diff --git a/pkgs/by-name/bu/bubblejail/package.nix b/pkgs/by-name/bu/bubblejail/package.nix
new file mode 100644
index 0000000000000..2f7ce7bec7e43
--- /dev/null
+++ b/pkgs/by-name/bu/bubblejail/package.nix
@@ -0,0 +1,63 @@
+{
+  lib,
+  python3,
+  meson,
+  ninja,
+  stdenv,
+  fetchFromGitHub,
+  xdg-dbus-proxy,
+  bubblewrap,
+  libseccomp,
+  libnotify,
+  desktop-file-utils,
+  scdoc,
+}:
+stdenv.mkDerivation rec {
+  pname = "bubblejail";
+  version = "0.9.4.1";
+
+  src = fetchFromGitHub {
+    owner = "igo95862";
+    repo = "bubblejail";
+    tag = version;
+    hash = "sha256-zQuNS26FgQpjVmjzNjw/tHP/H2rs53jqNlYZR3kqfzU=";
+  };
+
+  patches = [
+    ../../../development/python-modules/bubblejail/scan-store.patch
+    ../../../development/python-modules/bubblejail/env-python.patch
+    ../../../development/python-modules/bubblejail/meson-options.patch
+  ];
+
+  buildInputs = with python3.pkgs; [
+    xdg-dbus-proxy
+    bubblewrap
+    libseccomp
+    libnotify
+    desktop-file-utils
+
+    # python deps
+    pyxdg
+    tomli-w
+    pyqt6
+    lxns
+    bubblejail
+  ];
+
+  nativeBuildInputs = [
+    # scdoc
+    python3.pkgs.jinja2
+    meson
+    ninja
+    python3
+  ];
+
+  meta = {
+    description = "Bubblewrap based sandboxing for desktop applications";
+    homepage = "https://github.com/igo95862/bubblejail/";
+    changelog = "https://github.com/igo95862/bubblejail/blob/${src.rev}/CHANGELOG.md";
+    license = lib.licenses.gpl3;
+    maintainers = with lib.maintainers; [justdeeevin];
+    mainProgram = "bubblejail";
+  };
+}
diff --git a/pkgs/development/python-modules/bubblejail/default.nix b/pkgs/development/python-modules/bubblejail/default.nix
new file mode 100644
index 0000000000000..223314496e2b4
--- /dev/null
+++ b/pkgs/development/python-modules/bubblejail/default.nix
@@ -0,0 +1,64 @@
+{
+  lib,
+  python3,
+  fetchFromGitHub,
+  xdg-dbus-proxy,
+  bubblewrap,
+  libseccomp,
+  libnotify,
+  desktop-file-utils,
+  scdoc,
+}:
+python3.pkgs.buildPythonPackage rec {
+  pname = "bubblejail";
+  version = "0.9.4.1";
+  pyproject = true;
+
+  src = fetchFromGitHub {
+    owner = "igo95862";
+    repo = "bubblejail";
+    tag = version;
+    hash = "sha256-zQuNS26FgQpjVmjzNjw/tHP/H2rs53jqNlYZR3kqfzU=";
+  };
+
+  build-system = [python3.pkgs.meson-python];
+
+  patches = [
+    ./scan-store.patch
+    ./env-python.patch
+    ./meson-options.patch
+  ];
+
+  dependencies = with python3.pkgs; [
+    pyxdg
+    tomli-w
+    pyqt6
+    lxns
+  ];
+
+  buildInputs = [
+    xdg-dbus-proxy
+    bubblewrap
+    libseccomp
+    libnotify
+    desktop-file-utils
+  ];
+
+  nativeBuildInputs = [
+    # scdoc
+    python3.pkgs.jinja2
+  ];
+
+  pythonImportsCheck = [
+    "bubblejail"
+  ];
+
+  meta = {
+    description = "Bubblewrap based sandboxing for desktop applications";
+    homepage = "https://github.com/igo95862/bubblejail/";
+    changelog = "https://github.com/igo95862/bubblejail/blob/${src.rev}/CHANGELOG.md";
+    license = lib.licenses.gpl3;
+    maintainers = with lib.maintainers; [justdeeevin];
+    mainProgram = "bubblejail";
+  };
+}
diff --git a/pkgs/development/python-modules/bubblejail/env-python.patch b/pkgs/development/python-modules/bubblejail/env-python.patch
new file mode 100644
index 0000000000000..d7f25e3f7ac2b
--- /dev/null
+++ b/pkgs/development/python-modules/bubblejail/env-python.patch
@@ -0,0 +1,11 @@
+diff --git a/templates/bubblejail_launch_base.py.jinja b/templates/bubblejail_launch_base.py.jinja
+index af91508..2dc9084 100644
+--- a/templates/bubblejail_launch_base.py.jinja
++++ b/templates/bubblejail_launch_base.py.jinja
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3 -{{ PYTHON_SHEBANG_SHORT_OPTS }}
++#!/usr/bin/env python3
+ # SPDX-License-Identifier: GPL-3.0-or-later
+ # SPDX-FileCopyrightText: 2024 igo95862
+ from __future__ import annotations
+
diff --git a/pkgs/development/python-modules/bubblejail/meson-options.patch b/pkgs/development/python-modules/bubblejail/meson-options.patch
new file mode 100644
index 0000000000000..bcb2bf731f43e
--- /dev/null
+++ b/pkgs/development/python-modules/bubblejail/meson-options.patch
@@ -0,0 +1,17 @@
+diff --git a/meson.build b/meson.build
+index c5b98e8..332fed9 100644
+--- a/meson.build
++++ b/meson.build
+@@ -3,11 +3,6 @@
+ project('bubblejail',
+     version : '0.9.4.1',
+     meson_version : '>=1.3.0',
+-    # Patch out these lines to install bubblejail's packages to site-packages
+-    default_options : {
+-        'python.purelibdir' : 'lib/bubblejail/python-packages',
+-        'python.platlibdir' : 'lib/bubblejail/python-packages',
+-    },
+ )
+
+ fs = import('fs')
+
diff --git a/pkgs/development/python-modules/bubblejail/scan-store.patch b/pkgs/development/python-modules/bubblejail/scan-store.patch
new file mode 100644
index 0000000000000..0d27d711bee1b
--- /dev/null
+++ b/pkgs/development/python-modules/bubblejail/scan-store.patch
@@ -0,0 +1,13 @@
+diff --git a/src/bubblejail/services.py b/src/bubblejail/services.py
+index 4aad731..e0e294d 100644
+--- a/src/bubblejail/services.py
++++ b/src/bubblejail/services.py
+@@ -177,6 +177,7 @@ class BubblejailDefaults(BubblejailService):
+         # Distro packaged libraries and binaries
+         yield ReadOnlyBind("/usr")
+         yield ReadOnlyBind("/opt")
++        yield ReadOnlyBind("/nix")
+         # Recreate symlinks in / or mount them read-only if its not a symlink.
+         # Should be portable between distros.
+         for root_path in Path("/").iterdir():
+
diff --git a/pkgs/development/python-modules/lxns/default.nix b/pkgs/development/python-modules/lxns/default.nix
new file mode 100644
index 0000000000000..e14536f6e27e2
--- /dev/null
+++ b/pkgs/development/python-modules/lxns/default.nix
@@ -0,0 +1,38 @@
+{
+  lib,
+  buildPythonPackage,
+  fetchFromGitHub,
+  meson-python,
+}:
+
+buildPythonPackage rec {
+  pname = "lxns";
+  version = "0.1.0";
+  pyproject = true;
+
+  src = fetchFromGitHub {
+    owner = "igo95862";
+    repo = "python-lxns";
+    rev = version;
+    hash = "sha256-O7B2Do+b70i00HDxWgIV1yuNIx5lmpoZmHeA6yS2nLY=";
+  };
+
+  build-system = [
+    meson-python
+  ];
+
+  pythonImportsCheck = [
+    "lxns"
+  ];
+
+  meta = {
+    description = "Python library to control Linux kernel namespaces";
+    homepage = "https://github.com/igo95862/python-lxns";
+    changelog = "https://github.com/igo95862/python-lxns/blob/${src.rev}/CHANGELOG.md";
+    license = with lib.licenses; [
+      mit
+      mpl20
+    ];
+    maintainers = with lib.maintainers; [ justdeeevin ];
+  };
+}
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index a1594fc20648d..58df24e56f869 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -1948,6 +1948,8 @@ self: super: with self; {
 
   btsocket = callPackage ../development/python-modules/btsocket { };
 
+  bubblejail = callPackage ../development/python-modules/bubblejail { };
+
   bubop = callPackage ../development/python-modules/bubop { };
 
   bucketstore = callPackage ../development/python-modules/bucketstore { };
@@ -7763,6 +7765,8 @@ self: super: with self; {
 
   lxml-stubs = callPackage ../development/python-modules/lxml-stubs { };
 
+  lxns = callPackage ../development/python-modules/lxns { };
+
   lyricwikia = callPackage ../development/python-modules/lyricwikia { };
 
   lz4 = callPackage ../development/python-modules/lz4 { };