From 0fc6f9d53bd82aaad7ce9835241c753e2b145b6f Mon Sep 17 00:00:00 2001 From: Grimmauld Date: Thu, 17 Oct 2024 23:23:50 +0200 Subject: [PATCH] update apparmor.d rules --- common/graphics/qt.nix | 15 ++++++++++----- common/tooling/apparmor/apparmor-d-package.nix | 4 ++-- common/tooling/apparmor/apparmor-d-paths.patch | 6 +++--- common/tooling/apparmor/default.nix | 3 +-- common/xdg/portals.nix | 1 + 5 files changed, 17 insertions(+), 12 deletions(-) diff --git a/common/graphics/qt.nix b/common/graphics/qt.nix index 8496055..23efd9e 100644 --- a/common/graphics/qt.nix +++ b/common/graphics/qt.nix @@ -11,18 +11,19 @@ in config = lib.mkIf (enable && graphical) { qt = { enable = true; - style = "kvantum"; - platformTheme = "qt5ct"; + style = "breeze"; + platformTheme = "lxqt"; }; environment.systemPackages = with pkgs; with kdePackages; [ - qtstyleplugin-kvantum +# qtstyleplugin-kvantum catppuccin-sddm-corners libsForQt5.qtgraphicaleffects - catppuccin-kvantum +# catppuccin-kvantum + breeze kdePackages.audiocd-kio kdePackages.kio-extras kdePackages.kio @@ -32,7 +33,7 @@ in qtwayland ]; - environment.pathsToLink = [ "/share/Kvantum" ]; +# environment.pathsToLink = [ "/share/Kvantum" ]; services.displayManager = { sddm = { @@ -44,6 +45,10 @@ in defaultSession = lib.optionalString sway.enable "sway"; }; + xdg.portal.lxqt.styles = with pkgs; [ + kdePackages.breeze-qt5 + ]; + boot.plymouth = { themePackages = with pkgs; [ catppuccin-plymouth ]; theme = "catppuccin-macchiato"; diff --git a/common/tooling/apparmor/apparmor-d-package.nix b/common/tooling/apparmor/apparmor-d-package.nix index 3f460d5..ee34ca3 100644 --- a/common/tooling/apparmor/apparmor-d-package.nix +++ b/common/tooling/apparmor/apparmor-d-package.nix @@ -4,10 +4,10 @@ buildGoModule { version = "unstable-2024-10-12"; src = fetchFromGitHub { - rev = "04df7052725b4ac473f1bdcd1e1644b8163ff0d2"; + rev = "93269e0596a8d416a9ee647146c983115da2f346"; owner = "roddhjav"; repo = "apparmor.d"; - hash = "sha256-USDbCBx6+exHJM834f+dr9fmF9hx3Xo/ddhGJVpYjC0="; + hash = "sha256-x8vnKEx/HZOweVX2Fu8ydGVpnS4gxsVJBbUWtKuwMUM="; }; vendorHash = "sha256-YkOcpzn5AKFMDWUYbKY8DzGMiIMSyaDfexFmXv5HNQI="; diff --git a/common/tooling/apparmor/apparmor-d-paths.patch b/common/tooling/apparmor/apparmor-d-paths.patch index bdac765..e7cad33 100644 --- a/common/tooling/apparmor/apparmor-d-paths.patch +++ b/common/tooling/apparmor/apparmor-d-paths.patch @@ -1,5 +1,5 @@ diff --git a/apparmor.d/tunables/multiarch.d/system b/apparmor.d/tunables/multiarch.d/system -index be37123f..9166eaee 100644 +index be37123f..908951af 100644 --- a/apparmor.d/tunables/multiarch.d/system +++ b/apparmor.d/tunables/multiarch.d/system @@ -106,8 +106,21 @@ @@ -21,8 +21,8 @@ index be37123f..9166eaee 100644 + +@{nix_store}=/nix/store/@{rand32}-@{nix_package_name} +@{base_paths}={@{nix_store},/run/current-system/sw,/etc/profiles/per-user/@{user}} -+@{bin}={@{base_paths}/bin,/{,usr/}{,s}bin} -+@{lib}=@{base_paths}/lib ++@{bin}={@{base_paths}/{bin,libexec},/{,usr/}{,s}bin} ++@{lib}=@{base_paths}/lib{exec,} # Common places for temporary files @{tmp}=/tmp/ /tmp/user/@{uid}/ diff --git a/common/tooling/apparmor/default.nix b/common/tooling/apparmor/default.nix index 71df377..1ce8bbe 100644 --- a/common/tooling/apparmor/default.nix +++ b/common/tooling/apparmor/default.nix @@ -110,11 +110,10 @@ in /sys/devices/@{pci}/boot_vga r, /sys/devices/@{pci}/**/id{Vendor,Product} r, /dev/ r, - /run/current-system/sw/bin/xdg-open rPx, + @{bin}/xdg-open rPx, ''; "local/sudo" = '' - @{nix_store}/libexec/sudo/** m, /run/wrappers/wrappers.*/unix_chkpwd rPx -> unix-chkpwd, ''; diff --git a/common/xdg/portals.nix b/common/xdg/portals.nix index a4110c6..c63b85f 100644 --- a/common/xdg/portals.nix +++ b/common/xdg/portals.nix @@ -34,6 +34,7 @@ in xdg-desktop-portal-wlr xdg-desktop-portal-kde xdg-desktop-portal-gtk + lxqt.xdg-desktop-portal-lxqt ]; wlr.enable = true;