From 0ae7f7de848c6322a7e37584791aede7f29dabf9 Mon Sep 17 00:00:00 2001
From: tdro <tdro@users.noreply.github.com>
Date: Sun, 24 Sep 2023 14:21:19 -0400
Subject: .config/nixpkgs/jails: Add bubblewrap

---
 .config/nixpkgs/jails/bubblewrap/jail.nix | 36 +++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 .config/nixpkgs/jails/bubblewrap/jail.nix

diff --git a/.config/nixpkgs/jails/bubblewrap/jail.nix b/.config/nixpkgs/jails/bubblewrap/jail.nix
new file mode 100644
index 0000000..aee8a8b
--- /dev/null
+++ b/.config/nixpkgs/jails/bubblewrap/jail.nix
@@ -0,0 +1,36 @@
+let
+
+  # nix-shell -E 'import (builtins.fetchurl "$url")'
+  # https://github.com/containers/bubblewrap/blob/main/demos/bubblewrap-shell.sh
+  # https://manpages.debian.org/testing/bubblewrap/bwrap.1.en.html
+
+  name = "nix-shell.bubblewrap";
+
+  pkgs = import (builtins.fetchTarball {
+    url = "https://releases.nixos.org/nixos/22.11/nixos-22.11.466.596a8e828c5/nixexprs.tar.xz";
+    sha256 = "1367bad5zz0mfm4czb6p0s0ni38f0x1ffh02z76rx4nranipqbgg";
+  }) { };
+
+  bubblewrap = arguments@{ ... }: pkgs.writeShellApplication {
+    inherit name;
+    text = ''
+      PATH=${pkgs.lib.strings.makeBinPath [ pkgs.bubblewrap ]}
+      bwrap \
+    '' + pkgs.lib.strings.concatStringsSep " \\\n"
+    (pkgs.lib.attrsets.mapAttrsToList (argument: value: "--${argument} ${value} ")
+      arguments) + "/bin/sh\n";
+    };
+
+  jail = bubblewrap {
+   clearenv = "";
+   setenv = "PATH ${pkgs.lib.strings.makeBinPath [ pkgs.busybox ]}";
+   ro-bind = "/nix /nix" + " --ro-bind /bin /bin";
+  };
+
+in pkgs.mkShell {
+  inherit name;
+  shellHook = ''
+    printf '%s\n' "${jail}/bin/${jail.name}"
+    exec "${jail}/bin/${jail.name}"
+  '';
+}
-- 
cgit v1.2.3