From cd3b4dde7b00117323faeda423eb25a2230a006d Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Fri, 16 Feb 2024 11:39:05 +0000
Subject: [PATCH] programs: nix-index: sandbox

---
 hosts/common/programs/nix-index.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/hosts/common/programs/nix-index.nix b/hosts/common/programs/nix-index.nix
index aa942213..19a3e8ec 100644
--- a/hosts/common/programs/nix-index.nix
+++ b/hosts/common/programs/nix-index.nix
@@ -2,6 +2,13 @@
 {
   # provides `nix-locate`, backed by the manually run `nix-index`
   sane.programs.nix-index = {
+    sandbox.method = "bwrap";
+    sandbox.wrapperType = "wrappedDerivation";
+    sandbox.net = "clearnet";
+    sandbox.extraPaths = [
+      "/nix"
+    ];
+
     persist.byStore.plaintext = [ ".cache/nix-index" ];
   };
 }