update syncthing id

flake.nix

@@ -99,6 +99,7 @@
             vars = import ./systems/userdata-default.nix
               // import ./systems/laptop/userdata.nix;
             pkgsVersion = nixpkgs-unstable;
+            home-manager-version = home-manager-unstable;
             inherit nix-colors;
           };
           modules = [

modules/collections/laptop.nix

@@ -12,7 +12,10 @@
       ld.enable = true;
       settings.enable = true;
     };
-    misc = { podman.enable = true; };
+    misc = {
+      podman.enable = true;
+      firejail.enable = true;
+    };
     hardware = {
       firmware.enable = true;
       ssd.enable = true;
@@ -34,4 +37,9 @@
       shared.enable = true;
     };
   };
+  programs.firejail.wrappedBinaries = with pkgs;
+    let inherit (config.custom.misc.firejail) mk;
+    in lib.mkMerge [
+      (mk "Discord" { pkg = discord; })
+    ];
 }

modules/misc/default.nix

@@ -4,6 +4,7 @@
     ./packages-list.nix
     ./backup.nix
     ./btrfs.nix
+    ./firejail.nix
     ./cli-tools.nix
     ./docker.nix
     ./nftables.nix

modules/misc/firejail.nix

@@ -0,0 +1,28 @@
+{ lib, config, pkgs, ... }:
+
+let cfg = config.custom.misc.firejail;
+in {
+  options.custom.misc.firejail = {
+    enable = lib.mkEnableOption "Enables firejail";
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.firejail;
+      description = "Firejail package used";
+      readOnly = true; # is a constant from the upstream NixOS module for now
+    };
+    mk = lib.mkOption {
+      readOnly = true;
+      description = "Utility function to make a wrappedBinaries entry";
+      default = name:
+        { pkg, profile ? name, bin ? name }: {
+          ${bin} = {
+            executable = "${lib.getBin pkg}/bin/${bin}";
+            profile =
+              "${config.custom.misc.firejail.package}/etc/firejail/${profile}.profile";
+          };
+        };
+    };
+  };
+
+  config = lib.mkIf cfg.enable { programs.firejail.enable = true; };
+}

modules/services/syncthing.nix

@@ -1,12 +1,9 @@
 { config, pkgs, lib, ... }:
-let
+let basePath = "/synced";
-  basePath = "/synced";
+in {
-in 
+  systemd.tmpfiles.rules =
-{
+    [ "d ${basePath} 0700 ${config.mainUser.name} users -" ];
-  systemd.tmpfiles.rules = [
+
-      "d ${basePath} 0700 ${config.mainUser.name} users -"
-  ];
-  
   # check device id: syncthing cli --gui-address=/synced/gui-socket --gui-apikey=<key> show system
   environment.systemPackages = with pkgs; [ syncthing ];
 
@@ -27,46 +24,56 @@ in
 
       devices = {
         kop-pc = {
-          id = "DZKIUS7-WCGTYEV-4OKVSZU-MIVL2NC-N45AKZL-ABT3VN2-I7RXUMF-RF4CYAU";
+          id =
+            "DZKIUS7-WCGTYEV-4OKVSZU-MIVL2NC-N45AKZL-ABT3VN2-I7RXUMF-RF4CYAU";
           addresses = [ "tcp://192.168.0.11" ];
         };
         server = {
-          id = "HZUUQEQ-JOKYHTU-AVFVC3U-7KUAXVC-QY3OJTF-HGU7RZ3-5HA5TOE-VT4FNQB";
+          id =
+            "HZUUQEQ-JOKYHTU-AVFVC3U-7KUAXVC-QY3OJTF-HGU7RZ3-5HA5TOE-VT4FNQB";
           addresses = [ "tcp://192.168.0.6" "tcp://192.168.2.1" ];
         };
         mini-pc = {
-          id = "NKRWOR6-2YNLVY5-GH6TG7T-V3M4VHD-OFS4XR3-Q45CALD-JVSIBKU-JZBGRQ3";
+          id =
+            "NKRWOR6-2YNLVY5-GH6TG7T-V3M4VHD-OFS4XR3-Q45CALD-JVSIBKU-JZBGRQ3";
+          addresses = [ "tcp://192.168.0.10" "tcp://192.168.2.1" ];
+        };
+        mini-pc-proxmox = {
+          id =
+            "FK3DW4B-6Y7C25O-IDBSOMV-GOUSWZW-KQR7ELS-QUKS4UR-AFZXLZE-67QJXAX";
           addresses = [ "tcp://192.168.0.10" "tcp://192.168.2.1" ];
         };
         laptop = {
-          id = "5T6Y3WO-FOQYYFQ-5MLNDSZ-7APIDUG-6KM2ZZM-RTRXMWX-MCZKLMH-BYNDJAQ";
+          id =
+            "5T6Y3WO-FOQYYFQ-5MLNDSZ-7APIDUG-6KM2ZZM-RTRXMWX-MCZKLMH-BYNDJAQ";
           addresses = [ "tcp://192.168.2.22" ];
         };
         phone = {
-          id = "XFQ7MV6-MKBYQXH-WGYVQUB-BYJJPFJ-HJTNZEP-PXWAMYY-DMADWSU-PQOTVAI";
+          id =
+            "XFQ7MV6-MKBYQXH-WGYVQUB-BYJJPFJ-HJTNZEP-PXWAMYY-DMADWSU-PQOTVAI";
           addresses = [ "tcp://192.168.0.15" "tcp://192.168.2.20" ];
         };
       };
-
       folders."${basePath}/default" = {
         id = "default";
-        devices = [ "kop-pc" "server" "laptop" "mini-pc" "phone" ];
+        devices =
+          [ "kop-pc" "server" "laptop" "mini-pc" "mini-pc-proxmox" "phone" ];
         ignorePerms = false;
       };
 
       folders."${basePath}/books" = {
         id = "books";
-        devices = [ "kop-pc" "server" "laptop" "mini-pc" ];
+        devices = [ "kop-pc" "server" "laptop" "mini-pc" "mini-pc-proxmox" ];
       };
 
       folders."${basePath}/fh" = {
         id = "fh";
-        devices = [ "kop-pc" "server" "laptop" "mini-pc" ];
+        devices = [ "kop-pc" "server" "laptop" "mini-pc" "mini-pc-proxmox" ];
       };
 
       folders."${basePath}/work_drive" = {
         id = "work_drive";
-        devices = [ "kop-pc" "server" "laptop" "mini-pc" ];
+        devices = [ "kop-pc" "server" "laptop" "mini-pc" "mini-pc-proxmox" ];
       };
     };
   };

pkgs/test-docker.nix

@@ -0,0 +1,9 @@
+{ dockerTools, hello }:
+dockerTools.buildLayeredImage {
+  name = "hello";
+  tag = "latest";
+
+  contents = [ hello ];
+
+  config.Cmd = [ "/bin/hello" ];
+}

systems/laptop/configuration.nix

@@ -10,6 +10,8 @@
 	#<home-manager/nixos>
     ];
 
+
+  nixpkgs.config.permittedInsecurePackages = [ "electron-27.3.11" ];
   services.blueman.enable = true;
 
   hardware.bluetooth.enable = true; # enables support for Bluetooth

users/kopatz/default.nix

@@ -24,7 +24,7 @@
     shell = pkgs.zsh;
     extraGroups = [ "networkmanager" "wheel" "docker" ];
     packages = with pkgs; [
-      discord
+      #discord
       brave
     ];
     openssh.authorizedKeys.keys = [ config.mainUser.sshKey ];