From ec8512746b0dc62986b027075dbc0714a8cadc86 Mon Sep 17 00:00:00 2001
From: Felix Schulze <admin@schulze.network>
Date: Sat, 21 Jun 2025 15:21:57 +0200
Subject: [PATCH] finally fix fucking firejail bs

needs noblacklist AND whitelist...
---
 modules/common.nix | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/modules/common.nix b/modules/common.nix
index 953cd78..73e9f17 100644
--- a/modules/common.nix
+++ b/modules/common.nix
@@ -209,8 +209,6 @@
           "--ignore=private-dev"
           # Enable desktop notifications
           "--dbus-user.talk=org.freedesktop.Notifications"
-          # Allow access to downloads
-          "--whitelist=/home/schulze/Nextcloud/Home-sync/Downloads"
         ];
       };
       chromium = {
@@ -219,6 +217,21 @@
       };
     };
   };
+  environment.etc = {
+    "firejail/firefox.local".text = ''
+      # Custom Firejail profile for firefox
+      # Allow access to downloads
+      noblacklist ''${HOME}/Nextcloud
+      whitelist ''${HOME}/Nextcloud
+
+      # Enable native notifications.
+      dbus-user.talk org.freedesktop.Notifications
+      # Allow inhibiting screensavers.
+      dbus-user.talk org.freedesktop.ScreenSaver
+      # Allow screensharing under Wayland.
+      dbus-user.talk org.freedesktop.portal.Desktop
+    '';
+  };
 
   # ================================
   # HARDWARE SECURITY (YUBIKEY)