Modules/Impermanence: Persist some caches + lmstudio models

Home/Nixinator: Update opencode permissions
2026-06-17 13:56:50 +02:00 · 2026-06-17 13:56:41 +02:00
2 changed files with 57 additions and 1 deletions
--- a/home/christoph/nixinator/default.nix
+++ b/home/christoph/nixinator/default.nix
@ -137,10 +137,60 @@
          };
          permission = {
            "*" = "ask";
-            "read" = "allow";
+            "bash" = {
+              "*" = "ask";
+              "ls *" = "allow";
+              "find *" = "ask"; # Don't want find -exec
+              "file *" = "allow";
+              "wc *" = "allow";
+              "grep *" = "allow";
+              "rg *" = "allow";
+              "test *" = "allow";
+              "echo *" = "allow";
+              "which *" = "allow";
+              "pwd *" = "allow";
+              "dirname *" = "allow";
+              "basename *" = "allow";
+              "readlink *" = "allow";
+
+              "cat *.env" = "deny";
+              "cat *.env.*" = "deny";
+              "cat *.env.example" = "allow";
+              "printenv *" = "deny";
+              "env *" = "deny";
+
+              "nix eval *" = "allow";
+              "nix flake metadata *" = "allow";
+              "nix flake show *" = "allow";
+              "nix path-info *" = "allow";
+              "nix why-depends *" = "allow";
+              "nix derivation show *" = "allow";
+              "nix store ping *" = "allow";
+              "nix stire diff-closures *" = "allow";
+
+              "git status *" = "allow";
+              "git log *" = "allow";
+              "git diff *" = "allow";
+            };
+            "external_directory" = {
+              "/nix/store/**" = "allow";
+              "/tmp" = "allow";
+              "/tmp/*" = "allow";
+            };
+            "read" = {
+              "*" = "allow";
+              "*.env" = "deny";
+              "*.env.*" = "deny";
+              "*.env.example" = "allow";
+            };
            "grep" = "allow";
            "glob" = "allow";
            "lsp" = "allow";
+            "skill" = "allow";
+            "task" = "ask";
+            "todowrite" = "allow";
+            "webfetch" = "allow";
+            "websearch" = "allow";
            "question" = "allow";
          };
          plugin = [
--- a/system/systemmodules/impermanence/default.nix
+++ b/system/systemmodules/impermanence/default.nix
@ -126,6 +126,7 @@ in {
            (mkUDir ".docker" m755)
            # (mkUDir ".gradle" m755) # Unity
            (mkUDir ".java" m755) # JetBrains
+            (mkUDir ".lmstudio" m755)
            (mkUDir ".MakeMKV" m755)
            (mkUDir ".mozilla/firefox" m755) # TODO: Remove this someday
            (mkUDir ".mozilla/native-messaging-hosts" m755)
@ -143,12 +144,16 @@ in {

            # Cache that's actually useful
            (mkUDir ".cache/claude-cli-nodejs" m755)
+            (mkUDir ".cache/elephant" m755)
            (mkUDir ".cache/fish/generated_completions" m755)
+            (mkUDir ".cache/nix" m755)
            (mkUDir ".cache/nix-index" m755)
            (mkUDir ".cache/nix-search-tv" m755)
            (mkUDir ".cache/nvim" m755)
            (mkUDir ".cache/JetBrains" m755)
            (mkUDir ".cache/keepassxc" m755)
+            (mkUDir ".cache/opencode" m755)
+            (mkUDir ".cache/uv" m755)

            # Config
            # (mkUDir ".config/.android" m755) # Unity
@ -167,6 +172,7 @@ in {
            (mkUDir ".config/JetBrains" m755)
            (mkUDir ".config/kdeconnect" m755)
            (mkUDir ".config/keepassxc" m755)
+            (mkUDir ".config/LM Studio" m755)
            (mkUDir ".config/Msty" m755)
            (mkUDir ".config/Nextcloud" m755)
            # (mkUDir ".config/niri/dms" m755)
Author	SHA1	Message	Date
Christoph Urlacher	909b81a962	Modules/Impermanence: Persist some caches + lmstudio models	2026-06-17 13:56:50 +02:00
Christoph Urlacher	d6edae2a88	Home/Nixinator: Update opencode permissions	2026-06-17 13:56:41 +02:00