From 617a725abd4febb5bd02b447f4e33a19456ddbd0 Mon Sep 17 00:00:00 2001 From: Grimmauld Date: Wed, 16 Oct 2024 11:28:00 +0200 Subject: [PATCH] update inputs, enable apparmor caching --- common/graphics/opengl.nix | 2 +- .../tooling/apparmor/apparmor-d-package.nix | 4 +-- common/tooling/apparmor/default.nix | 30 ++++--------------- common/tooling/wine.nix | 2 +- nix/sources.json | 14 ++++----- 5 files changed, 17 insertions(+), 35 deletions(-) diff --git a/common/graphics/opengl.nix b/common/graphics/opengl.nix index fbf2d63..6f24dec 100644 --- a/common/graphics/opengl.nix +++ b/common/graphics/opengl.nix @@ -46,7 +46,7 @@ in extraPackages = [ ]; }; - chaotic.mesa-git.enable = true; +# chaotic.mesa-git.enable = true; boot.kernelParams = [ "nouveau.config=NvGspRm=1" ]; environment.sessionVariables = { diff --git a/common/tooling/apparmor/apparmor-d-package.nix b/common/tooling/apparmor/apparmor-d-package.nix index 111eda5..ab9a6aa 100644 --- a/common/tooling/apparmor/apparmor-d-package.nix +++ b/common/tooling/apparmor/apparmor-d-package.nix @@ -4,10 +4,10 @@ buildGoModule { version = "unstable-2024-10-12"; src = fetchFromGitHub { - rev = "116272b8ada281178150f1c9a564aac1967121f6"; + rev = "04df7052725b4ac473f1bdcd1e1644b8163ff0d2"; owner = "roddhjav"; repo = "apparmor.d"; - hash = "sha256-Yx9UJdmBqjMSPVwFyvidQXfQ4pdEKaDMfvi7gF6GSVc="; + hash = "sha256-USDbCBx6+exHJM834f+dr9fmF9hx3Xo/ddhGJVpYjC0="; }; vendorHash = "sha256-YkOcpzn5AKFMDWUYbKY8DzGMiIMSyaDfexFmXv5HNQI="; diff --git a/common/tooling/apparmor/default.nix b/common/tooling/apparmor/default.nix index ffbb553..2b7f8e9 100644 --- a/common/tooling/apparmor/default.nix +++ b/common/tooling/apparmor/default.nix @@ -7,7 +7,6 @@ let inherit (config.grimmShared) enable tooling; inherit (lib) mkIf optionalString getExe' getExe; - allowFingerprinting = true; in { imports = [ ./apparmor-d-module.nix ]; @@ -17,6 +16,7 @@ in security.auditd.enable = true; security.apparmor.enable = true; + security.apparmor.enableCache = true; security.apparmor_d = { enable = true; @@ -89,7 +89,7 @@ in ''; "local/firefox" = '' - ${pkgs.passff-host}/share/** rPx -> passff, + ${pkgs.passff-host}/share/passff-host/passff.py rPx -> passff, @{HOME}/.mozilla/firefox/** mr, ''; @@ -98,28 +98,9 @@ in /dev/urandom w, ''; - "local/xdg-open" = '' - @{PROC}/version r, - ''; - - "local/xdg-mime" = '' - owner @{HOME}/@{XDG_CONFIG_DIR}/mimeapps* rwk, - @{PROC}/version r, - ''; - - "local/vesktop" = '' - @{bin}/electron rix, + "abstractions/common/electron.d/libexec" = '' /nix/store/*/libexec/electron/** rix, - @{bin}/speech-dispatcher rPx, - @{bin}/xdg-open rPx, - '' + (optionalString allowFingerprinting '' - /etc/machine-id r, - /dev/udmabuf rw, - /dev/ r, - @{sys}/devices/@{pci}boot_vga r, - @{sys}/devices/@{pci}idVendor r, - @{sys}/devices/@{pci}idProduct r, - ''); + ''; }; security.apparmor.policies = { @@ -132,7 +113,7 @@ in profile passff ${pkgs.passff-host}/share/passff-host/passff.py { include # read access to /nix/store, basic presets for most apps include - ${getExe pkgs.pass} Px, + @{bin}/pass Px -> pass, } ''; }; @@ -146,6 +127,7 @@ in profile swaymux ${getExe pkgs.swaymux} { include # read access to /nix/store, basic presets for most apps ${pkgs.swaymux}/bin/* rix, # wrapping + /dev/tty r, owner @{user_config_dirs}/Kvantum/** r, # themeing } ''; diff --git a/common/tooling/wine.nix b/common/tooling/wine.nix index a2cbb27..cede6a0 100644 --- a/common/tooling/wine.nix +++ b/common/tooling/wine.nix @@ -27,7 +27,7 @@ in dotnetCorePackages.dotnet_9.sdk jetbrains.rider mono4 - (mono4.overrideAttrs { version="4.6.1"; sha256=""; }) +# (mono4.overrideAttrs { version="4.6.1"; sha256=""; }) ]; }; } diff --git a/nix/sources.json b/nix/sources.json index 7fae2bf..998554a 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -41,10 +41,10 @@ "homepage": "https://nyx.chaotic.cx", "owner": "chaotic-cx", "repo": "nyx", - "rev": "ec6b449d3d096a0e79db5f8c4a321ea9ec836e40", - "sha256": "1l1y0m5xdpgsd28m1qwl84xaq0jg85yd8hhz0rj01yrw87vhkdqr", + "rev": "0fff4bd8bce411eddb86756a66e89cecda16e0a4", + "sha256": "1iynss5f8dcrhxgy334df70pvaj7a0661whiwajy0s2lfgpw0kjs", "type": "tarball", - "url": "https://github.com/chaotic-cx/nyx/archive/ec6b449d3d096a0e79db5f8c4a321ea9ec836e40.tar.gz", + "url": "https://github.com/chaotic-cx/nyx/archive/0fff4bd8bce411eddb86756a66e89cecda16e0a4.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "glibc-eac": { @@ -68,7 +68,7 @@ "lix-pkg": { "branch": "main", "repo": "https://git.lix.systems/lix-project/lix.git", - "rev": "4682e40183b86972e5a1ef8f17e5366b9b3a8b2c", + "rev": "f6077314fa6aff862758095bb55fe844e9162a1d", "type": "git" }, "nixos-mailserver": { @@ -95,10 +95,10 @@ "homepage": null, "owner": "NixOS", "repo": "nixpkgs", - "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", - "sha256": "0p3ry8x72cl572fs1c47h9y3s045p4aq71wpblzdi4dfqx3z2i7m", + "rev": "a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c", + "sha256": "1wn29537l343lb0id0byk0699fj0k07m1n2d7jx2n0ssax55vhwy", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5633bcff0c6162b9e4b5f1264264611e950c8ec7.tar.gz", + "url": "https://github.com/NixOS/nixpkgs/archive/a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "ranger_udisk_menu": {