diff --git a/nixcfgs/flake.nix b/nixcfgs/flake.nix
index f02a070..779d61e 100644
--- a/nixcfgs/flake.nix
+++ b/nixcfgs/flake.nix
@@ -107,6 +107,7 @@
         zen-browser = zen-browser.packages.x86_64-linux.zen-browser;
       })
       (import ./overlays/steamcmd.nix)
+      (import ./overlays/wechat-uos-sandboxed.nix)
     ];
     forSystem = system:
       import nixpkgs {
diff --git a/nixcfgs/overlays/wechat-uos-sandboxed.nix b/nixcfgs/overlays/wechat-uos-sandboxed.nix
new file mode 100644
index 0000000..b3b39a7
--- /dev/null
+++ b/nixcfgs/overlays/wechat-uos-sandboxed.nix
@@ -0,0 +1,20 @@
+final: prev: {
+  wechat-uos-sandboxed = prev.nur.repos.xddxdd.wechat-uos-sandboxed.override {
+    buildFHSEnvBubblewrap = args:
+      prev.buildFHSEnvBubblewrap (
+        args
+        // {
+          extraPreBwrapCmds =
+            ''
+              if [[ -z "''${WECHAT_DATA_DIR}" ]]; then
+                WECHAT_DATA_DIR="''${WECHAT_SANDBOX_DIR:-$HOME/.sandbox/.per-app/wechat}"
+              fi
+            ''
+            + (if args ? extraPreBwrapCmds then args.extraPreBwrapCmds else "");
+          targetPkgs =
+            pkgs:
+            (if args ? targetPkgs then args.targetPkgs pkgs else []) ++ [pkgs.util-linux];
+        }
+      );
+  };
+}
diff --git a/nixcfgs/users/js0ny/packages/gui.nix b/nixcfgs/users/js0ny/packages/gui.nix
index 0758b33..0ccd848 100644
--- a/nixcfgs/users/js0ny/packages/gui.nix
+++ b/nixcfgs/users/js0ny/packages/gui.nix
@@ -58,7 +58,7 @@
   );
 in {
   imports = [
-    ../../../hardening/nixpaks/default.nix
+    ../../../hardening/nixpaks
   ];
 
   home.packages = with pkgs;
diff --git a/nixcfgs/users/js0ny/programs/sandboxed.nix b/nixcfgs/users/js0ny/programs/sandboxed.nix
new file mode 100644
index 0000000..7f9ae15
--- /dev/null
+++ b/nixcfgs/users/js0ny/programs/sandboxed.nix
@@ -0,0 +1,9 @@
+{config, ...}: let
+  home = config.home.homeDirectory;
+  user = config.home.username;
+in {
+  systemd.user.tmpfiles.rules = [
+    "d ${home}/.sandbox/exchange 0755 ${user} users -"
+    "d ${home}/.sandbox/downloads 0755 ${user} users -"
+  ];
+}
diff --git a/nixcfgs/users/js0ny/programs/social/wechat.nix b/nixcfgs/users/js0ny/programs/social/wechat.nix
new file mode 100644
index 0000000..71bd35c
--- /dev/null
+++ b/nixcfgs/users/js0ny/programs/social/wechat.nix
@@ -0,0 +1,12 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  systemd.user.tmpfiles.rules = [
+    "d ${config.home.homeDirectory}/.sandbox/.per-app/wechat 0755 ${config.home.username} users -"
+  ];
+  home.packages = with pkgs; [
+    wechat-uos-sandboxed
+  ];
+}
diff --git a/nixcfgs/users/js0ny/zephyrus.nix b/nixcfgs/users/js0ny/zephyrus.nix
index c9b5c77..8c81500 100644
--- a/nixcfgs/users/js0ny/zephyrus.nix
+++ b/nixcfgs/users/js0ny/zephyrus.nix
@@ -10,6 +10,8 @@ in {
     # General config
     ./default.nix
 
+    ./programs/sandboxed.nix
+
     # Use Gnome-keyring for GUI setup
     ../../modules/home/gnome-keyrings.nix
 
@@ -73,6 +75,7 @@ in {
     # Social
     ./programs/social/discord.nix
     ./programs/social/telegram.nix
+    ./programs/social/wechat.nix
 
     # Utilities & misc
     # ./programs/xilinx.nix