firefox: fix up sandboxing of ssh/sops

2024-01-23 14:57:57 +00:00
parent ab4bbc2224
commit b59be8338a
1 changed files with 2 additions and 1 deletions
--- a/hosts/common/programs/firefox.nix
+++ b/hosts/common/programs/firefox.nix
@@ -305,8 +305,9 @@ in
        # TODO: find a way to not expose ~/.ssh to firefox
        # - unlock sops at login?
        fs.".ssh" = lib.mkIf cfg.addons.browserpass-extension.enable {};
+        fs."private/.ssh" = lib.mkIf cfg.addons.browserpass-extension.enable {};
        # fs.".ssh/id_ed25519" = lib.mkIf cfg.addons.browserpass-extension.enable {};
-        fs.".config/sops" = lib.mkIf cfg.addons.browserpass-extension.enable {};
+        fs.".config/sops".dir = lib.mkIf cfg.addons.browserpass-extension.enable {};
        fs."private/knowledge/secrets/accounts" = lib.mkIf cfg.addons.browserpass-extension.enable {};
      };
    })