From 91240b2a508f87db4ae23bd4054a8e0150de96ef Mon Sep 17 00:00:00 2001
From: smayzy <smayzy@smayzy.ovh>
Date: Tue, 12 Aug 2025 18:40:56 +0200
Subject: [PATCH] add firejail

---
 modules/nix/default.nix            |  1 +
 modules/nix/groups/desktop.nix     |  1 +
 modules/nix/groups/laptop.nix      |  1 +
 modules/nix/isolation/default.nix  |  6 ++++++
 modules/nix/isolation/firejail.nix | 15 +++++++++++++++
 5 files changed, 24 insertions(+)
 create mode 100644 modules/nix/isolation/default.nix
 create mode 100644 modules/nix/isolation/firejail.nix

diff --git a/modules/nix/default.nix b/modules/nix/default.nix
index 5ff484e..319d522 100644
--- a/modules/nix/default.nix
+++ b/modules/nix/default.nix
@@ -16,6 +16,7 @@
     ./groups
     ./hardware
     ./ide
+    ./isolation
     ./networking
     ./notif
     ./office
diff --git a/modules/nix/groups/desktop.nix b/modules/nix/groups/desktop.nix
index 815cee1..30250c8 100644
--- a/modules/nix/groups/desktop.nix
+++ b/modules/nix/groups/desktop.nix
@@ -49,6 +49,7 @@ in
       chromium.enable = true;
       desmume.enable = true;
       ghidra.enable = true;
+      firejail.enable = true;
     };
   };
 }
diff --git a/modules/nix/groups/laptop.nix b/modules/nix/groups/laptop.nix
index be9433f..308af0d 100644
--- a/modules/nix/groups/laptop.nix
+++ b/modules/nix/groups/laptop.nix
@@ -45,6 +45,7 @@ in
       aegisub.enable = true;
       alacritty.enable = true;
       chromium.enable = true;
+      firejail.enable = true;
     };
   };
 }
diff --git a/modules/nix/isolation/default.nix b/modules/nix/isolation/default.nix
new file mode 100644
index 0000000..65acd5e
--- /dev/null
+++ b/modules/nix/isolation/default.nix
@@ -0,0 +1,6 @@
+{ ... }:
+{
+  imports = [
+    ./firejail.nix
+  ];
+}
diff --git a/modules/nix/isolation/firejail.nix b/modules/nix/isolation/firejail.nix
new file mode 100644
index 0000000..4fa5827
--- /dev/null
+++ b/modules/nix/isolation/firejail.nix
@@ -0,0 +1,15 @@
+{ lib, pkgs, config, ... }:
+let
+  inherit (lib) mkIf mkOption types;
+in
+{
+  options.smayzy.firejail.enable = mkOption {
+    type = types.bool;
+    default = false;
+    description = "firejail";
+  };
+
+  config = mkIf config.smayzy.firejail.enable {
+    environment.systemPackages = with pkgs; [ firejail ];
+  };
+}