nydragon/nix-da
1
Fork 0
Code Issues Pull requests Activity Actions 1

chore: update nysh and relax service security

Browse source
This commit is contained in:
Nydragon 2024-11-20 11:00:10 +01:00
parent fe5c301177
commit 9b1e5e4b61
Signed by: nydragon
SSH key fingerprint: SHA256:WcjW5NJPQ8Dx4uQDmoIlVPLWE27Od3fxoe0IUvuoPHE
2 changed files with 10 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
flake.lock generated
View file

@ -287,11 +287,11 @@
"quickshell": "quickshell" "quickshell": "quickshell"
}, },
"locked": { "locked": {
"lastModified": 1731862325, "lastModified": 1732098440,
"narHash": "sha256-K6F/3dMLzPucS0E3wCgqmIGu5WbrYRhVeTKRyFsh9Cc=", "narHash": "sha256-RKnOKsIc8v+lZE1Oq3ZJtAj90o/VjdjylwTD8xVSw7o=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "a57cc7c1d2f6dc5dd2642b6d9d9dab2ca8f43da2", "rev": "a516c42fa522d79814e94a53bdcc85615f7daf2a",
"revCount": 81, "revCount": 85,
"type": "git", "type": "git",
"url": "https://git.ccnlc.eu/nydragon/nysh.git" "url": "https://git.ccnlc.eu/nydragon/nysh.git"
}, },

11
options/services/nysh.nix
View file

@ -2,6 +2,7 @@
lib, lib,
inputs', inputs',
config, config,
pkgs,
... ...
}: }:
let let
@ -20,6 +21,11 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.user.services.nysh = { systemd.user.services.nysh = {
path = [
pkgs.curl
pkgs.brightnessctl
pkgs.networkmanager
];
wantedBy = [ wantedBy = [
"multi-user.target" "multi-user.target"
"graphical-session.target" "graphical-session.target"
@ -33,11 +39,6 @@ in
Restart = "on-failure"; Restart = "on-failure";
NoNewPrivileges = true; NoNewPrivileges = true;
PrivateMounts = true;
ProtectHostname = true;
ProtectKernelTunables = true;
PrivateTmp = true;
IPAddressDeny = "any";
}; };
}; };
}; };