# Shamelessly stolen most parts from https://github.com/schizofox/schizofox { ... }: final: prev: { firefox-esr = let sandboxed-firefox-esr = prev.mkNixPak { config = { sloth, ... }: { app.package = prev.firefox-esr; app.binPath = "bin/firefox-esr"; flatpak.appId = "org.mozilla.firefox"; dbus.policies = { "org.mozilla.Firefox" = "own"; "org.mozilla.Firefox.*" = "own"; "org.a11y.Bus" = "talk"; "org.gnome.SessionManager" = "talk"; "org.freedesktop.ScreenSaver" = "talk"; "org.gtk.vfs.*" = "talk"; "org.gtk.vfs" = "talk"; "org.freedesktop.Notifications" = "talk"; "org.freedesktop.portal.FileChooser" = "talk"; "org.freedesktop.portal.Settings" = "talk"; "org.mpris.MediaPlayer2.firefox.*" = "own"; "org.mozilla.firefox.*" = "own"; "org.mozilla.firefox_beta.*" = "own"; "org.freedesktop.DBus" = "talk"; "org.freedesktop.DBus.*" = "talk"; "ca.desrt.dconf" = "talk"; "org.freedesktop.portal.*" = "talk"; "org.freedesktop.NetworkManager" = "talk"; "org.freedesktop.FileManager1" = "talk"; }; gpu.enable = true; gpu.provider = "bundle"; fonts.enable = true; locale.enable = true; etc.sslCertificates.enable = true; bubblewrap = let envSuffix = envKey: sloth.concat' (sloth.env envKey); in { network = true; bind.rw = [ (sloth.concat' sloth.xdgCacheHome "/fontconfig") (sloth.concat' sloth.xdgCacheHome "/mesa_shader_cache") (sloth.concat [ (sloth.env "XDG_RUNTIME_DIR") "/" (sloth.envOr "WAYLAND_DISPLAY" "no") ]) "/tmp/.X11-unix" (sloth.envOr "XAUTHORITY" "/no-xauth") (envSuffix "XDG_RUNTIME_DIR" "/at-spi/bus") (envSuffix "XDG_RUNTIME_DIR" "/gvfsd") (envSuffix "XDG_RUNTIME_DIR" "/pulse") (envSuffix "XDG_RUNTIME_DIR" "/doc") (envSuffix "XDG_RUNTIME_DIR" "/dconf") (sloth.concat' sloth.xdgConfigHome "/mozilla") ]; bind.ro = [ "/etc/resolv.conf" (sloth.concat' sloth.xdgConfigHome "/gtk-2.0") (sloth.concat' sloth.xdgConfigHome "/gtk-3.0") (sloth.concat' sloth.xdgConfigHome "/gtk-4.0") (sloth.concat' sloth.xdgConfigHome "/dconf") "/etc/localtime" "/sys/bus/pci" ]; }; }; }; in sandboxed-firefox-esr.config.script; }