merge: firejail

Reviewed-on: #2

hosts/voidspear/configuration.nix

@@ -2,7 +2,7 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 
 {
   imports =
@@ -77,12 +77,38 @@
   services.zerotierone.enable = true;
   services.zerotierone.joinNetworks = [ "b3ce837c63" "363c67c55a726a89" ];
 
+  # nix-ld
   programs.nix-ld.enable = true;
   programs.nix-ld.libraries = with pkgs; [
     libGL
     SDL2
   ];
 
+  # Firejail
+  programs.firejail = {
+    enable = true;
+    wrappedBinaries =
+      let
+        apps = {
+          firefox = {};
+          "signal-desktop-bin" = { name = "signal-desktop"; };
+          vesktop = {};
+          spotify = {};
+          obsidian = {};
+        };
+      in
+      lib.mapAttrs (pkg: conf:
+        let
+          binName = conf.name or pkg;
+        in
+        {
+          executable = "${pkgs.${pkg}}/bin/${binName}";
+          profile = "${pkgs.firejail}/etc/firejail/${binName}.profile";
+          extraArgs = [
+            "--env=GTK_THEME=Adwaita:dark"
+          ];
+        }) apps;
+  };
 
   # Enable the X11 windowing system.
   # You can disable this if you're only using the Wayland session.

hosts/voidspear/home.nix

@@ -6,7 +6,6 @@
   home.packages = with pkgs; [
     neovim
     fastfetch
-    firefox
     git
     cava
     kdePackages.qtwebsockets
@@ -14,13 +13,11 @@
       python313Packages.websockets
       python313Packages.requests # basic python test env
     ]))
-    signal-desktop-bin
     simplex-chat-desktop
     qbittorrent
     ffmpeg
     yt-dlp
     prismlauncher
-    vesktop
     keepassxc
     obs-studio
     mpv
@@ -38,8 +35,6 @@
     })
     woeusb-ng
     ntfs3g
-    obsidian
-    spotify
   ];
 
   home.file = {