From 87b5b7ab00f41f9d5fdfceaa86631024a2cd94e1 Mon Sep 17 00:00:00 2001
From: Vinzenz Schroeter <vinzenz.f.s@gmail.com>
Date: Sat, 1 Feb 2025 16:02:27 +0100
Subject: [PATCH] policy.json in extra file, default to reject

---
 home/vinzenz/.config/containers/policy.json | 16 ++++++++++++++++
 home/vinzenz/default.nix                    | 17 +----------------
 2 files changed, 17 insertions(+), 16 deletions(-)
 create mode 100644 home/vinzenz/.config/containers/policy.json

diff --git a/home/vinzenz/.config/containers/policy.json b/home/vinzenz/.config/containers/policy.json
new file mode 100644
index 0000000..d13844e
--- /dev/null
+++ b/home/vinzenz/.config/containers/policy.json
@@ -0,0 +1,16 @@
+{
+    "default": [
+        {
+            "type": "reject"
+        }
+    ],
+    "transports": {
+        "docker-daemon": {
+            "": [
+                {
+                    "type": "insecureAcceptAnything"
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/home/vinzenz/default.nix b/home/vinzenz/default.nix
index 6cd8b3a..0b06468 100644
--- a/home/vinzenz/default.nix
+++ b/home/vinzenz/default.nix
@@ -48,22 +48,7 @@ inputs@{ pkgs, ... }:
 
     home.file."policy.json" = {
       target = ".config/containers/policy.json";
-      text = ''
-        {
-            "default": [
-                {
-                    "type": "insecureAcceptAnything"
-                }
-            ],
-            "transports":
-                {
-                    "docker-daemon":
-                        {
-                            "": [{"type":"insecureAcceptAnything"}]
-                        }
-                }
-        }
-      '';
+      text = builtins.readFile ./.config/containers/policy.json;
     };
   };
 }