zed wip

Author: functora

nix/nixpak.nix

@@ -0,0 +1,7 @@
+let
+  sources = import ./sources.nix {};
+in
+  (import sources.flake-compat {
+    src = sources.nixpak;
+  })
+  .defaultNix

nix/sources.json

@@ -1,4 +1,16 @@
 {
+    "flake-compat": {
+        "branch": "master",
+        "description": null,
+        "homepage": null,
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
+        "sha256": "09m84vsz1py50giyfpx0fpc7a4i0r1xsb54dh0dpdg308lp4p188",
+        "type": "tarball",
+        "url": "https://github.com/edolstra/flake-compat/archive/9100a0f413b0c601e0533d1d94ffd501ce2e7885.tar.gz",
+        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+    },
     "haskellNix": {
         "branch": "master",
         "description": "Alternative Haskell Infrastructure for Nixpkgs",
@@ -23,6 +35,18 @@
         "url": "https://github.com/NixOS/nixpkgs/archive/21a2e1ea4388d7f775c304697cee826eb69060c5.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
+    "nixpak": {
+        "branch": "master",
+        "description": "Runtime sandboxing for Nix",
+        "homepage": null,
+        "owner": "nixpak",
+        "repo": "nixpak",
+        "rev": "7835fc4f5c5b97218b3371eda633c9448a030e50",
+        "sha256": "1jhm20aihqrmlirhr909jrxiza603ssbh8ga908qkrpxqcbdhq4d",
+        "type": "tarball",
+        "url": "https://github.com/nixpak/nixpak/archive/7835fc4f5c5b97218b3371eda633c9448a030e50.tar.gz",
+        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+    },
     "nixpkgs": {
         "branch": "release-24.11",
         "description": "Nix Packages collection",

nix/zed.nix

@@ -0,0 +1,65 @@
+let
+  pkgs = import ./nixpkgs.nix;
+  nixpak = import ./nixpak.nix;
+  mkNixPak = nixpak.lib.nixpak {
+    inherit (pkgs) lib;
+    inherit pkgs;
+  };
+  sandbox = mkNixPak {
+    config = {sloth, ...}: {
+      # the application to isolate
+      app.package = pkgs.hello;
+
+      # path to the executable to be wrapped
+      # this is usually autodetected but
+      # can be set explicitly nonetheless
+      app.binPath = "bin/hello";
+
+      # enabled by default, flip to disable
+      # and to remove dependency on xdg-dbus-proxy
+      dbus.enable = true;
+
+      # same usage as --see, --talk, --own
+      dbus.policies = {
+        "org.freedesktop.DBus" = "talk";
+        "ca.desrt.dconf" = "talk";
+      };
+
+      # needs to be set for Flatpak emulation
+      # defaults to com.nixpak.${name}
+      # where ${name} is generated from the drv name like:
+      # hello -> Hello
+      # my-app -> MyApp
+      flatpak.appId = "org.myself.HelloApp";
+
+      bubblewrap = {
+        # disable all network access
+        network = false;
+
+        # lists of paths to be mounted inside the sandbox
+        # supports runtime resolution of environment variables
+        # see "Sloth values" below
+
+        # bind.rw = [
+        #   (sloth.concat' sloth.homeDir "/Documents")
+        #   (sloth.env "XDG_RUNTIME_DIR")
+        #   # a nested list represents a src -> dest mapping
+        #   # where src != dest
+        #   [
+        #     (sloth.concat' sloth.homeDir "/.local/state/nixpak/hello/config")
+        #     (sloth.concat' sloth.homeDir "/.config")
+        #   ]
+        # ];
+
+        bind.ro = [
+          (sloth.concat' sloth.homeDir "/Downloads")
+        ];
+
+        bind.dev = [
+          "/dev/dri"
+        ];
+      };
+    };
+  };
+in
+  sandbox.config.script