39 lines
1013 B
Nix
39 lines
1013 B
Nix
{ pkgs ? import <nixpkgs> {} }:
|
|
|
|
pkgs.mkShell {
|
|
buildInputs = [
|
|
pkgs.prismlauncher
|
|
pkgs.github-desktop
|
|
pkgs.bubblewrap
|
|
];
|
|
|
|
shellHook = ''
|
|
mkdir -p .sandbox-home/.config/github-desktop
|
|
mkdir -p .sandbox-home/.config/PrismLauncher
|
|
|
|
sandboxed_run() {
|
|
local app_path="$(command -v "$1")"
|
|
echo "Launching $1 from $app_path in sandboxed environment..."
|
|
|
|
bwrap \
|
|
--dev-bind / / \
|
|
--bind "$(pwd)/.sandbox-home" /home \
|
|
--bind "$(pwd)/.." /home/workspace \
|
|
--setenv HOME /home \
|
|
--setenv LANG en_US.UTF-8 \
|
|
--setenv LC_ALL en_US.UTF-8 \
|
|
--setenv DISPLAY "$DISPLAY" \
|
|
--setenv WAYLAND_DISPLAY "$WAYLAND_DISPLAY" \
|
|
--setenv XDG_RUNTIME_DIR "$XDG_RUNTIME_DIR" \
|
|
--setenv PATH "$PATH" \
|
|
"$app_path" &
|
|
}
|
|
|
|
sandboxed_run github-desktop
|
|
sandboxed_run prismlauncher
|
|
|
|
echo "Both applications launched in sandboxed writable .sandbox-home. Type 'exit' to quit this shell."
|
|
'';
|
|
}
|
|
|