Enable apparmor

The fix is finally available on nixos-unstable. Also add notes on things needed to be fixed in the future.
2024-03-10 00:00:00 +07:00 · 2024-03-10 00:00:00 +07:00 · 50f8194fac
parent a898cb66d3
commit 50f8194fac
6 changed files with 14 additions and 11 deletions
--- a/TODO.md
+++ b/TODO.md
@ -19,7 +19,7 @@

 - [ ] btop
 - [ ] vifm
- [ ] firefox / chromium
+- [ ] firefox / chromium (wrapped inside nixpak?)
 - [ ] mpv
 - [ ] newsboat
- [ ] gdb
+- [ ] gdb (configuration with [GEF](https://github.com/hugsy/gef))
--- a/home-manager/programs/vivid/default.nix
+++ b/home-manager/programs/vivid/default.nix
@ -9,7 +9,8 @@ with lib;
    xdg.configFile."vivid/themes/nord.yml".source = ./nord.yml;

    # Set LS_COLORS for each shell at login
-    programs.zsh.profileExtra = ''export LS_COLORS="$(vivid generate nord)"'';
    programs.fish.loginShellInit = ''set -gx LS_COLORS (vivid generate nord)'';
+    # FIXME: doesn't seem to work on NixOS? LS_COLORS gets overwritten somehow
+    programs.zsh.profileExtra = ''export LS_COLORS="$(vivid generate nord)"'';
  };
 }
--- a/hosts/aragorn/default.nix
+++ b/hosts/aragorn/default.nix
@ -75,9 +75,8 @@
  security.sudo.execWheelOnly = true;

  # Not as horrifying as SELinux, and way less effective
-  # (doesn't seem to work yet: https://github.com/NixOS/nixpkgs/issues/273164)
-  # security.apparmor.enable = true;
-  # services.dbus.apparmor = "enabled";
+  security.apparmor.enable = true;
+  services.dbus.apparmor = "enabled";

  # DNS-over-TLS out of the box. Yay.
  services.resolved =
@ -270,8 +269,10 @@
  # Set your time zone.
  time.timeZone = "Asia/Ho_Chi_Minh";

-  # Make nixos-rebuild happy
-  nix.nixPath = [ "nixos-config=${./default.nix}" ];
+  # TODO: fix this as `nixos-rebuild list-generations` still produces error output (due to the imports above)
+  # Original error: nixos-config no such file or directory.
+  # Maybe system.copySystemConfiguration or config.system.nixos-generate-config could help?
+  # nix.nixPath = [ "nixos-config=${./default.nix}" ];

  # Only allow specific users to use Nix
  nix.settings.allowed-users = [ "@wheel" ];
--- a/hosts/aragorn/users/default.nix
+++ b/hosts/aragorn/users/default.nix
@ -45,7 +45,7 @@ lib.mkMerge [
    environment.systemPackages = with pkgs; [
      libreoffice-qt
      (hunspellWithDicts (with hunspellDicts; [ en_US-large ru_RU ]))
-      kdePackages.audiotube
+      kdePackages.audiotube # FIXME: currently broken
      obs-studio
    ];

--- a/hosts/aragorn/users/follie.nix
+++ b/hosts/aragorn/users/follie.nix
@ -5,6 +5,7 @@
    ansible-lint
    apptainer
    asciidoctor-with-extensions
+    bazel-buildtools
    biome
    buf
    cargo
@ -49,6 +50,8 @@
    nvme-cli
    okteta
    onefetch
+    opam
+    open-policy-agent
    podman
    procs
    psmisc
--- a/nixos/default.nix
+++ b/nixos/default.nix
@ -20,6 +20,4 @@
    dates = "weekly";
    persistent = true;
  };
-
-  nix.nixPath = [ "nixos-config=/etc/nixos/configuration.nix" ];
 }