christoph/flake-nixinator
1
Fork 0
Code Activity

Home/Nixinator: Update opencode permissions

Browse Source
This commit is contained in:
Christoph Urlacher
2026-06-17 13:56:41 +02:00
parent 3f5dd1a686
commit efee0d3e1c
1 changed files with 51 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
home/christoph/nixinator/default.nix
View File

@ -137,10 +137,60 @@
}; };
permission = { permission = {
"*" = "ask"; "*" = "ask";
"read" = "allow"; "bash" = {
"*" = "ask";
"ls *" = "allow";
"find *" = "ask"; # Don't want find -exec
"file *" = "allow";
"wc *" = "allow";
"grep *" = "allow";
"rg *" = "allow";
"test *" = "allow";
"echo *" = "allow";
"which *" = "allow";
"pwd *" = "allow";
"dirname *" = "allow";
"basename *" = "allow";
"readlink *" = "allow";
"cat *.env" = "deny";
"cat *.env.*" = "deny";
"cat *.env.example" = "allow";
"printenv *" = "deny";
"env *" = "deny";
"nix eval *" = "allow";
"nix flake metadata *" = "allow";
"nix flake show *" = "allow";
"nix path-info *" = "allow";
"nix why-depends *" = "allow";
"nix derivation show *" = "allow";
"nix store ping *" = "allow";
"nix stire diff-closures *" = "allow";
"git status *" = "allow";
"git log *" = "allow";
"git diff *" = "allow";
};
"external_directory" = {
"/nix/store/**" = "allow";
"/tmp" = "allow";
"/tmp/*" = "allow";
};
"read" = {
"*" = "allow";
"*.env" = "deny";
"*.env.*" = "deny";
"*.env.example" = "allow";
};
"grep" = "allow"; "grep" = "allow";
"glob" = "allow"; "glob" = "allow";
"lsp" = "allow"; "lsp" = "allow";
"skill" = "allow";
"task" = "ask";
"todowrite" = "allow";
"webfetch" = "allow";
"websearch" = "allow";
"question" = "allow"; "question" = "allow";
}; };
plugin = [ plugin = [