diff --git a/overlays/nixpkgs/firefox.nix b/overlays/nixpkgs/firefox.nix
index 7f9fda5..51f21d6 100644
--- a/overlays/nixpkgs/firefox.nix
+++ b/overlays/nixpkgs/firefox.nix
@@ -5,8 +5,73 @@
     sandboxed-firefox-esr = pkgs.mkNixPak {
       config = { sloth, pkgs, ... }: {
         app.package = pkgs.firefox-esr;
+        app.binPath = "bin/firefox-esr";
+        flatpak.appId = "org.mozilla.firefox";
+        dbus.policies = {
+          "org.mozilla.Firefox" = "own";
+          "org.mozilla.Firefox.*" = "own";
+          "org.a11y.Bus" = "talk";
+          "org.gnome.SessionManager" = "talk";
+          "org.freedesktop.ScreenSaver" = "talk";
+          "org.gtk.vfs.*" = "talk";
+          "org.gtk.vfs" = "talk";
+          "org.freedesktop.Notifications" = "talk";
+          "org.freedesktop.portal.FileChooser" = "talk";
+          "org.freedesktop.portal.Settings" = "talk";
+          "org.mpris.MediaPlayer2.firefox.*" = "own";
+          "org.mozilla.firefox.*" = "own";
+          "org.mozilla.firefox_beta.*" = "own";
+          "org.freedesktop.DBus" = "talk";
+          "org.freedesktop.DBus.*" = "talk";
+          "ca.desrt.dconf" = "talk";
+          "org.freedesktop.portal.*" = "talk";
+          "org.freedesktop.NetworkManager" = "talk";
+          "org.freedesktop.FileManager1" = "talk";
+        };
+
+        gpu.enable = true;
+        gpu.provider = "bundle";
+        fonts.enable = true;
+        locale.enable = true;
+        etc.sslCertificates.enable = true;
+
+        bubblewrap = let
+          envSuffix = envKey: sloth.concat' (sloth.env envKey);
+        in {
+          network = true;
+
+          bind.rw = [
+            (sloth.concat' sloth.xdgCacheHome "/fontconfig")
+            (sloth.concat' sloth.xdgCacheHome "/mesa_shader_cache")
+            (sloth.concat [
+              (sloth.env "XDG_RUNTIME_DIR")
+              "/"
+              (sloth.envOr "WAYLAND_DISPLAY" "no")
+            ])
+            "/tmp/.X11-unix"
+            (sloth.envOr "XAUTHORITY" "/no-xauth")
+
+            (envSuffix "XDG_RUNTIME_DIR" "/at-spi/bus")
+            (envSuffix "XDG_RUNTIME_DIR" "/gvfsd")
+            (envSuffix "XDG_RUNTIME_DIR" "/pulse")
+            (envSuffix "XDG_RUNTIME_DIR" "/doc")
+            (envSuffix "XDG_RUNTIME_DIR" "/dconf")
+
+            (sloth.concat [sloth.xdgConfigHome "/.mozilla"])
+          ];
+
+          bind.ro = [
+            "/etc/resolv.conf"
+            (sloth.concat' sloth.xdgConfigHome "/gtk-2.0")
+            (sloth.concat' sloth.xdgConfigHome "/gtk-3.0")
+            (sloth.concat' sloth.xdgConfigHome "/gtk-4.0")
+            (sloth.concat' sloth.xdgConfigHome "/dconf")
+            "/etc/localtime"
+            "/sys/bus/pci"
+          ];
+        };
       };
     };
   in
-    [sandboxed-firefox-esr];
+    sandboxed-firefox-esr.config.script;
 }