mirrors/nix-darwin
mirrors/nix-darwin
1
0
Fork 0
mirror of https://github.com/LnL7/nix-darwin.git synced 2025-03-30 19:54:43 +00:00
Code Activity

lnl: update fetch-nixpkgs

Browse source
This commit is contained in:
Daiderd Jordan 2020-05-30 13:35:44 +02:00
parent 0ab3fab8b7
commit 3d20a28b33
No known key found for this signature in database
GPG key ID: D02435D05B810C96
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
modules/examples/lnl.nix
View file

@ -67,11 +67,11 @@
services.skhd.enable = true;
security.sandbox.profiles.fetch-nixpkgs-updates.closure = [ pkgs.cacert pkgs.git ];
security.sandbox.profiles.fetch-nixpkgs-updates.writablePaths = [ "/src/nixpkgs" ];
security.sandbox.profiles.fetch-nixpkgs-updates.writablePaths = [ (toString <nixpkgs-trunk>) ];
security.sandbox.profiles.fetch-nixpkgs-updates.allowNetworking = true;
launchd.user.agents.fetch-nixpkgs-updates = {
command = "/usr/bin/sandbox-exec -f ${config.security.sandbox.profiles.fetch-nixpkgs-updates.profile} ${pkgs.git}/bin/git -C /src/nixpkgs fetch origin master";
command = "/usr/bin/sandbox-exec -f ${config.security.sandbox.profiles.fetch-nixpkgs-updates.profile} ${pkgs.git}/bin/git -C ${toString <nixpkgs-trunk>} fetch origin master";
environment.HOME = "";
environment.NIX_SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
serviceConfig.KeepAlive = false;
@ -140,6 +140,10 @@
(allow file-write*
(subpath "/nix/var/nix/gcroots/per-user")
(subpath "/nix/var/nix/profiles/per-user"))
(allow process-exec
(literal "/bin/ps")
(with no-sandbox))
'';
# programs.vim.enable = true;