mimir: Enable AppArmor

machines/mimir/configuration.nix

@@ -1,7 +1,3 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
 { nixos-hardware, microvm, nix-ld-rs, ... }:
 { pkgs, config, ... }:
 {
@@ -11,12 +7,9 @@
       nixos-hardware.nixosModules.common-cpu-amd
       nixos-hardware.nixosModules.common-cpu-amd-pstate
       nixos-hardware.nixosModules.common-pc-ssd
-      # "${nomachine}/nixos/modules/services/admin/nomachine.nix"
 
       microvm.nixosModules.host
 
-      # ./outline.nix
-
       ../../users/erwin
       ../../users/root
     ];
@@ -173,6 +166,8 @@
     networkmanager.enable = false;
     useNetworkd = true;
 
+    nftables.enable = true;
+
     firewall = {
       trustedInterfaces = [ "lo" "tailscale0" ];
 
@@ -208,6 +203,10 @@
   security = {
     sudo.enable = false;
     sudo-rs.enable = true;
+
+    apparmor = {
+      enable = true;
+    };
   };
 
   systemd.network = {

modules/kanata/default.nix

@@ -27,7 +27,7 @@ in
               tab  q    w    e    r    t    y    u    i    o    p    [    ]    \    del   end  pgdn  kp7  kp8  kp9    kp+
               caps a    s    d    f    g    h    j    k    l    ;    '    ret                        kp4  kp5  kp6
               lshift z    x    c    v    b    n    m    ,    .    /    rshift             up         kp1  kp2  kp3    kprt
-              lctrl lmeta lalt           spc            ralt rmeta  rctrl           lft  down  rght  kp0       kp.)
+              lctrl lmeta lalt           spc             rmeta  rctrl           lft  down  rght  kp0       kp.)
 
             (deflayer colemak
               esc     f1 f2 f3 f4           f5 f6 f7 f8       f9 f10 f11 f12        prtsc @qwe pp  calc mute voldwn volu
@@ -35,7 +35,7 @@ in
               tab  q    w    f    p    g    j    l    u    y    ;    [    ]    \    del   end  pgdn  kp7  kp8  kp9    kp+
               @cap a    r    s    t    d    h    n    e    i    o    '    ret                        kp4  kp5  kp6
               lshift z    x    c    v    b    k    m    ,    .    /    rshift             up         kp1  kp2  kp3    kprt
-              lctrl lmeta lalt           spc            ralt rmeta  rctrl           lft  down  rght  kp0       kp.)
+              lctrl lmeta lalt           spc             rmeta  rctrl           lft  down  rght  kp0       kp.)
 
             (deflayer qwerty
               esc     f1 f2 f3 f4           f5 f6 f7 f8       f9 f10 f11 f12        prtsc @col pp  calc mute voldwn volu
@@ -43,7 +43,7 @@ in
               tab  q    w    e    r    t    y    u    i    o    p    [    ]    \    del   end  pgdn  kp7  kp8  kp9    kp+
               @cap a    s    d    f    g    h    j    k    l    ;    '    ret                        kp4  kp5  kp6
               lshift z    x    c    v    b    n    m    ,    .    /    rshift             up         kp1  kp2  kp3    kprt
-              lctrl lmeta lalt           spc            ralt rmeta  rctrl           lft  down  rght  kp0       kp.)
+              lctrl lmeta lalt           spc             rmeta  rctrl           lft  down  rght  kp0       kp.)
 
             (defalias
               cap (tap-hold 100 100 bspc lctrl)

modules/networking/default.nix

@@ -12,8 +12,6 @@ in
   };
 
   config = mkIf cfg.enable {
-    users.extraUsers.${config.eboskma.var.mainUser}.extraGroups = [ "networkmanager" ];
-
     environment.systemPackages = with pkgs; [
       nmap
       nmap-formatter
@@ -21,11 +19,14 @@ in
 
     services.avahi = {
       enable = true;
-      nssmdns = true;
+      nssmdns4 = true;
+      nssmdns6 = config.networking.enableIPv6;
       publish = {
         enable = true;
         domain = true;
+        hinfo = true;
         userServices = true;
+        workstation = true;
       };
     };
   };