update inputs, enable apparmor caching

common/graphics/opengl.nix

@@ -46,7 +46,7 @@ in
       extraPackages = [ ];
     };
 
-    chaotic.mesa-git.enable = true;
+#    chaotic.mesa-git.enable = true;
     boot.kernelParams = [ "nouveau.config=NvGspRm=1" ];
 
     environment.sessionVariables = {

common/tooling/apparmor/apparmor-d-package.nix

@@ -4,10 +4,10 @@ buildGoModule {
   version = "unstable-2024-10-12";
 
   src = fetchFromGitHub {
-    rev = "116272b8ada281178150f1c9a564aac1967121f6";
+    rev = "04df7052725b4ac473f1bdcd1e1644b8163ff0d2";
     owner = "roddhjav";
     repo = "apparmor.d";
-    hash = "sha256-Yx9UJdmBqjMSPVwFyvidQXfQ4pdEKaDMfvi7gF6GSVc=";
+    hash = "sha256-USDbCBx6+exHJM834f+dr9fmF9hx3Xo/ddhGJVpYjC0=";
   };
 
   vendorHash = "sha256-YkOcpzn5AKFMDWUYbKY8DzGMiIMSyaDfexFmXv5HNQI=";

common/tooling/apparmor/default.nix

@@ -7,7 +7,6 @@
 let
   inherit (config.grimmShared) enable tooling;
   inherit (lib) mkIf optionalString getExe' getExe;
-  allowFingerprinting = true;
 in
 {
   imports = [ ./apparmor-d-module.nix ];
@@ -17,6 +16,7 @@ in
     security.auditd.enable = true;
     
     security.apparmor.enable = true;
+    security.apparmor.enableCache = true;
 
     security.apparmor_d = {
       enable = true;
@@ -89,7 +89,7 @@ in
       '';
 
       "local/firefox" = ''
-        ${pkgs.passff-host}/share/** rPx -> passff,
+        ${pkgs.passff-host}/share/passff-host/passff.py rPx -> passff,
         @{HOME}/.mozilla/firefox/** mr,
       '';
 
@@ -98,28 +98,9 @@ in
         /dev/urandom w,
       '';
 
-      "local/xdg-open" = ''
-        @{PROC}/version r,
-      '';
-
-      "local/xdg-mime" = ''
-        owner @{HOME}/@{XDG_CONFIG_DIR}/mimeapps* rwk,
-        @{PROC}/version r,
-      '';
-    
-      "local/vesktop" = ''
-        @{bin}/electron rix,
+      "abstractions/common/electron.d/libexec" = ''
         /nix/store/*/libexec/electron/** rix,
-        @{bin}/speech-dispatcher rPx,
-        @{bin}/xdg-open rPx,
-      '' + (optionalString allowFingerprinting ''
-        /etc/machine-id r,
-        /dev/udmabuf rw,
-        /dev/ r,
-        @{sys}/devices/@{pci}boot_vga r,
-        @{sys}/devices/@{pci}idVendor r,
-        @{sys}/devices/@{pci}idProduct r,
-      '');
+      '';
     };
     
     security.apparmor.policies = {
@@ -132,7 +113,7 @@ in
           profile passff ${pkgs.passff-host}/share/passff-host/passff.py {
             include <abstractions/base> # read access to /nix/store, basic presets for most apps
             include <abstractions/python>
-            ${getExe pkgs.pass} Px,
+            @{bin}/pass Px -> pass,
           }
         '';
       };
@@ -146,6 +127,7 @@ in
           profile swaymux ${getExe pkgs.swaymux} {
             include <abstractions/base> # read access to /nix/store, basic presets for most apps
             ${pkgs.swaymux}/bin/* rix, # wrapping
+            /dev/tty r,
             owner @{user_config_dirs}/Kvantum/** r, # themeing
           }
         '';

common/tooling/wine.nix

@@ -27,7 +27,7 @@ in
       dotnetCorePackages.dotnet_9.sdk
       jetbrains.rider
       mono4
-      (mono4.overrideAttrs { version="4.6.1"; sha256=""; })
+#      (mono4.overrideAttrs { version="4.6.1"; sha256=""; })
     ];
   };
 }

nix/sources.json

@@ -41,10 +41,10 @@
         "homepage": "https://nyx.chaotic.cx",
         "owner": "chaotic-cx",
         "repo": "nyx",
-        "rev": "ec6b449d3d096a0e79db5f8c4a321ea9ec836e40",
-        "sha256": "1l1y0m5xdpgsd28m1qwl84xaq0jg85yd8hhz0rj01yrw87vhkdqr",
+        "rev": "0fff4bd8bce411eddb86756a66e89cecda16e0a4",
+        "sha256": "1iynss5f8dcrhxgy334df70pvaj7a0661whiwajy0s2lfgpw0kjs",
         "type": "tarball",
-        "url": "https://github.com/chaotic-cx/nyx/archive/ec6b449d3d096a0e79db5f8c4a321ea9ec836e40.tar.gz",
+        "url": "https://github.com/chaotic-cx/nyx/archive/0fff4bd8bce411eddb86756a66e89cecda16e0a4.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "glibc-eac": {
@@ -68,7 +68,7 @@
     "lix-pkg": {
         "branch": "main",
         "repo": "https://git.lix.systems/lix-project/lix.git",
-        "rev": "4682e40183b86972e5a1ef8f17e5366b9b3a8b2c",
+        "rev": "f6077314fa6aff862758095bb55fe844e9162a1d",
         "type": "git"
     },
     "nixos-mailserver": {
@@ -95,10 +95,10 @@
         "homepage": null,
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7",
-        "sha256": "0p3ry8x72cl572fs1c47h9y3s045p4aq71wpblzdi4dfqx3z2i7m",
+        "rev": "a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c",
+        "sha256": "1wn29537l343lb0id0byk0699fj0k07m1n2d7jx2n0ssax55vhwy",
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/5633bcff0c6162b9e4b5f1264264611e950c8ec7.tar.gz",
+        "url": "https://github.com/NixOS/nixpkgs/archive/a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "ranger_udisk_menu": {