nyancat/flake
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nixos/overlays: add tailscale hardening

Browse source
This commit is contained in:
Guanran Wang 2024-05-01 08:18:54 +08:00
parent 68f3d1e340
commit 59e634a071
Signed by: nyancat
GPG key ID: 91F97D9ED12639CF
6 changed files with 36 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
nixos/profiles/common/core/default.nix
View file

@ -23,9 +23,7 @@
]; ];
nixpkgs.overlays = [ nixpkgs.overlays = [
inputs.self.overlays.nautilus inputs.self.overlays.patches
inputs.self.overlays.prismlauncher
inputs.self.overlays.sway
]; ];
### home-manager ### home-manager

9
overlays/default.nix
View file

@ -4,7 +4,10 @@ let
patches = (old.patches or []) ++ patches; patches = (old.patches or []) ++ patches;
}); });
in { in {
nautilus = import ./nautilus.nix {inherit addPatches;}; patches = _final: prev:
prismlauncher = import ./prismlauncher.nix {inherit addPatches;}; {}
sway = import ./sway.nix {inherit addPatches;}; // import ./nautilus.nix {inherit addPatches prev;}
// import ./prismlauncher.nix {inherit addPatches prev;}
// import ./sway.nix {inherit addPatches prev;}
// import ./tailscale.nix {inherit addPatches prev;};
} }

6
overlays/nautilus.nix
View file

@ -1,4 +1,8 @@
{addPatches, ...}: _final: prev: { {
addPatches,
prev,
...
}: {
gnome = gnome =
prev.gnome prev.gnome
// { // {

6
overlays/prismlauncher.nix
View file

@ -1,4 +1,8 @@
{addPatches, ...}: _final: prev: { {
addPatches,
prev,
...
}: {
prismlauncher = addPatches prev.prismlauncher [ prismlauncher = addPatches prev.prismlauncher [
# Offline mode for Prism Launcher # Offline mode for Prism Launcher
# https://github.com/Misterio77/nix-config/blob/main/overlays/offline-mode-prism-launcher.diff # https://github.com/Misterio77/nix-config/blob/main/overlays/offline-mode-prism-launcher.diff

6
overlays/sway.nix
View file

@ -1,4 +1,8 @@
{addPatches, ...}: _final: prev: { {
addPatches,
prev,
...
}: {
sway-unwrapped = addPatches prev.sway-unwrapped [ sway-unwrapped = addPatches prev.sway-unwrapped [
# text_input: Implement input-method popups # text_input: Implement input-method popups
# https://github.com/swaywm/sway/pull/7226 # https://github.com/swaywm/sway/pull/7226

14
overlays/tailscale.nix Normal file
View file

@ -0,0 +1,14 @@
{
addPatches,
prev,
...
}: {
tailscale = addPatches prev.tailscale [
# Reverts "cmd/tailscaled/tailscaled.service: revert recent hardening"
(prev.fetchpatch {
url = "https://github.com/tailscale/tailscale/commit/2889fabaefc50040507ead652d6d2b212f476c2b.patch";
hash = "sha256-DPBrv7kjSVXhmptUGGzOkaP4iXi/Bym3lvqy4otL9HE=";
revert = true;
})
];
}