From 1bde38bf72829543aade70347512bc23e835a2fb Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Sat, 27 Jan 2024 13:11:22 +0000
Subject: [PATCH] cozy: sandbox with bwrap

---
 hosts/common/programs/cozy.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/hosts/common/programs/cozy.nix b/hosts/common/programs/cozy.nix
index ba42ebb0..99ef56be 100644
--- a/hosts/common/programs/cozy.nix
+++ b/hosts/common/programs/cozy.nix
@@ -2,6 +2,14 @@
 
 {
   sane.programs.cozy = {
+    sandbox.method = "bwrap";  # landlock gives: _multiprocessing.SemLock: Permission Denied
+    sandbox.embedProfile = true;
+    sandbox.extraHomePaths = [
+      "Books"
+    ];
+    sandbox.extraPaths = [
+      "/mnt/servo-media/Books"
+    ];
     # cozy uses a sqlite db for its config and exposes no CLI options other than --help and --debug
     persist.byStore.plaintext = [
       ".local/share/cozy"  # sqlite db (config & index?)