{ pkgs ? import {} }: pkgs.mkShell { buildInputs = [ pkgs.prismlauncher pkgs.github-desktop pkgs.bubblewrap ]; shellHook = '' mkdir -p .sandbox-home/.config/github-desktop mkdir -p .sandbox-home/.config/PrismLauncher sandboxed_run() { local app_path="$(command -v "$1")" echo "Launching $1 from $app_path in sandboxed environment..." bwrap \ --dev-bind / / \ --bind "$(pwd)/.sandbox-home" /home \ --bind "$(pwd)/.." /home/workspace \ --setenv HOME /home \ --setenv LANG en_US.UTF-8 \ --setenv LC_ALL en_US.UTF-8 \ --setenv DISPLAY "$DISPLAY" \ --setenv WAYLAND_DISPLAY "$WAYLAND_DISPLAY" \ --setenv XDG_RUNTIME_DIR "$XDG_RUNTIME_DIR" \ --setenv PATH "$PATH" \ "$app_path" & } sandboxed_run github-desktop sandboxed_run prismlauncher echo "Both applications launched in sandboxed writable .sandbox-home. Type 'exit' to quit this shell." ''; }