From df04f3c4acf1ec4fa8d0a74cd8cbc76732c916e2 Mon Sep 17 00:00:00 2001
From: Menno van Leeuwen <menno@vleeuwen.me>
Date: Tue, 11 Mar 2025 09:50:59 +0100
Subject: [PATCH] feat: add script to fix Electron app permissions and update
 package configuration

---
 config/home-manager/flake.lock                |  6 ++--
 .../packages/workstation/default.nix          |  2 +-
 .../packages/workstation/fix-electron-apps.sh | 29 +++++++++++++++++++
 .../packages/workstation/packages.nix         | 26 +++++++++++++++++
 4 files changed, 59 insertions(+), 4 deletions(-)
 create mode 100644 config/home-manager/packages/workstation/fix-electron-apps.sh

diff --git a/config/home-manager/flake.lock b/config/home-manager/flake.lock
index a3134eb..0c62dc3 100644
--- a/config/home-manager/flake.lock
+++ b/config/home-manager/flake.lock
@@ -23,11 +23,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1741445498,
-        "narHash": "sha256-F5Em0iv/CxkN5mZ9hRn3vPknpoWdcdCyR0e4WklHwiE=",
+        "lastModified": 1741600792,
+        "narHash": "sha256-yfDy6chHcM7pXpMF4wycuuV+ILSTG486Z/vLx/Bdi6Y=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "52e3095f6d812b91b22fb7ad0bfc1ab416453634",
+        "rev": "ebe2788eafd539477f83775ef93c3c7e244421d3",
         "type": "github"
       },
       "original": {
diff --git a/config/home-manager/packages/workstation/default.nix b/config/home-manager/packages/workstation/default.nix
index a8ff8b3..cac3a93 100644
--- a/config/home-manager/packages/workstation/default.nix
+++ b/config/home-manager/packages/workstation/default.nix
@@ -3,7 +3,7 @@
 let
   files = builtins.removeAttrs (builtins.readDir ./.) [
     "default.nix"
-    "ulauncher.nix" # Disabled, since we switched to ansible for this
+    "fix-electron-apps.sh"
   ];
 
   # Import all other .nix files as modules
diff --git a/config/home-manager/packages/workstation/fix-electron-apps.sh b/config/home-manager/packages/workstation/fix-electron-apps.sh
new file mode 100644
index 0000000..419a537
--- /dev/null
+++ b/config/home-manager/packages/workstation/fix-electron-apps.sh
@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+
+echo "=============================================="
+echo "Electron chrome-sandbox permission fixer"
+echo "=============================================="
+echo "This script requires sudo permissions to fix"
+echo "Electron app permissions."
+echo ""
+
+# Find all electron sandbox paths
+echo "Finding Electron chrome-sandbox instances..."
+SANDBOX_PATHS=$(find /nix/store -path "*/electron/chrome-sandbox" -type f -executable 2>/dev/null)
+
+if [ -n "$SANDBOX_PATHS" ]; then
+  count=$(echo "$SANDBOX_PATHS" | wc -l)
+  echo "Found $count chrome-sandbox instances"
+  
+  # If we get here, we're running with sudo
+  echo "$SANDBOX_PATHS" | while read -r SANDBOX_PATH; do
+    if [ -e "$SANDBOX_PATH" ]; then
+      echo "Setting permissions for $SANDBOX_PATH"
+      sudo chown root:root "$SANDBOX_PATH" || echo "Failed to set owner for $SANDBOX_PATH"
+      sudo chmod 4755 "$SANDBOX_PATH" || echo "Failed to set permissions for $SANDBOX_PATH"
+    fi
+  done
+  echo "All permissions set successfully"
+else
+  echo "Could not find any Electron chrome-sandbox paths"
+fi
diff --git a/config/home-manager/packages/workstation/packages.nix b/config/home-manager/packages/workstation/packages.nix
index fc22934..6f4595d 100644
--- a/config/home-manager/packages/workstation/packages.nix
+++ b/config/home-manager/packages/workstation/packages.nix
@@ -1,6 +1,13 @@
 { pkgs-unstable, pkgs, ... }:
+let
+  # Create a script to fix electron apps
+  fix-electron-apps = pkgs.writeScriptBin "fix-electron-apps" (builtins.readFile ./fix-electron-apps.sh);
+in
 {
   home.packages = with pkgs; [
+    # Custom scripts
+    fix-electron-apps
+    
     # GUI Application
     ## Utilities
     mission-center # Task Manager like Windows 11
@@ -53,4 +60,23 @@
     virt-manager
     virt-viewer
   ];
+
+
+  # Fix for all Electron apps' chrome-sandbox
+  home.activation.fixElectronChromeSandbox = ''
+    echo ""
+    echo "=============================================="
+    echo "IMPORTANT: Electron Applications Notice"
+    echo "=============================================="
+    echo "Some Electron applications (like Vesktop) may need"
+    echo "special permissions to run correctly."
+    echo ""
+    echo "If you encounter issues with Electron apps, run:"
+    echo "  fix-electron-apps"
+    echo ""
+    echo "This command will properly set permissions on all"
+    echo "Electron sandbox files in your system."
+    echo "=============================================="
+    echo ""
+  '';
 }