diff --git a/hardening/bwraps/wechat.nix b/hardening/bwraps/wechat.nix index c407e583..7e8ed177 100644 --- a/hardening/bwraps/wechat.nix +++ b/hardening/bwraps/wechat.nix @@ -9,14 +9,30 @@ { appimageTools, fetchurl, + stdenvNoCC, }: let pname = "wechat"; # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/we/wechat/package.nix - version = "4.0.1.11"; - src = fetchurl { - url = "https://web.archive.org/web/20250512110825if_/https://dldir1v6.qq.com/weixin/Universal/Linux/WeChatLinux_x86_64.AppImage"; - hash = "sha256-gBWcNQ1o1AZfNsmu1Vi1Kilqv3YbR+wqOod4XYAeVKo="; + sources = { + aarch64-linux = { + version = "4.0.1.11"; + src = fetchurl { + url = "https://web.archive.org/web/20250512112413if_/https://dldir1v6.qq.com/weixin/Universal/Linux/WeChatLinux_arm64.AppImage"; + hash = "sha256-Rg+FWNgOPC02ILUskQqQmlz1qNb9AMdvLcRWv7NQhGk="; + }; + }; + x86_64-linux = { + version = "4.0.1.11"; + src = fetchurl { + url = "https://web.archive.org/web/20250512110825if_/https://dldir1v6.qq.com/weixin/Universal/Linux/WeChatLinux_x86_64.AppImage"; + hash = "sha256-gBWcNQ1o1AZfNsmu1Vi1Kilqv3YbR+wqOod4XYAeVKo="; + }; + }; }; + + inherit (stdenvNoCC.hostPlatform) system; + inherit (sources.${system} or (throw "Unsupported system: ${system}")) version src; + # https://github.com/NixOS/nixpkgs/blob/master/pkgs/by-name/we/wechat/linux.nix appimageContents = appimageTools.extract { inherit pname version src; diff --git a/outputs/aarch64-linux/src/12kingdoms-shoukei.nix b/outputs/aarch64-linux/src/12kingdoms-shoukei.nix index 1a277837..68991a0f 100644 --- a/outputs/aarch64-linux/src/12kingdoms-shoukei.nix +++ b/outputs/aarch64-linux/src/12kingdoms-shoukei.nix @@ -19,6 +19,10 @@ "modules/nixos/desktop.nix" # host specific "hosts/12kingdoms-${name}" + # nixos hardening + # "hardening/profiles/default.nix" + "hardening/nixpaks" + "hardening/bwraps" ]; home-modules = map mylib.relativeToRoot [ # common