diff --git a/playbook.yml b/playbook.yml
index 2990062..a50a4c7 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -22,6 +22,7 @@
     - { role: editors, tags: ['editors'] }
     - { role: browsers, tags: ['browsers'] }
     - { role: media, tags: ['media'] }
+    - { role: pianobar, tags: ['pianobar'] }
     - { role: laptop, tags: ['laptop'] }
     - { role: thinkpad, tags: ['thinkpad'], when: "'ThinkPad' in ansible_product_version" }
     - { role: macbook, tags: ['macbook'], when: "'MacBook' in ansible_product_name" }
diff --git a/roles/media/tasks/main.yml b/roles/media/tasks/main.yml
index fdc0b99..f704f6e 100644
--- a/roles/media/tasks/main.yml
+++ b/roles/media/tasks/main.yml
@@ -1,5 +1,4 @@
 ---
-- include: mpv.yml
 - include: mpd.yml
 - include: beets.yml
 - include: abcde.yml
@@ -9,7 +8,6 @@
 - include: gimp.yml
 - include: gthumb.yml
 - include: feh.yml
-- include: pianobar.yml
 - include: teiler.yml
 - include: flac2all.yml
 - include: darktable.yml
@@ -34,3 +32,6 @@
     - mat
   tags:
     - aur
+
+- name: Install youtube-dl
+  pacman: name=youtube-dl state=present
diff --git a/roles/media/tasks/mpv.yml b/roles/media/tasks/mpv.yml
deleted file mode 100644
index c2c23d8..0000000
--- a/roles/media/tasks/mpv.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-- name: Install youtube-dl
-  pacman: name=youtube-dl state=present
-  tags:
-    - mpv
-
-- name: Install mpv
-  pacman: name=mpv state=present
-  tags:
-    - mpv
diff --git a/roles/media/tasks/pianobar.yml b/roles/media/tasks/pianobar.yml
deleted file mode 100644
index e99d759..0000000
--- a/roles/media/tasks/pianobar.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- name: Install pianobar
-  pacman: name=pianobar state=present
-  tags:
-    - pianobar
diff --git a/roles/pianobar/files/firejail/pianobar.profile b/roles/pianobar/files/firejail/pianobar.profile
new file mode 100644
index 0000000..77232c2
--- /dev/null
+++ b/roles/pianobar/files/firejail/pianobar.profile
@@ -0,0 +1,14 @@
+include /etc/firejail/disable-mgmt.inc
+include /etc/firejail/disable-secret.inc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+
+caps.drop all
+seccomp
+protocol unix,inet,inet6
+netfilter
+noroot
+nogroups
+shell none
+private-etc group,hosts,nsswitch.conf,resolv.conf,asound.conf,pulse,ssl,ca-certificates
+whitelist ~/.config/pianobar
diff --git a/roles/pianobar/meta/main.yml b/roles/pianobar/meta/main.yml
new file mode 100644
index 0000000..cbc0668
--- /dev/null
+++ b/roles/pianobar/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: firejail }
diff --git a/roles/pianobar/tasks/main.yml b/roles/pianobar/tasks/main.yml
new file mode 100644
index 0000000..8b9daf1
--- /dev/null
+++ b/roles/pianobar/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+- name: Install pianobar
+  pacman: name=pianobar state=present
+
+- name: Jail pianobar
+  file: src=/usr/bin/firejail
+        dest=/usr/local/bin/pianobar
+        state=link
+  tags:
+    - firejail
+
+- name: Push pianobar firejail profile
+  copy: src=firejail/pianobar.profile dest=/usr/local/etc/firejail/pianobar.profile
+  tags:
+    - firejail