feat(apparmor): add hardening binary temp

.envrc

@@ -1,7 +1,10 @@
-watch_file flake.nix flake.lock \
-  cells/*
+# Disable the automatic menu displaying on every environment reload.
+# export DEVSHELL_NO_MOTD=1
+watch_file flakes.nix flake.lock
+watch_file local/flake.nix local/flake.lock
+# shellcheck disable=SC1090
+source "$(fetchurl "https://raw.githubusercontent.com/gtrunsec/direnv/main/lib" "sha256-tuMA8WGkwcYq9V3MtlN6xdVvKd2YkdEpdK4ZyAN6VDM=")"
 
-source_url \
-  "https://raw.githubusercontent.com/divnix/std/main/direnv_lib.sh" \
-  "sha256-stD11PJwf0kM3nR1r8p6lhx9EjakVYV6wBoO7xTvGMg="
-use std cells //main/devshells:default
+registry="$PRJ_ROOT/nix/std#__std"
+
+use envreload //repo/shells/default

.github/workflows/checks.yaml

@@ -8,24 +8,13 @@ jobs:
   nix-build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - uses: cachix/install-nix-action@v17
-        with:
-          install_url: https://github.com/numtide/nix-unstable-installer/releases/download/nix-2.8.0pre20220415_b135de2/install
-          extra_nix_config: |
-            experimental-features = nix-command flakes
-            system-features = nixos-test benchmark big-parallel kvm recursive-nix
-
-      - name: Run Flake Show
-        run: nix -Lv flake show
 
-      - name: Build Doc
-        run: nix develop --show-trace --command -- mkdoc
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
 
-      - name: Deploy
-        uses: JamesIves/[email protected]
-        with:
-          branch: gh-pages
-          folder: ./docs/publish/public
+      - name: Devshell
+        run: |
+          nix develop ./nix/std --command echo hardenedlinux

.gitignore

@@ -3,5 +3,10 @@
 *.log
 tmp/
 
-
+/.data
 .std
+
+# nixago: ignore-linked-files
+/.conform.yaml
+/treefmt.toml
+/lefthook.yml