Compare commits
1 commit
d9ce46b2c9
...
f4dd2fb01a
| Author | SHA1 | Date | |
|---|---|---|---|
f4dd2fb01a
|
5 changed files with 31 additions and 22 deletions
|
|
@ -12,6 +12,7 @@ in
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
programs.vscode = {
|
programs.vscode = {
|
||||||
package = pkgs.vscode;
|
package = pkgs.vscode;
|
||||||
|
default = {
|
||||||
enableUpdateCheck = false;
|
enableUpdateCheck = false;
|
||||||
extensions = with pkgs.vscode-extensions; [
|
extensions = with pkgs.vscode-extensions; [
|
||||||
rust-lang.rust-analyzer
|
rust-lang.rust-analyzer
|
||||||
|
|
@ -23,12 +24,6 @@ in
|
||||||
editor.formatOnSave = true;
|
editor.formatOnSave = true;
|
||||||
terminal.integrated.inheritEnv = false;
|
terminal.integrated.inheritEnv = false;
|
||||||
git.autofetch = true;
|
git.autofetch = true;
|
||||||
remote.SSH = {
|
|
||||||
connectTimeout = 60;
|
|
||||||
useLocalServer = true;
|
|
||||||
remotePlatform = {
|
|
||||||
"192.168.122.152" = "linux";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,7 @@
|
||||||
editor = "${pkgs.neovim}/bin/nvim";
|
editor = "${pkgs.neovim}/bin/nvim";
|
||||||
};
|
};
|
||||||
init = {
|
init = {
|
||||||
defaultBranch = "master";
|
defaultBranch = "main";
|
||||||
};
|
};
|
||||||
merge = {
|
merge = {
|
||||||
conflictstyle = "diff3";
|
conflictstyle = "diff3";
|
||||||
|
|
|
||||||
|
|
@ -33,7 +33,6 @@ in
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
ExecStart = "/bin/sh -lc ${cfg.package}/bin/nysh";
|
ExecStart = "/bin/sh -lc ${cfg.package}/bin/nysh";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
|
|
||||||
NoNewPrivileges = true;
|
NoNewPrivileges = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,7 @@ let
|
||||||
enum
|
enum
|
||||||
bool
|
bool
|
||||||
;
|
;
|
||||||
|
inherit (lib.my) getExe;
|
||||||
cfg = config.modules.services.tailscale;
|
cfg = config.modules.services.tailscale;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
|
@ -86,14 +87,29 @@ in
|
||||||
description = "tailscale system tray";
|
description = "tailscale system tray";
|
||||||
wantedBy = [ "graphical-session.target" ];
|
wantedBy = [ "graphical-session.target" ];
|
||||||
after = [ "graphical-session.target" ];
|
after = [ "graphical-session.target" ];
|
||||||
path = [ pkgs.polkit ];
|
path = with pkgs; [
|
||||||
|
polkit
|
||||||
|
tailscale
|
||||||
|
];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
ExecStart = "/bin/sh -lc ${pkgs.tailscale-systray}/bin/tailscale-systray";
|
ExecStart = getExe pkgs.tail-tray;
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
RestartSec = 1;
|
RestartSec = 1;
|
||||||
TimeoutStopSec = 10;
|
TimeoutStopSec = 10;
|
||||||
IPAddressDeny = "any";
|
IPAddressDeny = "any";
|
||||||
|
NoNewPrivileges = true;
|
||||||
|
ProtectClock = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
ProtectKernelLogs = true;
|
||||||
|
SystemCallFilter = "~@clock @cpu-emulation @debug @obsolete @module @mount @raw-io @reboot @swap";
|
||||||
|
# ProtectControlGroups = true;
|
||||||
|
#RestrictNamespaces = true;
|
||||||
|
LockPersonality = true;
|
||||||
|
MemoryDenyWriteExecute = true;
|
||||||
|
RestrictRealtime = true;
|
||||||
|
RestrictSUIDSGID = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,6 @@ in
|
||||||
]
|
]
|
||||||
++ (with pkgs; [
|
++ (with pkgs; [
|
||||||
keepassxc
|
keepassxc
|
||||||
digikam
|
|
||||||
fragments
|
fragments
|
||||||
element-desktop
|
element-desktop
|
||||||
libreoffice
|
libreoffice
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue