From 3d20a28b33861d11995d02d6c58032da6ebc74dd Mon Sep 17 00:00:00 2001
From: Daiderd Jordan <daiderd@gmail.com>
Date: Sat, 30 May 2020 13:35:44 +0200
Subject: [PATCH] lnl: update fetch-nixpkgs

---
 modules/examples/lnl.nix | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/modules/examples/lnl.nix b/modules/examples/lnl.nix
index 5ca0ad09..0257afb9 100644
--- a/modules/examples/lnl.nix
+++ b/modules/examples/lnl.nix
@@ -67,11 +67,11 @@
   services.skhd.enable = true;
 
   security.sandbox.profiles.fetch-nixpkgs-updates.closure = [ pkgs.cacert pkgs.git ];
-  security.sandbox.profiles.fetch-nixpkgs-updates.writablePaths = [ "/src/nixpkgs" ];
+  security.sandbox.profiles.fetch-nixpkgs-updates.writablePaths = [ (toString <nixpkgs-trunk>) ];
   security.sandbox.profiles.fetch-nixpkgs-updates.allowNetworking = true;
 
   launchd.user.agents.fetch-nixpkgs-updates = {
-    command = "/usr/bin/sandbox-exec -f ${config.security.sandbox.profiles.fetch-nixpkgs-updates.profile} ${pkgs.git}/bin/git -C /src/nixpkgs fetch origin master";
+    command = "/usr/bin/sandbox-exec -f ${config.security.sandbox.profiles.fetch-nixpkgs-updates.profile} ${pkgs.git}/bin/git -C ${toString <nixpkgs-trunk>} fetch origin master";
     environment.HOME = "";
     environment.NIX_SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
     serviceConfig.KeepAlive = false;
@@ -140,6 +140,10 @@
     (allow file-write*
            (subpath "/nix/var/nix/gcroots/per-user")
            (subpath "/nix/var/nix/profiles/per-user"))
+
+    (allow process-exec
+          (literal "/bin/ps")
+          (with no-sandbox))
   '';
 
   # programs.vim.enable = true;