diff --git a/pkgs/by-name/bu/bubblejail/package.nix b/pkgs/by-name/bu/bubblejail/package.nix
new file mode 100644
index 00000000000000..f922a8eab6ed2a
--- /dev/null
+++ b/pkgs/by-name/bu/bubblejail/package.nix
@@ -0,0 +1,40 @@
+{
+  lib,
+  python3,
+  fetchFromGitHub,
+  scdoc,
+  stdenv,
+  ninja,
+  meson,
+}:
+stdenv.mkDerivation rec {
+  pname = "bubblejail";
+  version = "0.9.4.1";
+  pyproject = true;
+
+  src = fetchFromGitHub {
+    owner = "igo95862";
+    repo = "bubblejail";
+    tag = version;
+    hash = "sha256-L6Z/HtRbWwtJaZPAmRxZeaNFvsM4CJL4NaZF2/lURdg=";
+  };
+
+  patches = [ ./scan-store.patch ];
+
+  nativeBuildInputs = [
+    scdoc
+    python3.pkgs.jinja2
+    ninja
+    meson
+    python3
+  ];
+
+  meta = {
+    description = "Bubblewrap based sandboxing for desktop applications";
+    homepage = "https://github.com/igo95862/bubblejail";
+    changelog = "https://github.com/igo95862/bubblejail/blob/${src.rev}/CHANGELOG.md";
+    license = lib.licenses.gpl3;
+    maintainers = with lib.maintainers; [ justdeeevin ];
+    mainProgram = "bubblejail";
+  };
+}
diff --git a/pkgs/by-name/bu/bubblejail/scan-store.patch b/pkgs/by-name/bu/bubblejail/scan-store.patch
new file mode 100644
index 00000000000000..0d27d711bee1b1
--- /dev/null
+++ b/pkgs/by-name/bu/bubblejail/scan-store.patch
@@ -0,0 +1,13 @@
+diff --git a/src/bubblejail/services.py b/src/bubblejail/services.py
+index 4aad731..e0e294d 100644
+--- a/src/bubblejail/services.py
++++ b/src/bubblejail/services.py
+@@ -177,6 +177,7 @@ class BubblejailDefaults(BubblejailService):
+         # Distro packaged libraries and binaries
+         yield ReadOnlyBind("/usr")
+         yield ReadOnlyBind("/opt")
++        yield ReadOnlyBind("/nix")
+         # Recreate symlinks in / or mount them read-only if its not a symlink.
+         # Should be portable between distros.
+         for root_path in Path("/").iterdir():
+