feat: hardening nixos desktops (#160)

* feat: hardening nixos desktops * refactor: move hardening to the root folder * feat: add nixpaks into nixpkgs via overlays * feat: nixpak - add netease music * docs: hardening * fix: nvidia * fix: disable apparmor & hardening profile to avoid neovim being killed * fix: firefox cursor & fonts
2026-04-18 15:09:48 +02:00 · 2024-09-05 23:59:39 +08:00
parent 773688a9e5
commit df9ca7aefa
21 changed files with 626 additions and 13 deletions
--- a/modules/nixos/desktop/default.nix
+++ b/modules/nixos/desktop/default.nix
@@ -1,7 +1,3 @@
-{
-  mylib,
-  lib,
-  ...
-}: {
+{mylib, ...}: {
  imports = mylib.scanPaths ./.;
 }
--- a/modules/nixos/desktop/insecure-packages.nix
+++ b/modules/nixos/desktop/insecure-packages.nix
@@ -0,0 +1,6 @@
+{
+  nixpkgs.config.permittedInsecurePackages = [
+    # required by wechat-uos:
+    # "openssl-1.1.1w"
+  ];
+}