkgs.lib.getBin pkgs.firefox}/bin/firefox";
|
|
profile = "${pkgs.firejail}/etc/firejail/firefox.profile";
|
|
};
|
|
jailchromium = {
|
|
executable = "${pkgs.lib.getBin pkgs.chromium}/bin/chromium";
|
|
profile = "${pkgs.firejail}/etc/firejail/chromium.profile";
|
|
};
|
|
};
|
|
}
|