Jump to content

Firejail: Difference between revisions

Firejail (view source)

Revision as of 21:01, 25 June 2024

357 bytes added ,  Tuesday at 21:01
m
→‎Torify application traffic
VisualWikitext
imported>Kugland
mNo edit summary
 
(3 intermediate revisions by 2 users not shown)
Line 44: Line 44:
     };
     };
     signal-desktop = {
     signal-desktop = {
       executable = "${pkgs.signal-desktop}/bin/signal-desktop --enable-features=UseOzonePlatform --ozone-platform=wayland";
      # Enable tray icon otherwise Signal window might be hidden
       executable = "${pkgs.signal-desktop}/bin/signal-desktop --use-tray-icon";
       profile = "${pkgs.firejail}/etc/firejail/signal-desktop.profile";
       profile = "${pkgs.firejail}/etc/firejail/signal-desktop.profile";
       extraArgs = [ "--env=GTK_THEME=Adwaita:dark" ];
       extraArgs = [
        # Enforce dark mode
        "--env=GTK_THEME=Adwaita:dark"
        # Enable Wayland mode
        "--env=NIXOS_OZONE_WL=1"
        # Allow tray icon (should be upstreamed into signal-desktop.profile)
        "--dbus-user.talk=org.kde.StatusNotifierWatcher"
      ];
     };
     };
   };
   };
Line 129: Line 137:
You can use a custom DNS server if you don't want to use the one of your system. In this example, it's a server by the German privacy NGO [https://digitalcourage.de/support/zensurfreier-dns-server Digitalcourage].
You can use a custom DNS server if you don't want to use the one of your system. In this example, it's a server by the German privacy NGO [https://digitalcourage.de/support/zensurfreier-dns-server Digitalcourage].


Using [[networkd-dispatcher]] it is possible to restart the Tor daemon every time network reconnect is performaed. This avoids having to wait for Tor network timeouts and reastablishes a new connection faster.  
Using [[Systemd/networkd/dispatcher]] it is possible to restart the Tor daemon every time network reconnect is performaed. This avoids having to wait for Tor network timeouts and reastablishes a new connection faster.  


For a detailed explanation on this setup refer the [https://www.void.gr/kargig/blog/2016/12/12/firejail-with-tor-howto original guide]. Please note that this is a experimental setup which doesn't guarantee anonymity or security in any circumstances.  
For a detailed explanation on this setup refer the [https://www.void.gr/kargig/blog/2016/12/12/firejail-with-tor-howto original guide]. Please note that this is a experimental setup which doesn't guarantee anonymity or security in any circumstances.


=== Add Desktop Icons to Firejailed Apps ===
=== Add Desktop Icons to Firejailed Apps ===
Line 169: Line 177:
     let
     let
       packages = with pkgs; [
       packages = with pkgs; [
        electrum
         firefox
         firefox
        mpv
        gajim
        tor-browser
         vlc
         vlc
       ];
       ];
Line 180: Line 192:
       }
       }
       ''
       ''
        mkdir -p "$out/share/icons"
         ${lib.concatLines (map (pkg: ''
         ${lib.concatLines (map (pkg: ''
           tar -C "${pkg}" -c share/icons/hicolor -h --mode 0755 -f - | tar -C "$out" -xvf -
           tar -C "${pkg}" -c share/icons -h --mode 0755 -f - | tar -C "$out" -xf -
         '') packages)}
         '') packages)}
         find "$out/" -type f -print0 | xargs -0 chmod 0444
         find "$out/" -type f -print0 | xargs -0 chmod 0444
Klinger
trusted
596

edits

Retrieved from "https://wiki.nixos.org/wiki/Special:MobileDiff/10257...13553"