feat: update MCP configuration to include additional permissions for nixos and puppeteer modules

2025-06-05 15:06:18 +02:00
parent ecf3e03e81
commit a18a0e913d
1 changed files with 41 additions and 6 deletions
--- a/hosts/nb/modules/mcp-global.nix
+++ b/hosts/nb/modules/mcp-global.nix
@@ -3,14 +3,14 @@
 let
  # Fetch MCP servers library
  mcpServersNix = import (builtins.fetchTarball {
-    url = "https://github.com/dpolakovics/mcp-servers-nix/archive/e068d6aa5d9972987aa8aed198b7bb763b1af161.tar.gz";
-    sha256 = "sha256-yWFrZG9UryIf3EW8BoYNqRU61hL5iyqYrEOX0wXWuhk=";
+    url = "https://github.com/dpolakovics/mcp-servers-nix/archive/916979f7692e25cb3510d68201886b18c381da06.tar.gz";
+    sha256 = "sha256-S/AzJI1OvWCmSOZ02H4aRUCZVAE6dpH99vZcz43W2Nw=";
  }) { inherit pkgs; };

  # Build MCP configuration
  mcpJsonConfig = mcpServersNix.lib.mkConfig pkgs {
    programs = {
-      fetch.enable            = true;
+      # fetch.enable            = true;
      brave-search = {
        enable  = true;
        envFile = config.sops.secrets.mcp-brave-env.path;
@@ -19,11 +19,46 @@ let
      puppeteer.enable        = true;
      # memory.enable           = true;
      sequential-thinking.enable = true;
+      context7.enable = true;
    };
    settings = {
-      mcpServers.nixos = {
-        command = "nix";
-        args    = [ "run" "github:utensils/mcp-nixos" "--" ];
+      mcpServers = {
+        brave-search = {
+          alwaysAllow = [ "brave_web_search" "brave_local_search"];
+        };
+        context7 = {
+          alwaysAllow = [ "resolve-library-id" "get-library-docs" ];
+        };
+        nixos = {
+          command = "nix";
+          args    = [ "run" "github:utensils/mcp-nixos" "--" ];
+          alwaysAllow = [
+            "nixos_search"
+            "nixos_info"
+            "nixos_channels"
+            "home_manager_search"
+            "home_manager_info"
+            "home_manager_stats"
+            "home_manager_list_options"
+            "home_manager_options_by_prefix"
+            "nixhub_package_versions"
+            "nixhub_find_version"
+          ];
+        };
+        puppeteer = {
+          alwaysAllow = [
+            "puppeteer_navigate"
+            "puppeteer_screenshot"
+            "puppeteer_click"
+            "puppeteer_fill"
+            "puppeteer_select"
+            "puppeteer_hover"
+            "puppeteer_evaluate"
+          ];
+        };
+        sequential-thinking = {
+          alwaysAllow = [ "sequentialthinking" ];
+        };
      };
    };
  };