Firejail: Difference between revisions
imported>Onny Add usage examples |
imported>Onny Add info about Firejail module |
||
Line 7: | Line 7: | ||
<syntaxhighlight lang="nix"> | <syntaxhighlight lang="nix"> | ||
environment.systemPackages = with pkgs; [ firejail ]; | environment.systemPackages = with pkgs; [ firejail ]; | ||
</syntaxhighlight> | |||
You can also use the Firejail NixOS module for a persistent usage of specific applications which should always run in Firejail. The following example wraps the browser Librewolf and the messenger Signal in a Firejail environment. The usual program path to <code>librewolf</code> and <code>signal-desktop</code> will be overwritten by the Firejail-wrapper. | |||
<syntaxhighlight lang="nix"> | |||
programs.firejail = { | |||
enable = true; | |||
wrappedBinaries = { | |||
librewolf = { | |||
executable = "${pkgs.librewolf}/bin/librewolf"; | |||
profile = "${pkgs.firejail}/etc/firejail/librewolf.profile"; | |||
extraArgs = [ | |||
# Required for U2F USB stick | |||
"--ignore=private-dev" | |||
# Enforce dark mode | |||
"--env=GTK_THEME=Adwaita:dark" | |||
]; | |||
}; | |||
signal-desktop = { | |||
executable = "${pkgs.signal-desktop}/bin/signal-desktop --enable-features=UseOzonePlatform --ozone-platform=wayland"; | |||
profile = "${pkgs.firejail}/etc/firejail/signal-desktop.profile"; | |||
extraArgs = [ "--env=LC_ALL=C" "--env=GTK_THEME=Adwaita:dark" ]; | |||
}; | |||
}; | |||
}; | |||
</syntaxhighlight> | </syntaxhighlight> | ||