fix: disable apparmor & hardening profile to avoid neovim being killed

.gitignore

@@ -4,3 +4,4 @@ result/
 .DS_Store
 .pre-commit-config.yaml
 logs/
+core*

hardening/README.md

@@ -20,6 +20,7 @@
 - NixOS Profile:
   https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/profiles/hardened.nix
 - Apparmor: [roddhjav/apparmor.d)](https://github.com/roddhjav/apparmor.d)
+  - https://gitlab.com/apparmor/apparmor/-/wikis/Documentation
   - AppArmor.d is a set of over 1500 AppArmor profiles whose aim is to confine most Linux based
     applications and processes.
   - Nix Package:

hardening/profiles/default.nix

@@ -6,10 +6,4 @@
   # disable coredump that could be exploited later
   # and also slow down the system when something crash
   systemd.coredump.enable = false;
-
-  # required to run chromium
-  security.chromiumSuidSandbox.enable = true;
-
-  # enable firejail
-  programs.firejail.enable = true;
 }

outputs/x86_64-linux/src/idols-ai.nix

@@ -20,9 +20,9 @@
       # host specific
       "hosts/idols-${name}"
       # nixos hardening
-      "hardening/profiles/default.nix"
+      # "hardening/profiles/default.nix"
       "hardening/nixpaks"
-      "hardening/apparmor"
+      # "hardening/apparmor"
     ];
     home-modules = map mylib.relativeToRoot [
       # common