From a67898ceabc5157f11ed99ae47794b0de2abd1c1 Mon Sep 17 00:00:00 2001
From: Xory <xory@tutamail.com>
Date: Sat, 3 Jan 2026 23:49:19 +0200
Subject: [PATCH] fix: reintroduce firejail

---
 configuration.nix | 57 ++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 56 insertions(+), 1 deletion(-)

diff --git a/configuration.nix b/configuration.nix
index 77d1fda..773f8cd 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -88,7 +88,62 @@
   ];
 
   # Firejail
-  # TODO: add this back
+  programs.firejail = {
+    enable = true;
+    wrappedBinaries = {
+      vesktop = {
+        executable = "${pkgs.vesktop}/bin/vesktop";
+        profile = "${pkgs.firejail}/etc/firejail/vesktop.profile";
+        extraArgs = [
+          "--ignore=dbus-system"
+          "--ignore=nodbus"
+
+          "--dbus-user.talk=org.freedesktop.Notifications"
+          "--dbus-user.talk=org.kde.StatusNotifierWatcher"
+          
+          "--dbus-user.talk=org.freedesktop.portal.Desktop"
+          "--dbus-user.talk=org.freedesktop.portal.ScreenCast"
+          "--dbus-user.talk=org.freedesktop.portal.Documents"
+          
+          "--noblacklist=/run/user/[0-9]*/discord-ipc-*"
+          "--whitelist=/run/user/[0-9]*/discord-ipc-*"
+
+          "--env=GTK_THEME=Adwaita:dark"
+          "--noblacklist=~/Pictures"
+          "--noblacklist=~/Documents"
+          "--whitelist=~/Pictures"
+          "--whitelist=~/Documents"
+        ];
+      };
+      firefox = {
+        executable = "${pkgs.firefox}/bin/firefox";
+        profile = "${pkgs.firejail}/etc/firejail/firefox.profile";
+        extraArgs = [
+          "--env=GTK_THEME=Adwaita:dark"
+        ];
+      };
+      signal-desktop-bin = {
+        executable = "${pkgs.signal-desktop-bin}/bin/signal-desktop";
+        profile = "${pkgs.firejail}/etc/firejail/signal-desktop.profile";
+        extraArgs = [
+          "--env=GTK_THEME=Adwaita:dark"
+          "--noblacklist=~/Pictures"
+          "--noblacklist=~/Documents"
+          "--whitelist=~/Pictures"
+          "--whitelist=~/Documents"
+          "--dbus-user.talk=org.freedesktop.Notifications"
+          "--dbus-user.talk=org.kde.StatusNotifierWatcher"
+        ];
+      };
+      obsidian = {
+        executable = "${pkgs.obsidian}/bin/obsidian";
+        profile = "${pkgs.firejail}/etc/firejail/obsidian.profile";
+        extraArgs = [
+          "--env=GTK_THEME=Adwaita:dark"
+        ];
+      };
+    };
+  };
 
   # Enable the KDE Plasma Desktop Environment.
   # I keep this enabled even if I main Hyprland because of QT.