add firejail

modules/nix/default.nix

@@ -16,6 +16,7 @@
     ./groups
     ./hardware
     ./ide
+    ./isolation
     ./networking
     ./notif
     ./office

modules/nix/groups/desktop.nix

@@ -49,6 +49,7 @@ in
       chromium.enable = true;
       desmume.enable = true;
       ghidra.enable = true;
+      firejail.enable = true;
     };
   };
 }

modules/nix/groups/laptop.nix

@@ -45,6 +45,7 @@ in
       aegisub.enable = true;
       alacritty.enable = true;
       chromium.enable = true;
+      firejail.enable = true;
     };
   };
 }

modules/nix/isolation/default.nix

@@ -0,0 +1,6 @@
+{ ... }:
+{
+  imports = [
+    ./firejail.nix
+  ];
+}

modules/nix/isolation/firejail.nix

@@ -0,0 +1,15 @@
+{ lib, pkgs, config, ... }:
+let
+  inherit (lib) mkIf mkOption types;
+in
+{
+  options.smayzy.firejail.enable = mkOption {
+    type = types.bool;
+    default = false;
+    description = "firejail";
+  };
+
+  config = mkIf config.smayzy.firejail.enable {
+    environment.systemPackages = with pkgs; [ firejail ];
+  };
+}