Is anyone familiar with pre-existing Nix wrappers for isolating Claude Code?
I am thinking of something like running Claude Code inside either a virtual machine with a volume mount, or a systemd-nspawn container, or even just using rstrict, a CLI that provides simple access to Landlock: unprivileged access control.
Ideally I’d like to just start claude in a directory and it should have access to that directory as the root, as well as network access, but possibly network-restricted by a system configuration. So same convenience, but implied security.