feat: hardening nixos desktops (#160)

* feat: hardening nixos desktops * refactor: move hardening to the root folder * feat: add nixpaks into nixpkgs via overlays * feat: nixpak - add netease music * docs: hardening * fix: nvidia * fix: disable apparmor & hardening profile to avoid neovim being killed * fix: firefox cursor & fonts
2026-04-21 08:21:24 +02:00 · 2024-09-05 23:59:39 +08:00
parent 773688a9e5
commit df9ca7aefa
21 changed files with 626 additions and 13 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -264,6 +264,27 @@
        "type": "github"
      }
    },
+    "flake-parts_4": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "nixpak",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1722555600,
+        "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
    "flake-utils": {
      "inputs": {
        "systems": "systems_2"
@@ -382,6 +403,31 @@
        "type": "github"
      }
    },
+    "hercules-ci-effects": {
+      "inputs": {
+        "flake-parts": [
+          "nixpak",
+          "flake-parts"
+        ],
+        "nixpkgs": [
+          "nixpak",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1719226092,
+        "narHash": "sha256-YNkUMcCUCpnULp40g+svYsaH1RbSEj6s4WdZY/SHe38=",
+        "owner": "hercules-ci",
+        "repo": "hercules-ci-effects",
+        "rev": "11e4b8dc112e2f485d7c97e1cee77f9958f498f5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "hercules-ci-effects",
+        "type": "github"
+      }
+    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@@ -576,6 +622,28 @@
        "type": "github"
      }
    },
+    "nixpak": {
+      "inputs": {
+        "flake-parts": "flake-parts_4",
+        "hercules-ci-effects": "hercules-ci-effects",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1724898170,
+        "narHash": "sha256-/QslnBDv9+dnBCkAd4tto7sZck2CUeCIHtnpzRmZ+Lo=",
+        "owner": "nixpak",
+        "repo": "nixpak",
+        "rev": "02d04e4ac37fd71f117aaaf367d5c41fad14d29b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixpak",
+        "repo": "nixpak",
+        "type": "github"
+      }
+    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1723221148,
@@ -882,6 +950,7 @@
        "nix-gaming": "nix-gaming",
        "nixos-generators": "nixos-generators",
        "nixos-hardware": "nixos-hardware",
+        "nixpak": "nixpak",
        "nixpkgs": "nixpkgs_2",
        "nixpkgs-darwin": "nixpkgs-darwin",
        "nixpkgs-stable": "nixpkgs-stable_2",