expanding dev tools

2025-05-18 15:24:55 -05:00
parent 7cebc21431
commit bc8948865a
3 changed files with 67 additions and 0 deletions
--- a/devtools/checkhash.nix
+++ b/devtools/checkhash.nix
@ -0,0 +1,10 @@
+with import <nixpkgs> {};
+
+let
+  url = "https://github.com/shiftkey/desktop/releases/download/release-3.2.1-linux1/GitHubDesktop-linux-3.2.1-linux1.AppImage";
+in
+builtins.fetchurl {
+  inherit url;
+  # intentionally use a bad hash to force Nix to tell you the correct one
+  sha256 = "0000000000000000000000000000000000000000000000000000";
+}
--- a/devtools/shell.nix
+++ b/devtools/shell.nix
@ -0,0 +1,38 @@
+{ pkgs ? import <nixpkgs> {} }:
+
+pkgs.mkShell {
+  buildInputs = [
+    pkgs.prismlauncher
+    pkgs.github-desktop
+    pkgs.bubblewrap
+  ];
+
+  shellHook = ''
+    mkdir -p .sandbox-home/.config/github-desktop
+    mkdir -p .sandbox-home/.config/PrismLauncher
+
+    sandboxed_run() {
+      local app_path="$(command -v "$1")"
+      echo "Launching $1 from $app_path in sandboxed environment..."
+
+      bwrap \
+        --dev-bind / / \
+        --bind "$(pwd)/.sandbox-home" /home \
+        --bind "$(pwd)/.." /home/workspace \
+        --setenv HOME /home \
+        --setenv LANG en_US.UTF-8 \
+        --setenv LC_ALL en_US.UTF-8 \
+        --setenv DISPLAY "$DISPLAY" \
+        --setenv WAYLAND_DISPLAY "$WAYLAND_DISPLAY" \
+        --setenv XDG_RUNTIME_DIR "$XDG_RUNTIME_DIR" \
+        --setenv PATH "$PATH" \
+        "$app_path" &
+    }
+
+    sandboxed_run github-desktop
+    sandboxed_run prismlauncher
+
+    echo "Both applications launched in sandboxed writable .sandbox-home. Type 'exit' to quit this shell."
+  '';
+}
+