From 1436c6c0694db930f6e1f5a74601d88137870ac9 Mon Sep 17 00:00:00 2001
From: Ryan Yin <xiaoyin_c@qq.com>
Date: Sat, 1 Nov 2025 16:34:00 +0800
Subject: [PATCH] chore: nixpaks

---
 hardening/nixpaks/modules/common.nix | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/hardening/nixpaks/modules/common.nix b/hardening/nixpaks/modules/common.nix
index 3621480b..44a23a45 100644
--- a/hardening/nixpaks/modules/common.nix
+++ b/hardening/nixpaks/modules/common.nix
@@ -1,3 +1,4 @@
+# https://github.com/mnixry/nixos-config/blob/74913c2b90d06e31170bbbaa0074f915721da224/desktop/packages/nixpaks-common.nix
 {
   lib,
   pkgs,
@@ -12,15 +13,14 @@
         inherit (config.flatpak) appId;
       in
       {
+        # same usage as --see, --talk, --own
         policies = {
           "${appId}" = "own";
           "${appId}.*" = "own";
           "org.freedesktop.DBus" = "talk";
-          "org.gtk.vfs.*" = "talk";
-          "org.gtk.vfs" = "talk";
           "ca.desrt.dconf" = "talk";
-          "org.freedesktop.portal.*" = "talk";
-          "org.a11y.Bus" = "talk";
+          "org.gtk.vfs" = "talk";
+          "org.gtk.vfs.*" = "talk";
           "org.freedesktop.appearance" = "talk";
           "org.freedesktop.appearance.*" = "talk";
         }
@@ -49,6 +49,7 @@
           "org.a11y.Bus" = "see";
 
           # --- Portal Access ---
+          # "org.freedesktop.portal.*" = "talk";
           "org.freedesktop.portal.Documents" = "talk";
           "org.freedesktop.portal.FileTransfer" = "talk";
           "org.freedesktop.portal.FileTransfer.*" = "talk";