From 4edfc23056e5a1598293eb62749d46655e6102f9 Mon Sep 17 00:00:00 2001
From: Profpatsch <mail@profpatsch.de>
Date: Thu, 26 Mar 2020 14:53:33 +0100
Subject: machines/shiki: add zoomboxed

Filesystem sandbox around zoom-us.
---
 machines/profpatsch/pkgs.nix | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

(limited to 'machines/profpatsch/pkgs.nix')

diff --git a/machines/profpatsch/pkgs.nix b/machines/profpatsch/pkgs.nix
index 98a7988c..4afe40c1 100644
--- a/machines/profpatsch/pkgs.nix
+++ b/machines/profpatsch/pkgs.nix
@@ -1,4 +1,8 @@
-{ pkgs, lib, myLib }:
+{ pkgs, lib, myLib
+, withUnfree ? false, unfreeAndNonDistributablePkgs ? null
+}:
+
+assert withUnfree -> unfreeAndNonDistributablePkgs != null;
 
 let
 
@@ -33,6 +37,14 @@ let
         --replace 'notify-send' '${notify-send}'
     '';
 
+  zoomboxed = pkgs.vuizvui.buildSandbox unfreeAndNonDistributablePkgs.zoom-us {
+    paths.required = [
+      "$XDG_CONFIG_HOME/zoomus.conf"
+      "$XDG_CONFIG_HOME/.zoom"
+    ];
+    allowBinSh = true;
+  };
+
 in
 { inherit
     mpv
@@ -40,5 +52,6 @@ in
     vim
     # fast-init
     pyrnotify
+    zoomboxed
     ;
 }
-- 
cgit 1.4.1