chore: new tailscale system tray, fix warnings

home/graphical/vscode/default.nix

@@ -12,23 +12,18 @@ in
   config = mkIf cfg.enable {
     programs.vscode = {
       package = pkgs.vscode;
-      enableUpdateCheck = false;
+      default = {
-      extensions = with pkgs.vscode-extensions; [
+        enableUpdateCheck = false;
-        rust-lang.rust-analyzer
+        extensions = with pkgs.vscode-extensions; [
-        ms-vscode-remote.remote-ssh
+          rust-lang.rust-analyzer
-        ms-vscode-remote.remote-ssh-edit
+          ms-vscode-remote.remote-ssh
-        tamasfe.even-better-toml
+          ms-vscode-remote.remote-ssh-edit
-      ];
+          tamasfe.even-better-toml
-      userSettings = {
+        ];
-        editor.formatOnSave = true;
+        userSettings = {
-        terminal.integrated.inheritEnv = false;
+          editor.formatOnSave = true;
-        git.autofetch = true;
+          terminal.integrated.inheritEnv = false;
-        remote.SSH = {
+          git.autofetch = true;
-          connectTimeout = 60;
-          useLocalServer = true;
-          remotePlatform = {
-            "192.168.122.152" = "linux";
-          };
         };
       };
     };

home/terminal/git/default.nix

@@ -16,7 +16,7 @@
         editor = "${pkgs.neovim}/bin/nvim";
       };
       init = {
-        defaultBranch = "master";
+        defaultBranch = "main";
       };
       merge = {
         conflictstyle = "diff3";

options/services/nysh.nix

@@ -33,7 +33,6 @@ in
         Type = "simple";
         ExecStart = "/bin/sh -lc ${cfg.package}/bin/nysh";
         Restart = "on-failure";
-
         NoNewPrivileges = true;
       };
     };

options/services/tailscale.nix

@@ -18,6 +18,7 @@ let
     enum
     bool
     ;
+  inherit (lib.my) getExe;
   cfg = config.modules.services.tailscale;
 in
 {
@@ -86,14 +87,29 @@ in
       description = "tailscale system tray";
       wantedBy = [ "graphical-session.target" ];
       after = [ "graphical-session.target" ];
-      path = [ pkgs.polkit ];
+      path = with pkgs; [
+        polkit
+        tailscale
+      ];
       serviceConfig = {
         Type = "simple";
-        ExecStart = "/bin/sh -lc ${pkgs.tailscale-systray}/bin/tailscale-systray";
+        ExecStart = getExe pkgs.tail-tray;
         Restart = "on-failure";
         RestartSec = 1;
         TimeoutStopSec = 10;
         IPAddressDeny = "any";
+        NoNewPrivileges = true;
+        ProtectClock = true;
+        ProtectKernelTunables = true;
+        ProtectKernelModules = true;
+        ProtectKernelLogs = true;
+        SystemCallFilter = "~@clock @cpu-emulation @debug @obsolete @module @mount @raw-io @reboot @swap";
+        #  ProtectControlGroups = true;
+        #RestrictNamespaces = true;
+        LockPersonality = true;
+        MemoryDenyWriteExecute = true;
+        RestrictRealtime = true;
+        RestrictSUIDSGID = true;
       };
     };
   };

users/ny/default.nix

@@ -26,7 +26,6 @@ in
     ]
     ++ (with pkgs; [
       keepassxc
-      digikam
       fragments
       element-desktop
       libreoffice