diff --git a/overlays/nixpkgs/firefox.nix b/overlays/nixpkgs/firefox.nix
index c02b59e..2d676e8 100644
--- a/overlays/nixpkgs/firefox.nix
+++ b/overlays/nixpkgs/firefox.nix
@@ -1,5 +1,6 @@
 # Shamelessly stolen most parts from here:
 # https://github.com/ryan4yin/nix-config/blob/7deed26cc5a3af2072b8c89a688f265607babc80/hardening/nixpaks/firefox.nix
+# https://github.com/schizofox/schizofox/blob/cdf69b2a445ff12680657a3bd44ce7c406bf2ae6/flake/modules/home-manager/default.nix
 
 { ... }: final: prev: {
   firefox-esr = let
@@ -10,26 +11,59 @@
         flatpak.appId = "org.mozilla.firefox";
 
         dbus.policies = {
-          "org.mozilla.firefox.*" = "own";
-          "org.mozilla.firefox_esr.*" = "own";
-          "org.mozilla.firefox_beta.*" = "own";
+          "org.a11y.Bus" = "talk";
+          "org.gnome.SessionManager" = "talk";
+          "org.freedesktop.ScreenSaver" = "talk";
+          "org.gtk.vfs.*" = "talk";
+          "org.gtk.vfs" = "talk";
+          "org.freedesktop.Notifications" = "talk";
+          "org.freedesktop.portal.FileChooser" = "talk";
+          "org.freedesktop.portal.Settings" = "talk";
           "org.mpris.MediaPlayer2.firefox.*" = "own";
+          "org.mozilla.firefox.*" = "own";
+          "org.mozilla.firefox_beta.*" = "own";
+          "org.freedesktop.DBus" = "talk";
+          "org.freedesktop.DBus.*" = "talk";
+          "ca.desrt.dconf" = "talk";
+          "org.freedesktop.portal.*" = "talk";
           "org.freedesktop.NetworkManager" = "talk";
+          "org.freedesktop.FileManager1" = "talk";
         };
 
-        bubblewrap = {
+        gpu.enable = true;
+        gpu.provider = "bundle";
+        fonts.enable = true;
+        locale.enable = true;
+        etc.sslCertificates.enable = true;
+
+        bubblewrap = let
+          envSuffix = envKey: sloth.concat' (sloth.env envKey);
+        in {
           bind.dev = [ "/dev/shm" ];
           tmpfs = [ "/tmp" ];
 
           bind.rw = [
-            [ (sloth.mkdir (sloth.concat' sloth.xdgConfigHome "/mozilla")) (sloth.concat' sloth.homeDir "/.mozilla")]
             sloth.xdgDownloadDir
+
+            (envSuffix "XDG_RUNTIME_DIR" "/at-spi/bus")
+            (envSuffix "XDG_RUNTIME_DIR" "/gvfsd")
+            (envSuffix "XDG_RUNTIME_DIR" "/pulse")
+            (envSuffix "XDG_RUNTIME_DIR" "/doc")
+            (envSuffix "XDG_RUNTIME_DIR" "/dconf")
+
+            [ (sloth.mkdir (sloth.concat' sloth.xdgConfigHome "/mozilla")) (sloth.concat' sloth.homeDir "/.mozilla")]
           ];
 
           bind.ro = [
             "/sys/bus/pci"
+            "/etc/resolv.conf"
+            "/etc/localtime"
             ["${prev.firefox-esr}/lib/firefox" "/app/etc/firefox"]
             (sloth.concat' sloth.xdgConfigHome "/dconf")
+            (sloth.concat' sloth.xdgConfigHome "/gtk-2.0")
+            (sloth.concat' sloth.xdgConfigHome "/gtk-3.0")
+            (sloth.concat' sloth.xdgConfigHome "/gtk-4.0")
+            (sloth.concat' sloth.xdgConfigHome "/dconf")
           ];
 
           sockets = {