programs: portfolio-filemanager: sandbox
This commit is contained in:
parent
82e028e37d
commit
a591be98d4
|
@ -68,6 +68,7 @@
|
|||
./offlineimap.nix
|
||||
./open-in-mpv.nix
|
||||
./planify.nix
|
||||
./portfolio-filemanager.nix
|
||||
./playerctl.nix
|
||||
./rhythmbox.nix
|
||||
./ripgrep.nix
|
||||
|
|
47
hosts/common/programs/portfolio-filemanager.nix
Normal file
47
hosts/common/programs/portfolio-filemanager.nix
Normal file
|
@ -0,0 +1,47 @@
|
|||
{ ... }:
|
||||
{
|
||||
sane.programs.portfolio-filemanager = {
|
||||
# this is all taken pretty directly from nautilus config
|
||||
sandbox.method = "bwrap";
|
||||
sandbox.wrapperType = "inplace";
|
||||
sandbox.whitelistDbus = [ "user" ]; # for portals launching apps
|
||||
sandbox.whitelistWayland = true;
|
||||
sandbox.extraHomePaths = [
|
||||
# grant access to pretty much everything, except for secret keys.
|
||||
# ".cache"
|
||||
# ".config"
|
||||
# ".local"
|
||||
"archive"
|
||||
"Books"
|
||||
"dev"
|
||||
"knowledge"
|
||||
"Music"
|
||||
"nixos"
|
||||
"Pictures"
|
||||
# "private" #< explicitly NOT
|
||||
"records"
|
||||
"ref"
|
||||
"tmp"
|
||||
"use"
|
||||
"Videos"
|
||||
];
|
||||
sandbox.extraPaths = [
|
||||
"/boot"
|
||||
"/mnt"
|
||||
# "nix"
|
||||
"/run/media" # for mounted devices
|
||||
"/tmp"
|
||||
"/var"
|
||||
];
|
||||
sandbox.extraRuntimePaths = [
|
||||
# not sure if these are actually necessary
|
||||
"gvfs"
|
||||
"gvfsd"
|
||||
];
|
||||
|
||||
mime.priority = 160; #< default is 100, so higher means we fall-back to other apps that might be more specialized
|
||||
mime.associations = {
|
||||
"inode/directory" = "dev.tchx84.Portfolio.desktop";
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue
Block a user