feat: basic firejail & wrappers

2025-10-27 14:09:51 +02:00 · 2025-10-27 14:09:51 +02:00 · dc84fe5065
commit dc84fe5065
parent d81eed1573
2 changed files with 43 additions and 5 deletions
--- a/hosts/voidspear/configuration.nix
+++ b/hosts/voidspear/configuration.nix
@ -77,12 +77,55 @@
  services.zerotierone.enable = true;
  services.zerotierone.joinNetworks = [ "b3ce837c63" "363c67c55a726a89" ];

+  # nix-ld
  programs.nix-ld.enable = true;
  programs.nix-ld.libraries = with pkgs; [
    libGL
    SDL2
  ];

+  # Firejail
+  programs.firejail = {
+    enable = true;
+    wrappedBinaries = { 
+      firefox = {
+        executable = "${pkgs.firefox}/bin/firefox";
+        profile = "${pkgs.firejail}/etc/firejail/firefox.profile";
+        extraArgs = [
+          "--env=GTK_THEME=Adwaita:dark"
+        ];
+      };
+      signal-desktop-bin = {
+        executable = "${pkgs.signal-desktop-bin}/bin/signal-desktop";
+        profile = "${pkgs.firejail}/etc/firejail/signal-desktop.profile";
+        extraArgs = [
+          "--env=GTK_THEME=Adwaita:dark"
+        ];
+      };
+      vesktop = {
+        executable = "${pkgs.vesktop}/bin/vesktop";
+        profile = "${pkgs.firejail}/etc/firejail/vesktop.profile";
+        extraArgs = [
+          "--env=GTK_THEME=Adwaita:dark"
+        ];
+      };
+      spotify = {
+        executable = "${pkgs.spotify}/bin/spotify";
+        profile = "${pkgs.firejail}/etc/firejail/spotify.profile";
+        extraArgs = [
+          "--env=GTK_THEME=Adwaita:dark"
+        ];
+      };
+      obsidian = {
+        executable = "${pkgs.vesktop}/bin/obsidian";
+        profile = "${pkgs.firejail}/etc/firejail/obsidian.profile";
+        extraArgs = [
+          "--env=GTK_THEME=Adwaita:dark"
+          "--net=none" # I don't use community plugins... yet.
+        ];
+      };
+    };
+  };

  # Enable the X11 windowing system.
  # You can disable this if you're only using the Wayland session.