diff --git a/nixcfgs/hardening/nixpaks/default.nix b/nixcfgs/hardening/nixpaks/default.nix index 77e9ff2..6abc9b1 100644 --- a/nixcfgs/hardening/nixpaks/default.nix +++ b/nixcfgs/hardening/nixpaks/default.nix @@ -18,6 +18,7 @@ in { nixpaks = { qq = callNixPak ./qq.nix; termius = callNixPak ./termius.nix; + zoom-us = callNixPak ./zoom-us.nix; }; }) ]; diff --git a/nixcfgs/hardening/nixpaks/modules/common.nix b/nixcfgs/hardening/nixpaks/modules/common.nix index 721e5ec..cab12fe 100644 --- a/nixcfgs/hardening/nixpaks/modules/common.nix +++ b/nixcfgs/hardening/nixpaks/modules/common.nix @@ -186,7 +186,7 @@ in { bubblewrap = { network = lib.mkDefault true; sockets = { - # do not force wayland + wayland = true; pulse = true; }; diff --git a/nixcfgs/hardening/nixpaks/qq.nix b/nixcfgs/hardening/nixpaks/qq.nix index b419ca2..684e102 100644 --- a/nixcfgs/hardening/nixpaks/qq.nix +++ b/nixcfgs/hardening/nixpaks/qq.nix @@ -42,20 +42,22 @@ bubblewrap = { bind.rw = [ - sloth.xdgDocumentsDir - sloth.xdgDownloadDir - sloth.xdgMusicDir - sloth.xdgVideosDir - sloth.xdgPicturesDir + [ + (sloth.concat' sloth.homeDir "/.sandbox/downloads") + sloth.xdgDownloadDir + ] + [ + (sloth.concat' sloth.homeDir "/.sandbox/exchange") + (sloth.concat' sloth.homeDir "/Shared") + ] ]; bind.ro = [ "${pkgs.libx11}/lib" "${pkgs.libxcb}/lib" "${pkgs.krb5.lib}/lib" "${pkgs.stdenv.cc.cc.lib}/lib" - # "${pkgs.fcitx5-gtk}/lib" - # "${pkgs.kdePackages.fcitx5-qt}/lib" - # (sloth.envOr "XAUTHORITY" (sloth.concat' sloth.runtimeDir "/.Xauthority")) + (sloth.concat' + sloth.xdgPicturesDir "/Screenshots") ]; sockets = { x11 = false; diff --git a/nixcfgs/hardening/nixpaks/termius.nix b/nixcfgs/hardening/nixpaks/termius.nix index 9ce618c..3acf988 100644 --- a/nixcfgs/hardening/nixpaks/termius.nix +++ b/nixcfgs/hardening/nixpaks/termius.nix @@ -16,7 +16,7 @@ paths = with pkgs; [ termius libglvnd - mesa.drivers + mesa stdenv.cc.cc.lib ]; }; @@ -32,15 +32,19 @@ bubblewrap = { bind.rw = [ - sloth.xdgDocumentsDir - sloth.xdgDownloadDir - sloth.xdgMusicDir - sloth.xdgVideosDir - sloth.xdgPicturesDir + [ + (sloth.concat' sloth.homeDir "/.sandbox/downloads") + sloth.xdgDownloadDir + ] + [ + (sloth.concat' sloth.homeDir "/.sandbox/exchange") + (sloth.concat' sloth.homeDir "/Shared") + ] + (sloth.concat' sloth.homeDir "/Public") ]; bind.ro = [ "${pkgs.libglvnd}/lib" - "${pkgs.mesa.drivers}/lib" + "${pkgs.mesa}/lib" "${pkgs.stdenv.cc.cc.lib}/lib" "/etc/passwd" "/etc/group" @@ -52,8 +56,8 @@ pipewire = true; }; env = { - LD_LIBRARY_PATH = "${pkgs.libglvnd}/lib:${pkgs.mesa.drivers}/lib:${pkgs.stdenv.cc.cc.lib}/lib"; - LIBGL_DRIVERS_PATH = "${pkgs.mesa.drivers}/lib/dri"; + LD_LIBRARY_PATH = "${pkgs.libglvnd}/lib:${pkgs.mesa}/lib:${pkgs.stdenv.cc.cc.lib}/lib"; + LIBGL_DRIVERS_PATH = "${pkgs.mesa}/lib/dri"; }; }; }; diff --git a/nixcfgs/hardening/nixpaks/zoom-us.nix b/nixcfgs/hardening/nixpaks/zoom-us.nix new file mode 100644 index 0000000..347c79c --- /dev/null +++ b/nixcfgs/hardening/nixpaks/zoom-us.nix @@ -0,0 +1,93 @@ +# FIXME: Cursor & CEF not working. +{ + lib, + pkgs, + mkNixPak, + buildEnv, + makeDesktopItem, + ... +}: let + appId = "us.zoom.Zoom"; + + wrapped = mkNixPak { + config = {sloth, ...}: { + app = { + package = buildEnv { + name = "nixpak-zoom"; + paths = with pkgs; [ + zoom-us + ]; + }; + binPath = "bin/zoom"; + }; + flatpak.appId = appId; + + imports = [ + ./modules/gui-base.nix + ./modules/network.nix + ./modules/common.nix + ]; + + bubblewrap = { + bind.rw = [ + [ + (sloth.concat' sloth.homeDir "/.sandbox/downloads") + sloth.xdgDownloadDir + ] + [ + (sloth.concat' sloth.homeDir "/.sandbox/exchange") + (sloth.concat' sloth.homeDir "/Shared") + ] + (sloth.concat' sloth.homeDir "/Public") + ]; + bind.ro = [ + ]; + sockets = { + x11 = false; + wayland = true; + pipewire = true; + }; + env = { + # LD_LIBRARY_PATH = + }; + }; + }; + }; + exePath = lib.getExe wrapped.config.script; +in + buildEnv { + inherit (wrapped.config.script) name meta passthru; + paths = [ + wrapped.config.script + (makeDesktopItem { + name = appId; + desktopName = "Zoom Workplace"; + genericName = "Zoom Video Conference"; + comment = "Zoom Video Conference"; + exec = "${exePath} %U"; + terminal = false; + icon = "${pkgs.zoom-us}/share/pixmaps/Zoom.png"; + startupNotify = true; + startupWMClass = "zoom"; + type = "Application"; + categories = [ + "Network" + "Application" + ]; + mimeTypes = [ + "x-scheme-handler/zoommtg" + "x-scheme-handler/zoomus" + "x-scheme-handler/tel" + "x-scheme-handler/callto" + "x-scheme-handler/zoomphonecall" + "x-scheme-handler/zoomphonesms" + "x-scheme-handler/zoomcontactcentercall" + "application/x-zoom" + ]; + extraConfig = { + X-Flatpak = appId; + X-KDE-Protocols = "zoommtg;zoomus;tel;callto;zoomphonecall;zoomphonesms;zoomcontactcentercall;"; + }; + }) + ]; + } diff --git a/nixcfgs/users/js0ny/packages/cli.nix b/nixcfgs/users/js0ny/packages/cli.nix index d97f31a..f28e1c2 100644 --- a/nixcfgs/users/js0ny/packages/cli.nix +++ b/nixcfgs/users/js0ny/packages/cli.nix @@ -93,5 +93,6 @@ home.sessionVariables = { PASSWORD_STORE_DIR = "${config.xdg.dataHome}/password-store"; + CODEX_HOME = "${config.xdg.configHome}/codex"; }; } diff --git a/nixcfgs/users/js0ny/packages/flatpak.nix b/nixcfgs/users/js0ny/packages/flatpak.nix index 0037dea..564b9ff 100644 --- a/nixcfgs/users/js0ny/packages/flatpak.nix +++ b/nixcfgs/users/js0ny/packages/flatpak.nix @@ -33,22 +33,8 @@ in { } ]; services.flatpak.packages = [ - # { appId = "com.google.Chrome"; origin = "flathub" } - # "com.google.Chrome" - # "com.valvesoftware.Steam" - # "com.qq.QQ" - "com.tencent.WeChat" - # "eu.betterbird.Betterbird" "com.baidu.NetDisk" - # "com.discordapp.Discord" - "com.google.EarthPro" "com.wps.Office" - # "md.obsidian.Obsidian" - # "app.zen_browser.zen" - # "com.vivaldi.Vivaldi" - # "com.getpostman.Postman" - "us.zoom.Zoom" - # "com.ticktick.TickTick" # cannot run on wayland under flatpak ]; services.flatpak.overrides = { global = { diff --git a/nixcfgs/users/js0ny/programs/productivity/zoom-us.nix b/nixcfgs/users/js0ny/programs/productivity/zoom-us.nix new file mode 100644 index 0000000..c49d61f --- /dev/null +++ b/nixcfgs/users/js0ny/programs/productivity/zoom-us.nix @@ -0,0 +1,30 @@ +{ + pkgs, + lib, + config, + ... +}: let + mergetools = + import ../../../../modules/lib/mergetools.nix + {inherit pkgs lib config;}; + mkMergedIni = mergetools.mkMergedIni; + # https://wiki.archlinux.org/title/Zoom_Meetings#Running_on_Wayland_without_Xwayland + zoomUsConfig = mkMergedIni { + name = "zoomusConfig"; + target = "${config.home.homeDirectory}/.var/app/us.zoom.Zoom/config/zoomus.conf"; + settings = { + General = { + xwayland = false; + }; + }; + }; +in { + imports = [ + zoomUsConfig + ../../../../hardening/nixpaks + ]; + + home.packages = with pkgs; [ + nixpaks.zoom-us + ]; +} diff --git a/nixcfgs/users/js0ny/zephyrus.nix b/nixcfgs/users/js0ny/zephyrus.nix index 20e5e3a..c9b5c77 100644 --- a/nixcfgs/users/js0ny/zephyrus.nix +++ b/nixcfgs/users/js0ny/zephyrus.nix @@ -68,6 +68,7 @@ in { ./programs/productivity/sdcv.nix ./programs/productivity/sioyek ./programs/productivity/thunderbird.nix + ./programs/productivity/zoom-us.nix # Social ./programs/social/discord.nix