Grimmauld/grimm-nixos-laptop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

osu part 1

Browse Source
This commit is contained in:
Grimmauld 2024-10-14 14:49:17 +02:00
parent cebee13139
commit d718e5ac65
Signed by: Grimmauld
GPG Key ID: C2946668769F91FB
2 changed files with 173 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
common/tooling/apparmor/apparmor-d-paths.patch
View File

@ -1,5 +1,5 @@
diff --git a/apparmor.d/tunables/multiarch.d/system b/apparmor.d/tunables/multiarch.d/system
index be37123f..57df7990 100644
index be37123f..6490e311 100644
--- a/apparmor.d/tunables/multiarch.d/system
+++ b/apparmor.d/tunables/multiarch.d/system
@@ -106,8 +106,9 @@
@ -9,7 +9,7 @@ index be37123f..57df7990 100644
-@{bin}=/{,usr/}{,s}bin
-@{lib}=/{,usr/}lib{,exec,32,64}
+@{base_paths} = /nix/store/* /etc/profiles/per-user/* /run/current-system/sw
+@{bin}=@{base_paths}/bin
+@{bin}=@{base_paths}/bin /{,usr/}{,s}bin
+@{lib}=@{base_paths}/lib
# Common places for temporary files

178
common/tooling/apparmor/default.nix
View File

@ -24,6 +24,8 @@ in
/nix/store/*/bin/** mr,
/nix/store/*/lib/** mr,
/nix/store/** r,
${getExe' pkgs.coreutils "coreutils"} rix,
${getExe' pkgs.coreutils-full "coreutils"} rix,
'';
"local/speech-dispatcher" = ''
@ -34,11 +36,21 @@ in
"local/pass" = ''
${getExe' pkgs.pass ".pass-wrapped"} rix,
${getExe' pkgs.coreutils "coreutils"} rix,
'';
"local/pass_gpg" = ''
@{PROC}/@{pid}/fd/ r,
/nix/store/*/libexec/keyboxd ix,
owner /run/user/*/gnupg/S.keyboxd wr,
'';
"abstractions/app/udevadm.d/udevadm_is_exec" = ''
@{bin}/udevadm mrix,
'';
"local/firefox" = ''
${pkgs.passff-host}/share/** rPx -> passff,
@{HOME}/.mozilla/firefox/** mr,
'';
"local/thunderbird" = ''
@ -47,8 +59,12 @@ in
'';
"local/xdg-open" = ''
${getExe' pkgs.coreutils "coreutils"} rix,
/proc/version r,
@{PROC}/version r,
'';
"local/xdg-mime" = ''
owner @{HOME}/@{XDG_CONFIG_DIR}/mimeapps* rwk,
@{PROC}/version r,
'';
"local/vesktop" = ''
@ -60,9 +76,9 @@ in
/etc/machine-id r,
/dev/udmabuf rw,
/dev/ r,
/sys/devices/@{pci}boot_vga r,
/sys/devices/@{pci}idVendor r,
/sys/devices/@{pci}idProduct r,
@{sys}/devices/@{pci}boot_vga r,
@{sys}/devices/@{pci}idVendor r,
@{sys}/devices/@{pci}idProduct r,
'');
};
@ -79,7 +95,6 @@ in
${getExe pkgs.pass} Px,
}
'';
};
swaymux = {
@ -95,6 +110,122 @@ in
}
'';
};
osu-lazer = {
enable = true;
enforce = true;
profile = ''
abi <abi/4.0>,
include <tunables/global>
profile osu-lazer @{bin}/osu\! flags=(attach_disconnected) {
include <abstractions/base> # read access to /nix/store, basic presets for most apps
# include <abstractions/audio-client>
include <abstractions/common/bwrap>
# include <abstractions/ssl_certs>
include <abstractions/devices-usb>
# include <abstractions/vulkan-strict>
# include <abstractions/mesa>
include <abstractions/nameservice-strict>
include <abstractions/app/udevadm>
# include <abstractions/desktop>
include <abstractions/app/bus>
include <abstractions/common/game>
network inet dgram,
network inet6 dgram,
network inet stream,
network inet6 stream,
network netlink raw,
owner @{PROC}/@{pid}/net/dev r,
owner @{PROC}/@{pid}/net/if_inet6 r,
owner @{PROC}/@{pid}/net/ipv6_route r,
owner @{PROC}/@{pid}/net/route r,
capability mknod,
/dev/tty{@{d},} rw,
${pkgs.osu-lazer-bin}/bin/osu? ix,
${getExe pkgs.bubblewrap} rix,
/nix/store/*-osu-lazer-bin-*-bwrap ix,
/nix/store/*-osu-lazer-bin-*-init ix,
/nix/store/*-osu-lazer-bin-*-extracted/** rk,
/nix/store/*-osu-lazer-bin-*-extracted/AppRun ix,
/nix/store/*-osu-lazer-bin-*-extracted/usr/bin/** ix,
@{bin}/ldconfig ix,
@{bin}/appimage-exec.sh ix,
@{bin}/rev ix,
@{bin}/bash ix,
@{bin}/grep ix,
@{bin}/lsblk ix,
@{bin}/awk ix,
@{bin}/gawk ix,
@{bin}/xdg-mime Px,
${getExe' pkgs.gamemode "gamemoderun"} ix,
owner @{HOME}/@{XDG_DATA_DIR}/osu/** rwkm,
owner @{HOME}/.dotnet/** rwkm,
owner @{HOME}/@{XDG_DATA_DIR}/Sentry/** rwk,
owner @{HOME}/@{XDG_CONFIG_DIR}/mimeapps* rwk,
owner @{HOME}/@{XDG_DATA_DIR}/applications/discord-*.desktop rwk,
/ r,
/nix/store/*-etc-os-release rk,
/nix/store/*/share/zoneinfo/** rk,
owner /tmp/** rwk,
/usr/lib/ r,
/var/cache/ldconfig/ rw,
owner /etc/ld.so* rw,
@{PROC}/@{pid}/stat rk,
@{PROC}/@{pid}/task/@{pid}/comm wr,
@{PROC}@{sys}/kernel/os{type,release} rk,
@{PROC}/version r,
@{PROC}/{sys,@{pid}}/net/** rk,
@{PROC}/@{pid}/maps rk,
/dev/snd/** rw,
/dev/input/ r,
/dev/dri/** wr,
/dev/input/** r,
/dev/udmabuf wr,
/dev/hidraw* rw,
/.host-etc/alsa/conf.d/{,**} r,
/.host-etc/ssl/certs/{,**} r,
/.host-etc/resolv.conf rk,
/run/udev/data/* r,
# @{sys}/devices/@{pci}device r,
# @{sys}/devices/@{pci}boot_vga r,
# @{sys}/devices/@{pci}subsystem_vendor r,
# @{sys}/devices/@{pci}subsystem_device r,
# @{sys}/devices/virtual/dmi/id/* r,
# @{sys}/devices/@{pci}uevent r,
# @{sys}/devices/virtual/sound/** r,
# @{sys}/devices/virtual/block/** r,
# @{sys}/block/ r,
# @{sys}/devices@{sys}tem/node/ r,
# @{sys}/fs/cgroup/{,**/} r,
# @{sys}/fs/cgroup/** r,
# @{sys}/devices/@{pci}sound/** r,
# @{sys}/devices/@{pci}vendor r,
# @{sys}/class/hidraw/ r,
# @{sys}/class/input/ r,
# @{sys}/class/input/{,**} r,
# @{sys}/devices/**/input/** r,
}
'';
};
vesktop = {
enable = true;
enforce = true;
@ -172,6 +303,39 @@ in
include "${apparmor-d}/etc/apparmor.d/profiles-m-r/pass"
'';
};
# gamemoded = {
# enable = true;
# enforce = true;
# profile = ''
# include "${apparmor-d}/etc/apparmor.d/profiles-g-l/gamemoded"
# '';
# };
pkexec = {
enable = false;
enforce = false;
# somehow this has conflicting imports and i have no clue how to fix it
profile = ''
include "${apparmor-d}/etc/apparmor.d/profiles-m-r/pkexec"
'';
};
xdg-mime = {
enable = true;
enforce = false;
# somehow this has conflicting imports and i have no clue how to fix it
profile = ''
include "${apparmor-d}/etc/apparmor.d/groups/freedesktop/xdg-mime"
'';
};
mimetype = {
enable = true;
enforce = false;
# somehow this has conflicting imports and i have no clue how to fix it
profile = ''
include "${apparmor-d}/etc/apparmor.d/profiles-m-r/mimetype"
'';
};
};
};
}