default.nix
1 { inputs, config, pkgs, lib, ... }: let 2 3 firejail = config.modules.security.firejail; 4 5 in { 6 options.modules.security.firejail = { 7 enable = lib.mkEnableOption "Enable firejail"; 8 }; 9 10 config = lib.mkIf firejail.enable { 11 programs = { 12 firejail = { # https://wiki.nixos.org/wiki/Firejail 13 enable = true; 14 wrappedBinaries = { 15 librewolf = { 16 executable = "${pkgs.librewolf}/bin/librewolf"; 17 profile = "${pkgs.firejail}/etc/firejail/librewolf.profile"; 18 extraArgs = [ 19 "--ignore=private-dev" # Required for U2F USB stick 20 "--env=GTK_THEME=Adwaita:dark" # Enforce dark mode 21 "--dbus-user.talk=org.freedesktop.Notifications" # Enable system notifications 22 ]; 23 }; 24 }; 25 }; 26 }; 27 }; 28 }