chore: bump lock

fix: rsyncd having port issues
chore: new tailscale system tray, fix warnings
2025-03-16 02:44:12 +01:00 · 2025-03-16 02:40:24 +01:00 · 2025-03-16 02:40:10 +01:00
8 changed files with 48 additions and 39 deletions
--- a/flake.lock
+++ b/flake.lock
@ -52,11 +52,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1740485968,
-        "narHash": "sha256-WK+PZHbfDjLyveXAxpnrfagiFgZWaTJglewBWniTn2Y=",
+        "lastModified": 1741786315,
+        "narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940",
+        "rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de",
        "type": "github"
      },
      "original": {
@ -163,11 +163,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1740199244,
-        "narHash": "sha256-BiNUbNWLcG8AuKiAZmJ8tS+fr+JO8vGwB7QQ54cezKk=",
+        "lastModified": 1742070442,
+        "narHash": "sha256-xPDSLswRazXLlceqc2+VdbKKG2m/OXCjTzU9O/Bs4ZQ=",
        "owner": "feel-co",
        "repo": "hjem",
-        "rev": "829109220c14352990bee4cf092f4918f45fb6a1",
+        "rev": "ae49a5a2e013c710d2b2cf046ae365d08eae75b3",
        "type": "github"
      },
      "original": {
@ -206,11 +206,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1741579508,
-        "narHash": "sha256-skRbH+UF2ES+msEa+KWi7AQFX73S+QsGlPsyCU6XyE0=",
+        "lastModified": 1741955947,
+        "narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "744f749dd6fbc1489591ea370b95156858629cb9",
+        "rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4",
        "type": "github"
      },
      "original": {
@ -221,11 +221,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1741325094,
-        "narHash": "sha256-RUAdT8dZ6k/486vnu3tiNRrNW6+Q8uSD2Mq7gTX4jlo=",
+        "lastModified": 1741792691,
+        "narHash": "sha256-f0BVt1/cvA0DQ/q3rB+HY4g4tKksd03ZkzI4xehC2Ew=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "b48cc4dab0f9711af296fc367b6108cf7b8ccb16",
+        "rev": "e1f12151258b12c567f456d8248e4694e9390613",
        "type": "github"
      },
      "original": {
@ -265,11 +265,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1741379970,
-        "narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=",
+        "lastModified": 1741851582,
+        "narHash": "sha256-cPfs8qMccim2RBgtKGF+x9IBCduRvd/N5F4nYpU0TVE=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "36fd87baa9083f34f7f5027900b62ee6d09b1f2f",
+        "rev": "6607cf789e541e7873d40d3a8f7815ea92204f32",
        "type": "github"
      },
      "original": {
--- a/home/graphical/vscode/default.nix
+++ b/home/graphical/vscode/default.nix
@ -12,23 +12,18 @@ in
  config = mkIf cfg.enable {
    programs.vscode = {
      package = pkgs.vscode;
-      enableUpdateCheck = false;
-      extensions = with pkgs.vscode-extensions; [
-        rust-lang.rust-analyzer
-        ms-vscode-remote.remote-ssh
-        ms-vscode-remote.remote-ssh-edit
-        tamasfe.even-better-toml
-      ];
-      userSettings = {
-        editor.formatOnSave = true;
-        terminal.integrated.inheritEnv = false;
-        git.autofetch = true;
-        remote.SSH = {
-          connectTimeout = 60;
-          useLocalServer = true;
-          remotePlatform = {
-            "192.168.122.152" = "linux";
-          };
+      profiles.default = {
+        enableUpdateCheck = false;
+        extensions = with pkgs.vscode-extensions; [
+          rust-lang.rust-analyzer
+          ms-vscode-remote.remote-ssh
+          ms-vscode-remote.remote-ssh-edit
+          tamasfe.even-better-toml
+        ];
+        userSettings = {
+          editor.formatOnSave = true;
+          terminal.integrated.inheritEnv = false;
+          git.autofetch = true;
        };
      };
    };
--- a/home/terminal/git/default.nix
+++ b/home/terminal/git/default.nix
@ -16,7 +16,7 @@
        editor = "${pkgs.neovim}/bin/nvim";
      };
      init = {
-        defaultBranch = "master";
+        defaultBranch = "main";
      };
      merge = {
        conflictstyle = "diff3";
--- a/hosts/nihilus/default.nix
+++ b/hosts/nihilus/default.nix
@ -15,7 +15,6 @@
    server = {
      rsync-daemon = {
        enable = true;
-        port = 9523;
        openFirewall = true;
        location = "/mnt/backups";
        address = "100.64.0.6";
--- a/options/server/rsync-daemon/default.nix
+++ b/options/server/rsync-daemon/default.nix
@ -26,7 +26,7 @@ in
      default = false;
      description = "Whether to open the firewall";
    };
-    port = mkPortOption 9523 "rsyncd";
+    port = mkPortOption 873 "rsyncd";
    address = mkOption {
      type = nonEmptyStr;
      default = "0.0.0.0";
@ -80,6 +80,7 @@ in

    modules.fixes.services.rsyncd = {
      enable = true;
+      inherit (cfg) port;
      socketActivated = true;
      settings = {
        globalSection = {
--- a/options/services/nysh.nix
+++ b/options/services/nysh.nix
@ -33,7 +33,6 @@ in
        Type = "simple";
        ExecStart = "/bin/sh -lc ${cfg.package}/bin/nysh";
        Restart = "on-failure";
-
        NoNewPrivileges = true;
      };
    };
--- a/options/services/tailscale.nix
+++ b/options/services/tailscale.nix
@ -18,6 +18,7 @@ let
    enum
    bool
    ;
+  inherit (lib.my) getExe;
  cfg = config.modules.services.tailscale;
 in
 {
@ -86,14 +87,29 @@ in
      description = "tailscale system tray";
      wantedBy = [ "graphical-session.target" ];
      after = [ "graphical-session.target" ];
-      path = [ pkgs.polkit ];
+      path = with pkgs; [
+        polkit
+        tailscale
+      ];
      serviceConfig = {
        Type = "simple";
-        ExecStart = "/bin/sh -lc ${pkgs.tailscale-systray}/bin/tailscale-systray";
+        ExecStart = getExe pkgs.tail-tray;
        Restart = "on-failure";
        RestartSec = 1;
        TimeoutStopSec = 10;
        IPAddressDeny = "any";
+        NoNewPrivileges = true;
+        ProtectClock = true;
+        ProtectKernelTunables = true;
+        ProtectKernelModules = true;
+        ProtectKernelLogs = true;
+        SystemCallFilter = "~@clock @cpu-emulation @debug @obsolete @module @mount @raw-io @reboot @swap";
+        #  ProtectControlGroups = true;
+        #RestrictNamespaces = true;
+        LockPersonality = true;
+        MemoryDenyWriteExecute = true;
+        RestrictRealtime = true;
+        RestrictSUIDSGID = true;
      };
    };
  };
--- a/users/ny/default.nix
+++ b/users/ny/default.nix
@ -26,7 +26,6 @@ in
    ]
    ++ (with pkgs; [
      keepassxc
-      digikam
      fragments
      element-desktop
      libreoffice
Author	SHA1	Message	Date
nydragon	d9ce46b2c9	chore: bump lock Some checks failed / test (push) Failing after 10m54s Details	2025-03-16 02:44:12 +01:00
nydragon	f8975e0896	fix: rsyncd having port issues	2025-03-16 02:40:24 +01:00
nydragon	6f9054f69b	chore: new tailscale system tray, fix warnings	2025-03-16 02:40:10 +01:00