From 5ea34e56765b74c27fdaec6cdd203b97ced350ef Mon Sep 17 00:00:00 2001
From: Infinidoge <infinidoge@inx.moe>
Date: Sat, 9 Sep 2023 21:13:50 -0400
Subject: [PATCH] bin: add bwrap script to run Nix unpriviledged

---
 bin/bwrap.bash | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100755 bin/bwrap.bash

diff --git a/bin/bwrap.bash b/bin/bwrap.bash
new file mode 100755
index 0000000..b00f7e3
--- /dev/null
+++ b/bin/bwrap.bash
@@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+
+if [ -z ${NIXDIR+x} ]; then 
+    echo "NIXDIR is unset! It needs to be set in the code. Edit this shell file and read the instructions."
+    echo "Executing bash without Bubblewrap…"
+    exec bash
+fi
+
+if [ ! -e $NIXDIR ]; then
+    echo "NIXDIR doesn't point to a valid location! Falling back to Bash"
+    exec bash
+fi
+
+_bind() {
+    _bind_arg=$1
+    shift
+    for _path in "$@"; do
+        args+=("$_bind_arg" "$_path" "$_path")
+    done
+}
+
+bind() {
+    _bind --bind-try "$@"
+}
+
+robind() {
+    _bind --ro-bind-try "$@"
+}
+
+devbind() {
+    _bind --dev-bind-try "$@"
+}
+
+args=(
+    --bind $NIXDIR /nix
+    --chdir $HOME
+)
+
+bind \
+    $HOME
+
+devbind \
+    /dev \
+    /proc \
+    /tmp \
+    /run \
+    /u \
+    /p \
+    /bin \
+    /boot \
+    /etc \
+    /home \
+    /lib \
+    /lib32 \
+    /lib64 \
+    /libx32 \
+    /media \
+    /usr \
+    /var
+
+exec bwrap "${args[@]}" "$@"