starred/nix-config-ryan4yin
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-04-25 09:28:27 +02:00
Code Issues Packages Projects Releases 10 Wiki Activity

feat(preservation): add .openclaw, harden home dir permissions

Browse Source 
Signed-off-by: Ryan Yin <xiaoyin_c@qq.com>
This commit is contained in:
Ryan Yin
2026-02-25 22:22:34 +08:00
parent a52f48fbbe
commit 1222bb25d0
3 changed files with 21 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hardening/bwraps/wechat.nix
View File

@@ -19,7 +19,7 @@ let
version = "4.1.0.13"; version = "4.1.0.13";
src = fetchurl { src = fetchurl {
url = "https://dldir1v6.qq.com/weixin/Universal/Linux/WeChatLinux_arm64.AppImage"; url = "https://dldir1v6.qq.com/weixin/Universal/Linux/WeChatLinux_arm64.AppImage";
hash = ""; hash = "sha256-o6a7773agYqrP4dXsjzSUT2Du77gZ4wN1F2e0uvEzVc=";
}; };
}; };
x86_64-linux = { x86_64-linux = {

24
hosts/idols-ai/preservation.nix
View File

@@ -1,5 +1,6 @@
{ {
preservation, preservation,
lib,
pkgs, pkgs,
myvars, myvars,
... ...
@@ -148,6 +149,7 @@ in
# ai agents # ai agents
".claude" ".claude"
".gemini" ".gemini"
".openclaw"
# nvim # nvim
".local/share/nvim" ".local/share/nvim"
@@ -230,10 +232,15 @@ in
directory = ".pki"; directory = ".pki";
mode = "0700"; mode = "0700";
} }
{
".local/share/password-store" directory = ".local/share/password-store";
# gnmome keyrings mode = "0700";
".local/share/keyrings" }
{
# gnmome keyrings
directory = ".local/share/keyrings";
mode = "0700";
}
# ====================================== # ======================================
# Games / Media # Games / Media
@@ -291,7 +298,10 @@ in
".local/share/containers" ".local/share/containers"
".local/share/flatpak" ".local/share/flatpak"
# flatpak/nixpak app's data # flatpak/nixpak app's data
".var" {
directory = ".var";
mode = "0700";
}
# ====================================== # ======================================
# Misc # Misc
@@ -358,8 +368,8 @@ in
let let
permission = { permission = {
user = username; user = username;
group = "users"; group = lib.mkForce username;
mode = "0755"; mode = lib.mkForce "0750";
}; };
in in
{ {

5
hosts/k8s/kubevirt-shoryu/preservation.nix
View File

@@ -1,5 +1,6 @@
{ {
preservation, preservation,
lib,
pkgs, pkgs,
myvars, myvars,
... ...
@@ -74,8 +75,8 @@ in
let let
permission = { permission = {
user = username; user = username;
group = "users"; group = lib.mkForce username;
mode = "0755"; mode = lib.mkForce "0750";
}; };
in in
{ {