From 9b1e5e4b615292583faa4b07fc7239a27b856a8e Mon Sep 17 00:00:00 2001
From: Nydragon <contact@ccnlc.eu>
Date: Wed, 20 Nov 2024 11:00:10 +0100
Subject: [PATCH] chore: update nysh and relax service security

---
 flake.lock                |  8 ++++----
 options/services/nysh.nix | 11 ++++++-----
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/flake.lock b/flake.lock
index 2b72af4..56d917c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -287,11 +287,11 @@
         "quickshell": "quickshell"
       },
       "locked": {
-        "lastModified": 1731862325,
-        "narHash": "sha256-K6F/3dMLzPucS0E3wCgqmIGu5WbrYRhVeTKRyFsh9Cc=",
+        "lastModified": 1732098440,
+        "narHash": "sha256-RKnOKsIc8v+lZE1Oq3ZJtAj90o/VjdjylwTD8xVSw7o=",
         "ref": "refs/heads/main",
-        "rev": "a57cc7c1d2f6dc5dd2642b6d9d9dab2ca8f43da2",
-        "revCount": 81,
+        "rev": "a516c42fa522d79814e94a53bdcc85615f7daf2a",
+        "revCount": 85,
         "type": "git",
         "url": "https://git.ccnlc.eu/nydragon/nysh.git"
       },
diff --git a/options/services/nysh.nix b/options/services/nysh.nix
index ddfc3f7..e98f282 100644
--- a/options/services/nysh.nix
+++ b/options/services/nysh.nix
@@ -2,6 +2,7 @@
   lib,
   inputs',
   config,
+  pkgs,
   ...
 }:
 let
@@ -20,6 +21,11 @@ in
 
   config = mkIf cfg.enable {
     systemd.user.services.nysh = {
+      path = [
+        pkgs.curl
+        pkgs.brightnessctl
+        pkgs.networkmanager
+      ];
       wantedBy = [
         "multi-user.target"
         "graphical-session.target"
@@ -33,11 +39,6 @@ in
         Restart = "on-failure";
 
         NoNewPrivileges = true;
-        PrivateMounts = true;
-        ProtectHostname = true;
-        ProtectKernelTunables = true;
-        PrivateTmp = true;
-        IPAddressDeny = "any";
       };
     };
   };