From 30507c3564a3a973a9bd1b77da8f955944767ae6 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Fri, 16 Feb 2024 03:51:23 +0000
Subject: [PATCH] programs: soundconverter: sandbox with bwrap

---
 hosts/common/programs/assorted.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/hosts/common/programs/assorted.nix b/hosts/common/programs/assorted.nix
index f6c092c5..d64b2c05 100644
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@@ -491,6 +491,20 @@ in
       "knowledge"
     ];
 
+    soundconverter.sandbox.method = "bwrap";
+    soundconverter.sandbox.wrapperType = "wrappedDerivation";
+    soundconverter.sandbox.whitelistWayland = true;
+    soundconverter.sandbox.extraHomePaths = [
+      "Music"
+      "tmp"
+      "use"
+    ];
+    soundconverter.sandbox.extraPaths = [
+      "/mnt/servo/media/Music"
+      "/mnt/servo/media/games"
+    ];
+    soundconverter.sandbox.autodetectCliPaths = "existingFileOrParent";
+
     space-cadet-pinball.persist.byStore.plaintext = [ ".local/share/SpaceCadetPinball" ];
 
     speedtest-cli.sandbox.method = "bwrap";