flake update

fix: reintroduce firejail
2026-01-04 00:26:00 +02:00 · 2026-01-03 23:51:54 +02:00 · 2026-01-03 23:49:19 +02:00
6 changed files with 102 additions and 21 deletions
--- a/config/nvim/init.lua
+++ b/config/nvim/init.lua
@ -84,8 +84,10 @@ cmp.setup({

 local capabilities = require("cmp_nvim_lsp").default_capabilities()

-vim.lsp.enable("rust_analyzer")
-vim.lsp.enable("pylsp")
-vim.lsp.enable("biome")
-vim.lsp.enable("eslint")
-vim.lsp.enable("ccls")
+local lspconfig = require('lspconfig')
+local servers = { "rust_analyzer", "pylsp", "biome", "eslint", "ccls" }
+for _, lsp in ipairs(servers) do
+  lspconfig[lsp].setup({
+    capabilities = capabilities,
+  })
+end
--- a/configuration.nix
+++ b/configuration.nix
@ -2,7 +2,7 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).

-{ config, pkgs, lib, inputs, ... }:
+{ config, pkgs, pkgs-stable, lib, inputs, ... }:

 {

@ -88,7 +88,62 @@
  ];

  # Firejail
-  # TODO: add this back
+  programs.firejail = {
+    enable = true;
+    wrappedBinaries = {
+      vesktop = {
+        executable = "${pkgs-stable.vesktop}/bin/vesktop";
+        profile = "${pkgs.firejail}/etc/firejail/vesktop.profile";
+        extraArgs = [
+          "--ignore=dbus-system"
+          "--ignore=nodbus"
+
+          "--dbus-user.talk=org.freedesktop.Notifications"
+          "--dbus-user.talk=org.kde.StatusNotifierWatcher"
+          
+          "--dbus-user.talk=org.freedesktop.portal.Desktop"
+          "--dbus-user.talk=org.freedesktop.portal.ScreenCast"
+          "--dbus-user.talk=org.freedesktop.portal.Documents"
+          
+          "--noblacklist=/run/user/[0-9]*/discord-ipc-*"
+          "--whitelist=/run/user/[0-9]*/discord-ipc-*"
+
+          "--env=GTK_THEME=Adwaita:dark"
+          "--noblacklist=~/Pictures"
+          "--noblacklist=~/Documents"
+          "--whitelist=~/Pictures"
+          "--whitelist=~/Documents"
+        ];
+      };
+      firefox = {
+        executable = "${pkgs.firefox}/bin/firefox";
+        profile = "${pkgs.firejail}/etc/firejail/firefox.profile";
+        extraArgs = [
+          "--env=GTK_THEME=Adwaita:dark"
+        ];
+      };
+      signal-desktop-bin = {
+        executable = "${pkgs.signal-desktop-bin}/bin/signal-desktop";
+        profile = "${pkgs.firejail}/etc/firejail/signal-desktop.profile";
+        extraArgs = [
+          "--env=GTK_THEME=Adwaita:dark"
+          "--noblacklist=~/Pictures"
+          "--noblacklist=~/Documents"
+          "--whitelist=~/Pictures"
+          "--whitelist=~/Documents"
+          "--dbus-user.talk=org.freedesktop.Notifications"
+          "--dbus-user.talk=org.kde.StatusNotifierWatcher"
+        ];
+      };
+      obsidian = {
+        executable = "${pkgs.obsidian}/bin/obsidian";
+        profile = "${pkgs.firejail}/etc/firejail/obsidian.profile";
+        extraArgs = [
+          "--env=GTK_THEME=Adwaita:dark"
+        ];
+      };
+    };
+  };

  # Enable the KDE Plasma Desktop Environment.
  # I keep this enabled even if I main Hyprland because of QT.
--- a/flake.lock
+++ b/flake.lock
@ -27,11 +27,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1761266473,
-        "narHash": "sha256-QxCyKWBmuzI+eMhYV1JmbZsiUnBNATRP1EW34OBt5Vg=",
+        "lastModified": 1767437240,
+        "narHash": "sha256-OA0dBHhccdupFXp+/eaFfb8K1dQxk61in4aF5ITGVX8=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "5c71d4a730bd3c972befff343bb074421e345937",
+        "rev": "1cfa305fba94468f665de1bd1b62dddf2e0cb012",
        "type": "github"
      },
      "original": {
@ -57,11 +57,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1762463231,
-        "narHash": "sha256-hv1mG5j5PTbnWbtHHomzTus77pIxsc4x8VrMjc7+/YE=",
+        "lastModified": 1767185284,
+        "narHash": "sha256-ljDBUDpD1Cg5n3mJI81Hz5qeZAwCGxon4kQW3Ho3+6Q=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "52113c4f5cfd1e823001310e56d9c8d0699a6226",
+        "rev": "40b1a28dce561bea34858287fbb23052c3ee63fe",
        "type": "github"
      },
      "original": {
@ -72,11 +72,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1761114652,
-        "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=",
+        "lastModified": 1767379071,
+        "narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c",
+        "rev": "fb7944c166a3b630f177938e478f0378e64ce108",
        "type": "github"
      },
      "original": {
@ -86,13 +86,30 @@
        "type": "github"
      }
    },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1767325753,
+        "narHash": "sha256-yA/CuWyqm+AQo2ivGy6PlYrjZBQm7jfbe461+4HF2fo=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "64049ca74d63e971b627b5f3178d95642e61cedd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-25.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
    "root": {
      "inputs": {
        "disko": "disko",
        "home-manager": "home-manager",
        "impermanence": "impermanence",
        "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs",
+        "nixpkgs-stable": "nixpkgs-stable"
      }
    }
  },
--- a/flake.nix
+++ b/flake.nix
@ -4,6 +4,7 @@

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable/";
+    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11";
    nixos-hardware.url = "github:NixOS/nixos-hardware/";
    
    disko.url = "github:nix-community/disko";
@ -16,7 +17,7 @@
  };

  outputs =
-    { self, nixpkgs, home-manager, impermanence, disko, ... } @ inputs:
+    { self, nixpkgs, nixpkgs-stable, home-manager, impermanence, disko, ... } @ inputs:
    let
      system = "x86_64-linux";
      username = "xory";
@ -26,7 +27,13 @@
      mkNixosHost = hostName:
        nixpkgs.lib.nixosSystem {
          inherit system;
-          specialArgs = { inherit inputs; };
+          specialArgs = { 
+            inherit inputs;
+            pkgs-stable = import nixpkgs-stable {
+              system = "x86_64-linux";
+              config.allowUnfree = true;
+            };
+          };
          modules = [
            { nixpkgs.overlays = [ opentrack-overlay ]; }

--- a/hosts/nullstar/config.nix
+++ b/hosts/nullstar/config.nix
@ -22,7 +22,7 @@
    rocmPackages.clr.icd
  ];

-  services.ollama.acceleration = "rocm";
+  services.ollama.package = pkgs.ollama-rocm;

  environment.systemPackages = with pkgs; [
     framework-tool
--- a/hosts/voidspear/config.nix
+++ b/hosts/voidspear/config.nix
@ -24,5 +24,5 @@
  };
  boot.blacklistedKernelModules = [ "nouveau" ];

-  services.ollama.acceleration = "cuda";
+  services.ollama.package = pkgs.ollama-cuda;
 }
Author	SHA1	Message	Date
Xory	37d83dd90f	flake update	2026-01-04 00:26:00 +02:00
Xory	e209e98b4b	flake update	2026-01-03 23:51:54 +02:00
Xory	a67898ceab	fix: reintroduce firejail	2026-01-03 23:49:19 +02:00