From f785ccd351913a0dbc679d5c04bf35f2ffb289a5 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Mon, 19 Feb 2024 17:06:22 +0000
Subject: [PATCH] programs: sane-reclaim-disk-space: sandbox

---
 hosts/common/programs/sane-scripts.nix              | 13 +++++++++++++
 .../sane-scripts/src/sane-reclaim-disk-space        |  3 +--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/hosts/common/programs/sane-scripts.nix b/hosts/common/programs/sane-scripts.nix
index 8710220c..71771954 100644
--- a/hosts/common/programs/sane-scripts.nix
+++ b/hosts/common/programs/sane-scripts.nix
@@ -115,6 +115,19 @@ in
       net = "clearnet";
     };
 
+    # TODO: is `sane-reclaim-boot-space` broken?
+    # "sane-scripts.reclaim-boot-space".sandbox = {
+    #   method = "bwrap";
+    #   wrapperType = "wrappedDerivation";
+    #   extraPaths = [ "/boot" ];
+    # };
+
+    "sane-scripts.reclaim-disk-space".sandbox = {
+      method = "bwrap";
+      wrapperType = "wrappedDerivation";
+      extraPaths = [ "/nix/var/nix" ];
+    };
+
     "sane-scripts.which".sandbox = {
       method = "bwrap";
       wrapperType = "wrappedDerivation";
diff --git a/pkgs/additional/sane-scripts/src/sane-reclaim-disk-space b/pkgs/additional/sane-scripts/src/sane-reclaim-disk-space
index 8e151013..272add16 100755
--- a/pkgs/additional/sane-scripts/src/sane-reclaim-disk-space
+++ b/pkgs/additional/sane-scripts/src/sane-reclaim-disk-space
@@ -9,9 +9,8 @@ set -xeu
 # scan the store and hard-link identical files
 # nix-store --optimise
 
-# TODO: do we need `sudo` here?
 # TODO: `nix-store --gc`?
-sudo nix-collect-garbage --delete-older-than 30d
+nix-collect-garbage --delete-older-than 30d
 
 # TODO: could use dduper: https://github.com/Lakshmipathi/dduper
 #   like rmlint, but better perf for btrfs (checksum tests)