programs: use wrapperType=wrappedDerivation where possible

2024-01-29 12:07:04 +00:00 · 2024-01-29 12:07:04 +00:00 · 1cb2c5225f
commit 1cb2c5225f
parent 7af970f38c
4 changed files with 4 additions and 1 deletions
--- a/hosts/common/programs/audacity.nix
+++ b/hosts/common/programs/audacity.nix
@ -10,6 +10,7 @@
    };

    sandbox.method = "bwrap";
+    sandbox.wrapperType = "wrappedDerivation";
    sandbox.autodetectCliPaths = true;
    sandbox.extraHomePaths = [
      # support media imports via file->open dir to some common media directories
--- a/hosts/common/programs/cozy.nix
+++ b/hosts/common/programs/cozy.nix
@ -3,7 +3,7 @@
 {
  sane.programs.cozy = {
    sandbox.method = "bwrap";  # landlock gives: _multiprocessing.SemLock: Permission Denied
-    sandbox.embedProfile = true;
+    sandbox.wrapperType = "wrappedDerivation";
    sandbox.extraHomePaths = [
      "Books"
    ];
--- a/hosts/common/programs/gtkcord4.nix
+++ b/hosts/common/programs/gtkcord4.nix
@ -32,6 +32,7 @@ in
      '';
    });
    sandbox.method = "bwrap";
+    sandbox.wrapperType = "wrappedDerivation";

    persist.byStore.private = [
      ".cache/gtkcord4"
--- a/hosts/common/programs/wireshark.nix
+++ b/hosts/common/programs/wireshark.nix
@ -5,6 +5,7 @@ in
 {
  sane.programs.wireshark = {
    sandbox.method = "landlock";
+    sandbox.wrapperType = "wrappedDerivation";
    sandbox.extraPaths = [
      "/proc/net"  #< only needed if using landlock
    ];