programs: waybar: fix battery indicator within sandbox
This commit is contained in:
parent
df60be8c61
commit
582a003739
2
TODO.md
2
TODO.md
|
@ -34,6 +34,8 @@
|
||||||
- validate duplicity backups!
|
- validate duplicity backups!
|
||||||
- encrypt more ~ dirs (~/archives, ~/records, ..?)
|
- encrypt more ~ dirs (~/archives, ~/records, ..?)
|
||||||
- best to do this after i know for sure i have good backups
|
- best to do this after i know for sure i have good backups
|
||||||
|
- /mnt/desko/home, etc, shouldn't include secrets (~/private)
|
||||||
|
- 95% of its use is for remote media access and stuff which isn't in VCS (~/records)
|
||||||
- port all sane.programs to be sandboxed
|
- port all sane.programs to be sandboxed
|
||||||
- enforce that all `environment.packages` has a sandbox profile (or explicitly opts out)
|
- enforce that all `environment.packages` has a sandbox profile (or explicitly opts out)
|
||||||
- integrate `xdg-open` with the sandbox profiles
|
- integrate `xdg-open` with the sandbox profiles
|
||||||
|
|
|
@ -9,6 +9,42 @@
|
||||||
]);
|
]);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
sandbox.method = "bwrap";
|
||||||
|
sandbox.wrapperType = "inplace";
|
||||||
|
sandbox.whitelistDbus = [ "user" ]; # for portals launching apps
|
||||||
|
sandbox.whitelistWayland = true;
|
||||||
|
sandbox.extraHomePaths = [
|
||||||
|
# grant access to pretty much everything, except for secret keys.
|
||||||
|
# ".cache"
|
||||||
|
# ".config"
|
||||||
|
# ".local"
|
||||||
|
"archive"
|
||||||
|
"Books"
|
||||||
|
"dev"
|
||||||
|
"knowledge"
|
||||||
|
"Music"
|
||||||
|
"nixos"
|
||||||
|
"Pictures"
|
||||||
|
# "private" #< explicitly NOT
|
||||||
|
"records"
|
||||||
|
"ref"
|
||||||
|
"tmp"
|
||||||
|
"use"
|
||||||
|
"Videos"
|
||||||
|
];
|
||||||
|
sandbox.extraPaths = [
|
||||||
|
"boot"
|
||||||
|
"mnt"
|
||||||
|
# "nix"
|
||||||
|
"tmp"
|
||||||
|
"var"
|
||||||
|
];
|
||||||
|
sandbox.extraRuntimePaths = [
|
||||||
|
# not sure if these are actually necessary
|
||||||
|
"gvfs"
|
||||||
|
"gvfsd"
|
||||||
|
];
|
||||||
|
|
||||||
mime.associations = {
|
mime.associations = {
|
||||||
"inode/directory" = "org.gnome.Nautilus.desktop";
|
"inode/directory" = "org.gnome.Nautilus.desktop";
|
||||||
};
|
};
|
||||||
|
|
|
@ -53,6 +53,11 @@ in
|
||||||
sandbox.whitelistDbus = [ "user" ];
|
sandbox.whitelistDbus = [ "user" ];
|
||||||
sandbox.whitelistWayland = true;
|
sandbox.whitelistWayland = true;
|
||||||
sandbox.extraRuntimePaths = [ "/" ]; #< needs to talk to sway IPC. TODO: give the sway IPC a predictable name.
|
sandbox.extraRuntimePaths = [ "/" ]; #< needs to talk to sway IPC. TODO: give the sway IPC a predictable name.
|
||||||
|
sandbox.extraPaths = [
|
||||||
|
# for the battery indicator
|
||||||
|
"/sys/class/power_supply"
|
||||||
|
"/sys/devices"
|
||||||
|
];
|
||||||
|
|
||||||
fs.".config/waybar/config".symlink.target =
|
fs.".config/waybar/config".symlink.target =
|
||||||
(pkgs.formats.json {}).generate "waybar-config.json" [
|
(pkgs.formats.json {}).generate "waybar-config.json" [
|
||||||
|
|
Loading…
Reference in New Issue
Block a user