feat: sandbox vesktop

home/guz/apps.nix

@@ -93,10 +93,12 @@
 
   home.packages =
     (with pkgs; [
+      ])
+    ++ (with self.packages.${pkgs.system}.nixpak; [
       # Vesktop/Vencord (Discord client)
       vesktop
-    ])
-    ++ (with self.packages.${pkgs.system}.nixpak; [
+
+      # Bitwarden (Password manager)
       bitwarden-desktop
     ]);
 }

packages/nixpak/default.nix

@@ -11,7 +11,8 @@
 
   bitwarden-desktop = import ./bitwarden-desktop.nix {inherit lib mkNixPak pkgs self;};
   zen = import ./zen-browser.nix {inherit lib mkNixPak pkgs self;};
-  brave = import ./brave.nix {inherit lib mkNixPak pkgs self;};
+  # brave = import ./brave.nix {inherit lib mkNixPak pkgs self;};
+  vesktop = import ./vesktop.nix {inherit lib mkNixPak pkgs self;};
 in {
   bitwarden-desktop = bitwarden-desktop.config.script;
   bitwarden-desktop-env = bitwarden-desktop.config.env;
@@ -20,6 +21,9 @@ in {
   # brave = brave.config.script;
   # brave-env = brave.config.env;
 
+  vesktop = vesktop.config.script;
+  vesktop-env = vesktop.config.env;
+
   zen-browser = zen.config.script;
   zen-browser-env = zen.config.env;
 }

packages/nixpak/vesktop.nix

@@ -0,0 +1,38 @@
+{
+  mkNixPak,
+  pkgs,
+  ...
+}:
+mkNixPak {
+  config = {sloth, ...}: {
+    app.package = pkgs.vesktop;
+
+    imports = [
+      ./modules/gui-base.nix
+    ];
+
+    dbus.policies = {
+      "org.kde.StatusNotifierWatcher" = "talk";
+      "com.canonical.AppMenu.Registrar" = "talk";
+      "org.freedesktop.Notifications" = "talk";
+    };
+
+    bubblewrap = {
+      network = true;
+      shareIpc = true;
+
+      sockets.pipewire = true;
+      sockets.pulse = false;
+
+      bind.rw = [
+        (sloth.concat' sloth.xdgConfigHome "/vesktop")
+      ];
+      bind.ro = [
+        (sloth.concat' sloth.homeDir "/Videos")
+        (sloth.concat' sloth.homeDir "/Pictures")
+        (sloth.concat' sloth.homeDir "/Downloads")
+      ];
+      bind.dev = ["all"];
+    };
+  };
+}