From cb5131746f741f82b6a0c00e983b00eb8db0ba9c Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Tue, 23 Jan 2024 15:59:50 +0000
Subject: [PATCH] programs: audacity: sandbox with bubblewrap

---
 hosts/common/programs/audacity.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/hosts/common/programs/audacity.nix b/hosts/common/programs/audacity.nix
index 1930cfee..d6e25314 100644
--- a/hosts/common/programs/audacity.nix
+++ b/hosts/common/programs/audacity.nix
@@ -9,7 +9,13 @@
       };
     };
 
-    sandbox.method = null; # "firejail"; # TODO: it can't load audacity.cfg
+    sandbox.method = "bwrap";
+    sandbox.extraConfig = [
+      "--sane-sandbox-autodetect"
+    ];
+    # support media imports via file->open dir to some common media directories
+    fs."tmp" = {};
+    fs."Music" = {};
 
     # disable first-run splash screen
     fs.".config/audacity/audacity.cfg".file.text = ''
@@ -20,5 +26,7 @@
       Major=3
       Minor=4
     '';
+    # audacity needs the entire config dir mounted if running in a sandbox
+    fs.".config/audacity".dir = {};
   };
 }