diff --git a/README.md b/README.md
index 4f24b0b..dc36073 100644
--- a/README.md
+++ b/README.md
@@ -96,6 +96,13 @@ script looks for a profile with the same name in `~/.config/firejail`. If one
 is not found, it will create a profile that simply includes the system profile,
 as in the third example above. It will not modify any existing user profiles.
 
+### Blacklisting
+
+The `firejail.blacklist` variable is used to generate a list of blacklisted
+files and directories at `/usr/local/etc/firejail/disable-more.inc`. This file
+is included in most of the provided security profiles, causing those locations
+to be inaccessible to jailed programs.
+
 ## MAC Spoofing
 
 By default, the MAC address of all network interfaces is spoofed at boot,
diff --git a/group_vars/all b/group_vars/all
index 2b2fa25..527c16e 100644
--- a/group_vars/all
+++ b/group_vars/all
@@ -121,3 +121,16 @@ nameservers:
     - 74.82.42.42   # Hurricane Electric
 
 bluetooth: False
+
+firejail:
+    blacklist:
+        - ~/.calendars
+        - ~/.config/vdirsyncer
+        - ~/.contacts
+        - ~/.keys
+        - ~/.mbsyncrc
+        - ~/.offlineimap
+        - ~/.offlineimaprc
+        - ~/.password-store
+        - ~/.vdirsyncer
+        - ~/library/ledger
diff --git a/roles/firejail/tasks/main.yml b/roles/firejail/tasks/main.yml
index 42c3948..5d94793 100644
--- a/roles/firejail/tasks/main.yml
+++ b/roles/firejail/tasks/main.yml
@@ -12,7 +12,7 @@
   file: path=/usr/local/etc/firejail state=directory
 
 - name: Push firejail blacklist include
-  copy: src=disable-more.inc dest=/usr/local/etc/firejail/disable-more.inc
+  template: src=disable-more.inc.j2 dest=/usr/local/etc/firejail/disable-more.inc
   tags:
     - firejail
 
diff --git a/roles/firejail/templates/disable-more.inc.j2 b/roles/firejail/templates/disable-more.inc.j2
new file mode 100644
index 0000000..860133d
--- /dev/null
+++ b/roles/firejail/templates/disable-more.inc.j2
@@ -0,0 +1,4 @@
+# {{ ansible_managed }}
+{% for file in firejail.blacklist %}
+blacklist {{ file }}
+{% endfor %}