From b59be8338aaf8f5c326e93ac6f6a7a4a9392d2b2 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Tue, 23 Jan 2024 14:57:57 +0000
Subject: [PATCH] firefox: fix up sandboxing of ssh/sops

---
 hosts/common/programs/firefox.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hosts/common/programs/firefox.nix b/hosts/common/programs/firefox.nix
index ebd768cb..2c26bbaa 100644
--- a/hosts/common/programs/firefox.nix
+++ b/hosts/common/programs/firefox.nix
@@ -305,8 +305,9 @@ in
         # TODO: find a way to not expose ~/.ssh to firefox
         # - unlock sops at login?
         fs.".ssh" = lib.mkIf cfg.addons.browserpass-extension.enable {};
+        fs."private/.ssh" = lib.mkIf cfg.addons.browserpass-extension.enable {};
         # fs.".ssh/id_ed25519" = lib.mkIf cfg.addons.browserpass-extension.enable {};
-        fs.".config/sops" = lib.mkIf cfg.addons.browserpass-extension.enable {};
+        fs.".config/sops".dir = lib.mkIf cfg.addons.browserpass-extension.enable {};
         fs."private/knowledge/secrets/accounts" = lib.mkIf cfg.addons.browserpass-extension.enable {};
       };
     })