programs: gnome-frog: sandbox

2024-02-17 14:40:42 +00:00 · 2024-02-17 14:40:42 +00:00 · bbf7aac062
commit bbf7aac062
parent 7d1fd2f30a
1 changed files with 17 additions and 0 deletions
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@ -458,6 +458,23 @@ in
    gnome-2048.sandbox.whitelistWayland = true;
    gnome-2048.persist.byStore.plaintext = [ ".local/share/gnome-2048/scores" ];

+    gnome-frog.sandbox.method = "bwrap";
+    gnome-frog.sandbox.wrapperType = "wrappedDerivation";
+    gnome-frog.sandbox.whitelistWayland = true;
+    gnome-frog.sandbox.whitelistDbus = [ "user" ];
+    gnome-frog.sandbox.extraPaths = [
+      # needed when processing screenshots
+      "/tmp"
+    ];
+    gnome-frog.sandbox.extraHomePaths = [
+      # for OCR'ing photos from disk
+      "tmp"
+      "Pictures"
+    ];
+    gnome-frog.persist.byStore.cryptClearOnBoot = [
+      ".local/share/tessdata"  # 15M; dunno what all it is.
+    ];
+
    # TODO: gnome-maps: move to own file
    "gnome.gnome-maps".persist.byStore.plaintext = [ ".cache/shumate" ];
    "gnome.gnome-maps".persist.byStore.private = [ ".local/share/maps-places.json" ];