[PR #160] [MERGED] feat: hardening nixos desktops #176

New Issue

adam · 2025-12-29T04:21:51+01:00

adam commented

2025-12-29 04:21:51 +01:00

📋 Pull Request Information

Original PR: https://github.com/ryan4yin/nix-config/pull/160
Author: @ryan4yin
Created: 8/29/2024
Status: ✅ Merged
Merged: 9/5/2024
Merged by: @ryan4yin

Base: main ← Head: nixos-hardening

📝 Commits (10+)

12cf1fc feat: hardening nixos desktops
151ecef refactor: move hardening to the root folder
0b94d4b feat: add nixpaks into nixpkgs via overlays
1a4fb27 feat: nixpak - add netease music
8e0df5f docs: hardening
77405f5 chore: remove useless import path
5e73584 docs: hardening
4daf8d2 feat: add prismlauncher
0c570a3 fix: nixpaks - overlays
937a593 feat: hardening - add firejail

📊 Changes

21 files changed (+626 additions, -13 deletions)

View changed files

📝 .gitignore (+1 -0)
📝 flake.lock (+69 -0)
📝 flake.nix (+5 -0)
➕ hardening/README.md (+70 -0)
➕ hardening/apparmor/default.nix (+58 -0)
➕ hardening/firejail/default.nix (+75 -0)
➕ hardening/firejail/firejailWrapper.nix (+35 -0)
➕ hardening/nixpaks/default.nix (+30 -0)
➕ hardening/nixpaks/firefox-desktop-item.nix (+11 -0)
➕ hardening/nixpaks/firefox.nix (+75 -0)
➕ hardening/nixpaks/modules/gui-base.nix (+84 -0)
➕ hardening/nixpaks/modules/network.nix (+8 -0)
➕ hardening/nixpaks/qq-desktop-item.nix (+15 -0)
➕ hardening/nixpaks/qq.nix (+59 -0)
➕ hardening/profiles/default.nix (+9 -0)
📝 home/linux/gui/base/games.nix (+1 -1)
📝 home/linux/gui/base/misc.nix (+4 -1)
📝 home/linux/gui/hyprland/values/wayland-apps.nix (+6 -6)
📝 modules/nixos/desktop/default.nix (+1 -5)
➕ modules/nixos/desktop/insecure-packages.nix (+6 -0)

...and 1 more files

📄 Description

Bugs:

neovim will crash on opening any files
error: there was a problem with the editor 'nvim'

Firefox can not use GPU rendering in sandbox.

libEGL warning: egl: failed to create dri2 screen
MESA: error: ZINK: failed to choose pdev
libEGL warning: egl: failed to create dri2 screen

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/ryan4yin/nix-config/pull/160 **Author:** [@ryan4yin](https://github.com/ryan4yin) **Created:** 8/29/2024 **Status:** ✅ Merged **Merged:** 9/5/2024 **Merged by:** [@ryan4yin](https://github.com/ryan4yin) **Base:** `main` ← **Head:** `nixos-hardening` --- ### 📝 Commits (10+) - [`12cf1fc`](https://github.com/ryan4yin/nix-config/commit/12cf1fc030ef6e873e602014dd1d18df50a72cb8) feat: hardening nixos desktops - [`151ecef`](https://github.com/ryan4yin/nix-config/commit/151ecefcdbd0a83a1ba613a6b12222d456cfeac5) refactor: move hardening to the root folder - [`0b94d4b`](https://github.com/ryan4yin/nix-config/commit/0b94d4bd0e820f32b410c6690b11540d6eaa82c0) feat: add nixpaks into nixpkgs via overlays - [`1a4fb27`](https://github.com/ryan4yin/nix-config/commit/1a4fb2704fb1059d5bd08609f7957dc2ca4056c2) feat: nixpak - add netease music - [`8e0df5f`](https://github.com/ryan4yin/nix-config/commit/8e0df5fda62c5bb899eca1a90c18b67f1f4a989f) docs: hardening - [`77405f5`](https://github.com/ryan4yin/nix-config/commit/77405f58a4f9d12c7d9c42471485f44c96c1f783) chore: remove useless import path - [`5e73584`](https://github.com/ryan4yin/nix-config/commit/5e7358404daf55b15586e87de017a3f29e7de88e) docs: hardening - [`4daf8d2`](https://github.com/ryan4yin/nix-config/commit/4daf8d292866bf76d194630937568d0e5139e9a7) feat: add prismlauncher - [`0c570a3`](https://github.com/ryan4yin/nix-config/commit/0c570a3c358ad0b0e7e70979f4c962715f1ae793) fix: nixpaks - overlays - [`937a593`](https://github.com/ryan4yin/nix-config/commit/937a593f24fea3a2fd2d1ae150d39bb29b0f8f53) feat: hardening - add firejail ### 📊 Changes **21 files changed** (+626 additions, -13 deletions) <details> <summary>View changed files</summary> 📝 `.gitignore` (+1 -0) 📝 `flake.lock` (+69 -0) 📝 `flake.nix` (+5 -0) ➕ `hardening/README.md` (+70 -0) ➕ `hardening/apparmor/default.nix` (+58 -0) ➕ `hardening/firejail/default.nix` (+75 -0) ➕ `hardening/firejail/firejailWrapper.nix` (+35 -0) ➕ `hardening/nixpaks/default.nix` (+30 -0) ➕ `hardening/nixpaks/firefox-desktop-item.nix` (+11 -0) ➕ `hardening/nixpaks/firefox.nix` (+75 -0) ➕ `hardening/nixpaks/modules/gui-base.nix` (+84 -0) ➕ `hardening/nixpaks/modules/network.nix` (+8 -0) ➕ `hardening/nixpaks/qq-desktop-item.nix` (+15 -0) ➕ `hardening/nixpaks/qq.nix` (+59 -0) ➕ `hardening/profiles/default.nix` (+9 -0) 📝 `home/linux/gui/base/games.nix` (+1 -1) 📝 `home/linux/gui/base/misc.nix` (+4 -1) 📝 `home/linux/gui/hyprland/values/wayland-apps.nix` (+6 -6) 📝 `modules/nixos/desktop/default.nix` (+1 -5) ➕ `modules/nixos/desktop/insecure-packages.nix` (+6 -0) _...and 1 more files_ </details> ### 📄 Description Bugs: - neovim will crash on opening any files `error: there was a problem with the editor 'nvim'` - Firefox can not use GPU rendering in sandbox. ``` libEGL warning: egl: failed to create dri2 screen MESA: error: ZINK: failed to choose pdev libEGL warning: egl: failed to create dri2 screen ```` --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

adam added the pull-request label 2025-12-29 04:21:51 +01:00

adam closed this issue

2025-12-29 04:21:51 +01:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/nix-config-ryan4yin#176