From c76eaacb285af9dfbd73dff0b8dcd746ef373569 Mon Sep 17 00:00:00 2001
From: Grimmauld <Grimmauld@grimmauld.de>
Date: Sun, 12 Jan 2025 19:10:42 +0100
Subject: [PATCH] update and clean /var

---
 flake.lock                                          | 6 +++---
 flake.nix                                           | 2 +-
 hardening/default.nix                               | 2 +-
 specific/grimm-nixos-ssd/hardware-configuration.nix | 3 +++
 4 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/flake.lock b/flake.lock
index dd14202..4672d25 100644
--- a/flake.lock
+++ b/flake.lock
@@ -507,11 +507,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1736344531,
-        "narHash": "sha256-8YVQ9ZbSfuUk2bUf2KRj60NRraLPKPS0Q4QFTbc+c2c=",
+        "lastModified": 1736523798,
+        "narHash": "sha256-Xb8mke6UCYjge9kPR9o4P1nVrhk7QBbKv3xQ9cj7h2s=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "bffc22eb12172e6db3c5dde9e3e5628f8e3e7912",
+        "rev": "130595eba61081acde9001f43de3248d8888ac4a",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index 37e8b89..59e53b9 100644
--- a/flake.nix
+++ b/flake.nix
@@ -115,7 +115,7 @@
         grimm-nixos-ssd = customNixosSystem "x86_64-linux" {
           modules = [
             agenix.nixosModules.default
-            chaotic.nixosModules.default
+            # chaotic.nixosModules.default
             aagl-gtk-on-nix.nixosModules.default
             ./configuration.nix
             aa-alias-manager.nixosModules.default
diff --git a/hardening/default.nix b/hardening/default.nix
index d84f9b9..2a2b510 100644
--- a/hardening/default.nix
+++ b/hardening/default.nix
@@ -14,6 +14,6 @@
   systemd.tpm2.enable = false;
   systemd.enableEmergencyMode = false;
   virtualisation.vswitch.enable = false;
-  services.resolved.enable = false;
+  # services.resolved.enable = false;
   security.unprivilegedUsernsClone = true;
 }
diff --git a/specific/grimm-nixos-ssd/hardware-configuration.nix b/specific/grimm-nixos-ssd/hardware-configuration.nix
index a4a57bb..4b743a9 100644
--- a/specific/grimm-nixos-ssd/hardware-configuration.nix
+++ b/specific/grimm-nixos-ssd/hardware-configuration.nix
@@ -180,6 +180,9 @@ in
 
   systemd.tmpfiles.rules = [
     "D! ${nix_build} 0755 root root"
+    "D! /var/cache 0755 root root"
+    "D! /var/.Trash-0 0755 root root"
+    "D! /var/tmp 0755 root root"
     # "D! /root 0700 root root"
   ];
   systemd.services.nix-daemon.environment.TMPDIR = nix_build;