nip/profiles/security/homestation.kdl

// Homestation Security Profile (Default)
// For home use with relaxed network access and desktop integration

profile "Homestation" {
  version "1.0"
  description "Standard isolation with relaxed network access (default profile)"
  default true  // This is the default profile

  // Isolation settings
  isolation {
    level "Standard"  // Mount + filesystem namespaces

    namespaces {
      mount true
      pid false
      network false
      ipc false
      user false
      uts false
    }
  }

  // Desktop integration
  desktop {
    integration true
    themes true
    fonts true
    clipboard true
    dbus true
  }

  // Network access (relaxed for home use)
  network {
    access "Relaxed"
    restrictions []
    allow_local_network true
  }

  // Resource limits (generous for home use)
  resources {
    max_memory "8GB"
    max_cpu 0.9
    max_disk "10GB"
    max_processes 200
    max_open_files 2048
  }

  // XDG enforcement
  xdg {
    enforce true
    redirect_legacy true
    strict_mode false
  }

  // Security settings (relaxed for convenience)
  security {
    allow_system_units false
    audit_logging "Basic"
    network_namespace false
    filesystem_isolation true
  }

  // Default packages for home use
  recommended_packages [
    "firefox"
    "vlc"
    "gimp"
    "steam"
    "discord"
  ]
}