Unfortunatetly i have to use google chrome but not without protection, i want to create a development environment on a flake so that it wraps google chrome on firejail and allows full isolation from chrome to my machine.
here a start to this flake:
{
description = "Work evironment to access sandboxed google chrome";
inputs = {
nixpkgs.url = "github:NixOs/nixpkgs/nixos-25.05";
flake-utils.url = "github:numtide/flake-utils";
};
outputs =
{
nixpkgs,
flake-utils,
...
}:
flake-utils.lib.eachDefaultSystem (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
in
{
devShells.default = pkgs.mkShell {
buildInputs = with pkgs; [
google-chrome
firejail
];
};
}
);
}
I also checked on Firejail - NixOS Wiki and added the tornet config to my system.
If i understood right i need to create a script to run google-chrome with firejail and some options such as net=tornet.
Is this setup secure?