diff --git a/hardening/bwraps/wechat.nix b/hardening/bwraps/wechat.nix index eb76bc04..e80cf799 100644 --- a/hardening/bwraps/wechat.nix +++ b/hardening/bwraps/wechat.nix @@ -19,7 +19,7 @@ let version = "4.1.0.13"; src = fetchurl { url = "https://dldir1v6.qq.com/weixin/Universal/Linux/WeChatLinux_arm64.AppImage"; - hash = ""; + hash = "sha256-o6a7773agYqrP4dXsjzSUT2Du77gZ4wN1F2e0uvEzVc="; }; }; x86_64-linux = { diff --git a/hosts/idols-ai/preservation.nix b/hosts/idols-ai/preservation.nix index f1e0c466..9447f526 100644 --- a/hosts/idols-ai/preservation.nix +++ b/hosts/idols-ai/preservation.nix @@ -1,5 +1,6 @@ { preservation, + lib, pkgs, myvars, ... @@ -148,6 +149,7 @@ in # ai agents ".claude" ".gemini" + ".openclaw" # nvim ".local/share/nvim" @@ -230,10 +232,15 @@ in directory = ".pki"; mode = "0700"; } - - ".local/share/password-store" - # gnmome keyrings - ".local/share/keyrings" + { + directory = ".local/share/password-store"; + mode = "0700"; + } + { + # gnmome keyrings + directory = ".local/share/keyrings"; + mode = "0700"; + } # ====================================== # Games / Media @@ -291,7 +298,10 @@ in ".local/share/containers" ".local/share/flatpak" # flatpak/nixpak app's data - ".var" + { + directory = ".var"; + mode = "0700"; + } # ====================================== # Misc @@ -358,8 +368,8 @@ in let permission = { user = username; - group = "users"; - mode = "0755"; + group = lib.mkForce username; + mode = lib.mkForce "0750"; }; in { diff --git a/hosts/k8s/kubevirt-shoryu/preservation.nix b/hosts/k8s/kubevirt-shoryu/preservation.nix index f3d4bebb..b8b13a1c 100644 --- a/hosts/k8s/kubevirt-shoryu/preservation.nix +++ b/hosts/k8s/kubevirt-shoryu/preservation.nix @@ -1,5 +1,6 @@ { preservation, + lib, pkgs, myvars, ... @@ -74,8 +75,8 @@ in let permission = { user = username; - group = "users"; - mode = "0755"; + group = lib.mkForce username; + mode = lib.mkForce "0750"; }; in {