diff options
| author | Daiderd Jordan <daiderd@gmail.com> | 2020-05-30 13:35:44 +0200 |
|---|---|---|
| committer | Daiderd Jordan <daiderd@gmail.com> | 2020-05-30 14:38:33 +0200 |
| commit | 3d20a28b33861d11995d02d6c58032da6ebc74dd (patch) | |
| tree | 7d5410d7f98eae35da76133f1b66f0d9391de493 /modules | |
| parent | 0ab3fab8b792e10ac9f248e5f9a6e93823c5b1a6 (diff) | |
lnl: update fetch-nixpkgs
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/examples/lnl.nix | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/modules/examples/lnl.nix b/modules/examples/lnl.nix index 5ca0ad0..0257afb 100644 --- a/modules/examples/lnl.nix +++ b/modules/examples/lnl.nix @@ -67,11 +67,11 @@ services.skhd.enable = true; security.sandbox.profiles.fetch-nixpkgs-updates.closure = [ pkgs.cacert pkgs.git ]; - security.sandbox.profiles.fetch-nixpkgs-updates.writablePaths = [ "/src/nixpkgs" ]; + security.sandbox.profiles.fetch-nixpkgs-updates.writablePaths = [ (toString <nixpkgs-trunk>) ]; security.sandbox.profiles.fetch-nixpkgs-updates.allowNetworking = true; launchd.user.agents.fetch-nixpkgs-updates = { - command = "/usr/bin/sandbox-exec -f ${config.security.sandbox.profiles.fetch-nixpkgs-updates.profile} ${pkgs.git}/bin/git -C /src/nixpkgs fetch origin master"; + command = "/usr/bin/sandbox-exec -f ${config.security.sandbox.profiles.fetch-nixpkgs-updates.profile} ${pkgs.git}/bin/git -C ${toString <nixpkgs-trunk>} fetch origin master"; environment.HOME = ""; environment.NIX_SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; serviceConfig.KeepAlive = false; @@ -140,6 +140,10 @@ (allow file-write* (subpath "/nix/var/nix/gcroots/per-user") (subpath "/nix/var/nix/profiles/per-user")) + + (allow process-exec + (literal "/bin/ps") + (with no-sandbox)) ''; # programs.vim.enable = true; |