disable opensnitch for now need to work on rules for it

common/desktop_environment/sway/default.nix

@@ -115,14 +115,10 @@ with lib;
 
     # Ensure graphics/OpenGL are enabled so Sway uses GPU-backed rendering
     hardware.graphics = {
-      enable = true;
-      # Keep defaults; Sway runs fine with mesa in system
-    };
-
-    hardware.opengl = {
       enable = true;
       # extraPackages can be used to force vendor-specific mesa/drivers if needed
-      extraPackages = with pkgs; [];
+      # Keep defaults; Sway runs fine with mesa in system
+      # extraPackages = with pkgs; [];
     };
 
     # Environment variables

common/desktop_environment/sway/home_manager/sway.nix

@@ -18,6 +18,8 @@ in
     enable = true;
     xwayland = true;
 
+    systemd.enable = true;
+
     config = lib.mkMerge [
       rec {
         modifier = "Mod4"; # SUPER
@@ -181,7 +183,8 @@ in
           {
             command = "exec sh -c 'sleep 0.01; swaymsg workspace number 7 ; sleep 0.01; swaymsg workspace number 1'";
           }
-          { command = "pgrep waybar >/dev/null || waybar"; }
+          # Waybar is managed by Home Manager systemd unit
+          # { command = "pgrep waybar >/dev/null || waybar"; }
         ];
       }
       cfg.extraOptions

common/general/default.nix

@@ -65,10 +65,24 @@ in
     networking = {
       hostName = top_cfg.systemName;
       nftables.enable = true;
+      # Clears firewall rules on reboot, only ones set in config will be remade
       nftables.flushRuleset = true;
       firewall.enable = true;
     };
 
+    # services.opensnitch = {
+    #   enable = true;
+    #   settings = {
+    #     Firewall = if config.networking.nftables.enable then "nftables" else "iptables";
+    #     InterceptUknown = true;
+    #     ProcMonitorMethod = "ebpf";
+    #     DefaultAction = "deny";
+    #   };
+    #   rules = {
+    #
+    #   };
+    # };
+
     # Enable flakes
     nix.settings.experimental-features = lib.mkIf cfg.flakeOptions [
       "nix-command"