From 52bbf04d1835b6cf115dc54afe3ebe57088808dc Mon Sep 17 00:00:00 2001
From: autumn <autumnal.musing@gmail.com>
Date: Tue, 30 Sep 2025 10:10:29 -0600
Subject: [PATCH] weh

---
 system/extras/currents/flake.nix | 39 +++++++++++++++++++++++++++-----
 1 file changed, 33 insertions(+), 6 deletions(-)

diff --git a/system/extras/currents/flake.nix b/system/extras/currents/flake.nix
index 0a2d29b..7c7d15c 100644
--- a/system/extras/currents/flake.nix
+++ b/system/extras/currents/flake.nix
@@ -4,9 +4,10 @@
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
     home-manager.url = "github:nix-community/home-manager";
+    currents-src.url = "path:/home/autumn/projects/currents";
   };
   
-  outputs = { self, nixpkgs, home-manager }:
+  outputs = { self, nixpkgs, home-manager, currents-src }:
     let
       system = "x86_64-linux";
       pkgs = nixpkgs.legacyPackages.${system};
@@ -15,8 +16,15 @@
       packages.${system}.default = pkgs.rustPlatform.buildRustPackage {
         pname = "currents";
         version = "0.1.0";
-        src = ./.;
-        cargoLock.lockFile = ./Cargo.lock;
+        src = currents-src;
+        cargoLock.lockFile = "${currents-src}/Cargo.lock";
+        
+        # Build inputs
+        nativeBuildInputs = with pkgs; [ pkg-config ];
+        buildInputs = with pkgs; [ openssl ];
+        
+        # Environment variables for build
+        OPENSSL_NO_VENDOR = 1;
       };
       
       # NixOS module (existing)
@@ -41,17 +49,36 @@
         in {
           options.services.currents = {
             enable = mkEnableOption "Currents, a weather alert daemon";
+            package = mkOption {
+              type = types.package;
+              default = self.packages.${system}.default;
+              description = "The currents package to use";
+            };
           };
           config = mkIf cfg.enable {
-            home.packages = [ self.packages.${system}.default ];
+            home.packages = [ cfg.package ];
             systemd.user.services.currents = {
-              Unit.Description = "Currents, a weather alert daemon";
+              Unit = {
+                Description = "Currents, a weather alert daemon";
+                After = [ "graphical-session.target" ];
+              };
               Service = {
                 Type = "simple";
-                ExecStart = "${self.packages.${system}.default}/bin/currents";
+                ExecStart = "${cfg.package}/bin/currents";
                 Restart = "always";
                 RestartSec = 10;
                 Environment = "RUST_LOG=info";
+                
+                # Security settings
+                NoNewPrivileges = true;
+                PrivateTmp = true;
+                ProtectSystem = "strict";
+                ProtectHome = "read-only";
+                ReadWritePaths = [ "%h/.config/currents" ];
+                
+                # Resource limits
+                MemoryMax = "64M";
+                CPUQuota = "10%";
               };
               Install.WantedBy = [ "default.target" ];
             };