update inputs, enable apparmor caching
This commit is contained in:
parent
e1789e9066
commit
617a725abd
@ -46,7 +46,7 @@ in
|
|||||||
extraPackages = [ ];
|
extraPackages = [ ];
|
||||||
};
|
};
|
||||||
|
|
||||||
chaotic.mesa-git.enable = true;
|
# chaotic.mesa-git.enable = true;
|
||||||
boot.kernelParams = [ "nouveau.config=NvGspRm=1" ];
|
boot.kernelParams = [ "nouveau.config=NvGspRm=1" ];
|
||||||
|
|
||||||
environment.sessionVariables = {
|
environment.sessionVariables = {
|
||||||
|
@ -4,10 +4,10 @@ buildGoModule {
|
|||||||
version = "unstable-2024-10-12";
|
version = "unstable-2024-10-12";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
rev = "116272b8ada281178150f1c9a564aac1967121f6";
|
rev = "04df7052725b4ac473f1bdcd1e1644b8163ff0d2";
|
||||||
owner = "roddhjav";
|
owner = "roddhjav";
|
||||||
repo = "apparmor.d";
|
repo = "apparmor.d";
|
||||||
hash = "sha256-Yx9UJdmBqjMSPVwFyvidQXfQ4pdEKaDMfvi7gF6GSVc=";
|
hash = "sha256-USDbCBx6+exHJM834f+dr9fmF9hx3Xo/ddhGJVpYjC0=";
|
||||||
};
|
};
|
||||||
|
|
||||||
vendorHash = "sha256-YkOcpzn5AKFMDWUYbKY8DzGMiIMSyaDfexFmXv5HNQI=";
|
vendorHash = "sha256-YkOcpzn5AKFMDWUYbKY8DzGMiIMSyaDfexFmXv5HNQI=";
|
||||||
|
@ -7,7 +7,6 @@
|
|||||||
let
|
let
|
||||||
inherit (config.grimmShared) enable tooling;
|
inherit (config.grimmShared) enable tooling;
|
||||||
inherit (lib) mkIf optionalString getExe' getExe;
|
inherit (lib) mkIf optionalString getExe' getExe;
|
||||||
allowFingerprinting = true;
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [ ./apparmor-d-module.nix ];
|
imports = [ ./apparmor-d-module.nix ];
|
||||||
@ -17,6 +16,7 @@ in
|
|||||||
security.auditd.enable = true;
|
security.auditd.enable = true;
|
||||||
|
|
||||||
security.apparmor.enable = true;
|
security.apparmor.enable = true;
|
||||||
|
security.apparmor.enableCache = true;
|
||||||
|
|
||||||
security.apparmor_d = {
|
security.apparmor_d = {
|
||||||
enable = true;
|
enable = true;
|
||||||
@ -89,7 +89,7 @@ in
|
|||||||
'';
|
'';
|
||||||
|
|
||||||
"local/firefox" = ''
|
"local/firefox" = ''
|
||||||
${pkgs.passff-host}/share/** rPx -> passff,
|
${pkgs.passff-host}/share/passff-host/passff.py rPx -> passff,
|
||||||
@{HOME}/.mozilla/firefox/** mr,
|
@{HOME}/.mozilla/firefox/** mr,
|
||||||
'';
|
'';
|
||||||
|
|
||||||
@ -98,28 +98,9 @@ in
|
|||||||
/dev/urandom w,
|
/dev/urandom w,
|
||||||
'';
|
'';
|
||||||
|
|
||||||
"local/xdg-open" = ''
|
"abstractions/common/electron.d/libexec" = ''
|
||||||
@{PROC}/version r,
|
|
||||||
'';
|
|
||||||
|
|
||||||
"local/xdg-mime" = ''
|
|
||||||
owner @{HOME}/@{XDG_CONFIG_DIR}/mimeapps* rwk,
|
|
||||||
@{PROC}/version r,
|
|
||||||
'';
|
|
||||||
|
|
||||||
"local/vesktop" = ''
|
|
||||||
@{bin}/electron rix,
|
|
||||||
/nix/store/*/libexec/electron/** rix,
|
/nix/store/*/libexec/electron/** rix,
|
||||||
@{bin}/speech-dispatcher rPx,
|
'';
|
||||||
@{bin}/xdg-open rPx,
|
|
||||||
'' + (optionalString allowFingerprinting ''
|
|
||||||
/etc/machine-id r,
|
|
||||||
/dev/udmabuf rw,
|
|
||||||
/dev/ r,
|
|
||||||
@{sys}/devices/@{pci}boot_vga r,
|
|
||||||
@{sys}/devices/@{pci}idVendor r,
|
|
||||||
@{sys}/devices/@{pci}idProduct r,
|
|
||||||
'');
|
|
||||||
};
|
};
|
||||||
|
|
||||||
security.apparmor.policies = {
|
security.apparmor.policies = {
|
||||||
@ -132,7 +113,7 @@ in
|
|||||||
profile passff ${pkgs.passff-host}/share/passff-host/passff.py {
|
profile passff ${pkgs.passff-host}/share/passff-host/passff.py {
|
||||||
include <abstractions/base> # read access to /nix/store, basic presets for most apps
|
include <abstractions/base> # read access to /nix/store, basic presets for most apps
|
||||||
include <abstractions/python>
|
include <abstractions/python>
|
||||||
${getExe pkgs.pass} Px,
|
@{bin}/pass Px -> pass,
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
@ -146,6 +127,7 @@ in
|
|||||||
profile swaymux ${getExe pkgs.swaymux} {
|
profile swaymux ${getExe pkgs.swaymux} {
|
||||||
include <abstractions/base> # read access to /nix/store, basic presets for most apps
|
include <abstractions/base> # read access to /nix/store, basic presets for most apps
|
||||||
${pkgs.swaymux}/bin/* rix, # wrapping
|
${pkgs.swaymux}/bin/* rix, # wrapping
|
||||||
|
/dev/tty r,
|
||||||
owner @{user_config_dirs}/Kvantum/** r, # themeing
|
owner @{user_config_dirs}/Kvantum/** r, # themeing
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
|
@ -27,7 +27,7 @@ in
|
|||||||
dotnetCorePackages.dotnet_9.sdk
|
dotnetCorePackages.dotnet_9.sdk
|
||||||
jetbrains.rider
|
jetbrains.rider
|
||||||
mono4
|
mono4
|
||||||
(mono4.overrideAttrs { version="4.6.1"; sha256=""; })
|
# (mono4.overrideAttrs { version="4.6.1"; sha256=""; })
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -41,10 +41,10 @@
|
|||||||
"homepage": "https://nyx.chaotic.cx",
|
"homepage": "https://nyx.chaotic.cx",
|
||||||
"owner": "chaotic-cx",
|
"owner": "chaotic-cx",
|
||||||
"repo": "nyx",
|
"repo": "nyx",
|
||||||
"rev": "ec6b449d3d096a0e79db5f8c4a321ea9ec836e40",
|
"rev": "0fff4bd8bce411eddb86756a66e89cecda16e0a4",
|
||||||
"sha256": "1l1y0m5xdpgsd28m1qwl84xaq0jg85yd8hhz0rj01yrw87vhkdqr",
|
"sha256": "1iynss5f8dcrhxgy334df70pvaj7a0661whiwajy0s2lfgpw0kjs",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://github.com/chaotic-cx/nyx/archive/ec6b449d3d096a0e79db5f8c4a321ea9ec836e40.tar.gz",
|
"url": "https://github.com/chaotic-cx/nyx/archive/0fff4bd8bce411eddb86756a66e89cecda16e0a4.tar.gz",
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||||
},
|
},
|
||||||
"glibc-eac": {
|
"glibc-eac": {
|
||||||
@ -68,7 +68,7 @@
|
|||||||
"lix-pkg": {
|
"lix-pkg": {
|
||||||
"branch": "main",
|
"branch": "main",
|
||||||
"repo": "https://git.lix.systems/lix-project/lix.git",
|
"repo": "https://git.lix.systems/lix-project/lix.git",
|
||||||
"rev": "4682e40183b86972e5a1ef8f17e5366b9b3a8b2c",
|
"rev": "f6077314fa6aff862758095bb55fe844e9162a1d",
|
||||||
"type": "git"
|
"type": "git"
|
||||||
},
|
},
|
||||||
"nixos-mailserver": {
|
"nixos-mailserver": {
|
||||||
@ -95,10 +95,10 @@
|
|||||||
"homepage": null,
|
"homepage": null,
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7",
|
"rev": "a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c",
|
||||||
"sha256": "0p3ry8x72cl572fs1c47h9y3s045p4aq71wpblzdi4dfqx3z2i7m",
|
"sha256": "1wn29537l343lb0id0byk0699fj0k07m1n2d7jx2n0ssax55vhwy",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://github.com/NixOS/nixpkgs/archive/5633bcff0c6162b9e4b5f1264264611e950c8ec7.tar.gz",
|
"url": "https://github.com/NixOS/nixpkgs/archive/a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c.tar.gz",
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||||
},
|
},
|
||||||
"ranger_udisk_menu": {
|
"ranger_udisk_menu": {
|
||||||
|
Loading…
Reference in New Issue
Block a user