colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

programs: assorted: correct sandbox paths now that Pictures/Videos/Books are categorized

Browse Source 
i don't like this Pictures/ approach though. i may reconsolidate some of those
This commit is contained in:
Colin 2024-02-27 21:36:18 +00:00
parent 715de37954
commit 67536e3c1f
18 changed files with 95 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
hosts/common/programs/assorted.nix
View File

@ -417,7 +417,11 @@ in
gimp.sandbox.wrapperType = "wrappedDerivation"; gimp.sandbox.wrapperType = "wrappedDerivation";
gimp.sandbox.whitelistWayland = true; gimp.sandbox.whitelistWayland = true;
gimp.sandbox.extraHomePaths = [ gimp.sandbox.extraHomePaths = [
"Pictures" "Pictures/albums"
"Pictures/cat"
"Pictures/from"
"Pictures/Photos"
"Pictures/Screenshots"
"Pictures/servo-macros" "Pictures/servo-macros"
"dev" "dev"
"ref" "ref"
@ -471,7 +475,12 @@ in
gnome-frog.sandbox.extraHomePaths = [ gnome-frog.sandbox.extraHomePaths = [
# for OCR'ing photos from disk # for OCR'ing photos from disk
"tmp" "tmp"
"Pictures" "Pictures/albums"
"Pictures/cat"
"Pictures/from"
"Pictures/Photos"
"Pictures/Screenshots"
"Pictures/servo-macros"
]; ];
gnome-frog.persist.byStore.cryptClearOnBoot = [ gnome-frog.persist.byStore.cryptClearOnBoot = [
".local/share/tessdata" # 15M; dunno what all it is. ".local/share/tessdata" # 15M; dunno what all it is.
@ -543,7 +552,11 @@ in
inkscape.sandbox.wrapperType = "wrappedDerivation"; inkscape.sandbox.wrapperType = "wrappedDerivation";
inkscape.sandbox.whitelistWayland = true; inkscape.sandbox.whitelistWayland = true;
inkscape.sandbox.extraHomePaths = [ inkscape.sandbox.extraHomePaths = [
"Pictures" "Pictures/albums"
"Pictures/cat"
"Pictures/from"
"Pictures/Photos"
"Pictures/Screenshots"
"Pictures/servo-macros" "Pictures/servo-macros"
"dev" "dev"
"ref" "ref"
@ -596,7 +609,11 @@ in
krita.sandbox.autodetectCliPaths = "existing"; krita.sandbox.autodetectCliPaths = "existing";
krita.sandbox.extraHomePaths = [ krita.sandbox.extraHomePaths = [
"dev" "dev"
"Pictures" "Pictures/albums"
"Pictures/cat"
"Pictures/from"
"Pictures/Photos"
"Pictures/Screenshots"
"Pictures/servo-macros" "Pictures/servo-macros"
"ref" "ref"
"tmp" "tmp"
@ -612,9 +629,9 @@ in
losslesscut-bin.sandbox.wrapperType = "wrappedDerivation"; losslesscut-bin.sandbox.wrapperType = "wrappedDerivation";
losslesscut-bin.sandbox.extraHomePaths = [ losslesscut-bin.sandbox.extraHomePaths = [
"Music" "Music"
"Pictures" # i have some videos in there too. "Pictures/from" # videos from e.g. mobile phone
"Pictures/servo-macros" "Pictures/servo-macros"
"Videos" "Videos/local"
"Videos/servo" "Videos/servo"
"tmp" "tmp"
]; ];
@ -632,7 +649,8 @@ in
"mate.engrampa".sandbox.autodetectCliPaths = "existingOrParent"; "mate.engrampa".sandbox.autodetectCliPaths = "existingOrParent";
"mate.engrampa".sandbox.extraHomePaths = [ "mate.engrampa".sandbox.extraHomePaths = [
"archive" "archive"
"Books" "Books/local"
"Books/servo"
"records" "records"
"ref" "ref"
"tmp" "tmp"

2
hosts/common/programs/cozy.nix
View File

@ -8,7 +8,7 @@
sandbox.whitelistDbus = [ "user" ]; # mpris sandbox.whitelistDbus = [ "user" ]; # mpris
sandbox.whitelistWayland = true; sandbox.whitelistWayland = true;
sandbox.extraHomePaths = [ sandbox.extraHomePaths = [
"Books" "Books/local"
"Books/servo" "Books/servo"
]; ];

8
hosts/common/programs/dino.nix
View File

@ -54,9 +54,13 @@ in
sandbox.whitelistWayland = true; sandbox.whitelistWayland = true;
sandbox.extraHomePaths = [ sandbox.extraHomePaths = [
"Music" "Music"
"Pictures" "Pictures/albums"
"Pictures/cat"
"Pictures/from"
"Pictures/Photos"
"Pictures/Screenshots"
"Pictures/servo-macros" "Pictures/servo-macros"
"Videos" "Videos/local"
"Videos/servo" "Videos/servo"
"tmp" "tmp"
]; ];

8
hosts/common/programs/element-desktop.nix
View File

@ -25,9 +25,13 @@
sandbox.whitelistWayland = true; sandbox.whitelistWayland = true;
sandbox.extraHomePaths = [ sandbox.extraHomePaths = [
"Music" "Music"
"Pictures" "Pictures/albums"
"Pictures/cat"
"Pictures/from"
"Pictures/Photos"
"Pictures/Screenshots"
"Pictures/servo-macros" "Pictures/servo-macros"
"Videos" "Videos/local"
"Videos/servo" "Videos/servo"
"tmp" "tmp"
]; ];

6
hosts/common/programs/firefox.nix
View File

@ -244,7 +244,11 @@ in
# for uploads/downloads. # for uploads/downloads.
# it still needs these paths despite using the portal's file-chooser :? # it still needs these paths despite using the portal's file-chooser :?
"tmp" "tmp"
"Pictures" "Pictures/albums"
"Pictures/cat"
"Pictures/from"
"Pictures/Photos"
"Pictures/Screenshots"
"Pictures/servo-macros" "Pictures/servo-macros"
] ++ lib.optionals cfg.addons.browserpass-extension.enable [ ] ++ lib.optionals cfg.addons.browserpass-extension.enable [
# browserpass needs these paths: # browserpass needs these paths:

8
hosts/common/programs/fractal.nix
View File

@ -37,9 +37,13 @@ in
sandbox.extraHomePaths = [ sandbox.extraHomePaths = [
# still needs these paths despite it using the portal's file-chooser :? # still needs these paths despite it using the portal's file-chooser :?
"Music" "Music"
"Pictures" "Pictures/albums"
"Pictures/cat"
"Pictures/from"
"Pictures/Photos"
"Pictures/Screenshots"
"Pictures/servo-macros" "Pictures/servo-macros"
"Videos" "Videos/local"
"Videos/servo" "Videos/servo"
"tmp" "tmp"
]; ];

2
hosts/common/programs/go2tv.nix
View File

@ -40,7 +40,7 @@ in
# for GUI invocation, allow the common media directories # for GUI invocation, allow the common media directories
sandbox.extraHomePaths = [ sandbox.extraHomePaths = [
"Music" "Music"
"Videos" "Videos/local"
"Videos/servo" "Videos/servo"
]; ];
sandbox.extraPaths = [ sandbox.extraPaths = [

8
hosts/common/programs/gtkcord4.nix
View File

@ -40,9 +40,13 @@ in
sandbox.whitelistWayland = true; sandbox.whitelistWayland = true;
sandbox.extraHomePaths = [ sandbox.extraHomePaths = [
"Music" "Music"
"Pictures" "Pictures/albums"
"Pictures/cat"
"Pictures/from"
"Pictures/Photos"
"Pictures/Screenshots"
"Pictures/servo-macros" "Pictures/servo-macros"
"Videos" "Videos/local"
"Videos/servo" "Videos/servo"
"tmp" "tmp"
]; ];

4
hosts/common/programs/handbrake.nix
View File

@ -7,8 +7,8 @@
sandbox.whitelistWayland = true; sandbox.whitelistWayland = true;
sandbox.extraHomePaths = [ sandbox.extraHomePaths = [
"Music" "Music"
"Pictures" # i have some videos in there too. "Pictures/from" # e.g. videos filmed from my phone
"Videos" "Videos/local"
"Videos/servo" "Videos/servo"
"tmp" "tmp"
]; ];

4
hosts/common/programs/kdenlive.nix
View File

@ -5,9 +5,9 @@
sandbox.wrapperType = "wrappedDerivation"; sandbox.wrapperType = "wrappedDerivation";
sandbox.extraHomePaths = [ sandbox.extraHomePaths = [
"Music" "Music"
"Pictures" # i have some videos in there too. "Pictures/from" # e.g. Videos taken from my phone
"Pictures/servo-macros" "Pictures/servo-macros"
"Videos" "Videos/local"
"Videos/servo" "Videos/servo"
"tmp" "tmp"
]; ];

2
hosts/common/programs/koreader/default.nix
View File

@ -51,7 +51,7 @@ in {
sandbox.whitelistDri = true; # reduces startup time and subjective page flip time sandbox.whitelistDri = true; # reduces startup time and subjective page flip time
sandbox.whitelistWayland = true; sandbox.whitelistWayland = true;
sandbox.extraHomePaths = [ sandbox.extraHomePaths = [
"Books" "Books/local"
"Books/servo" "Books/servo"
]; ];

8
hosts/common/programs/loupe.nix
View File

@ -16,9 +16,13 @@
sandbox.whitelistWayland = true; sandbox.whitelistWayland = true;
sandbox.autodetectCliPaths = "parent"; sandbox.autodetectCliPaths = "parent";
sandbox.extraHomePaths = [ sandbox.extraHomePaths = [
"Pictures" "Pictures/albums"
"Pictures/cat"
"Pictures/from"
"Pictures/Photos"
"Pictures/Screenshots"
"Pictures/servo-macros" "Pictures/servo-macros"
"Videos" "Videos/local"
"Videos/servo" "Videos/servo"
"dev" "dev"
"records" "records"

2
hosts/common/programs/megapixels.nix
View File

@ -25,7 +25,7 @@
# ".nix-profile" # ".nix-profile"
".cache/mesa_shader_cache" # loads way faster ".cache/mesa_shader_cache" # loads way faster
"tmp" "tmp"
"Pictures" "Pictures" #< TODO: make this Pictures/Photos and save photos there
# also it addresses a lot via relative path. # also it addresses a lot via relative path.
]; ];
sandbox.extraPaths = [ sandbox.extraPaths = [

4
hosts/common/programs/mpv.nix
View File

@ -73,10 +73,10 @@ in
".config/mpv" #< else mpris plugin crashes on launch ".config/mpv" #< else mpris plugin crashes on launch
# it's common for album (or audiobook, podcast) images/lyrics/metadata to live adjacent to the primary file. # it's common for album (or audiobook, podcast) images/lyrics/metadata to live adjacent to the primary file.
# CLI detection is too poor to pick those up, so expose the common media dirs to the sandbox to make that *mostly* work. # CLI detection is too poor to pick those up, so expose the common media dirs to the sandbox to make that *mostly* work.
"Books" "Books/local"
"Books/servo" "Books/servo"
"Music" "Music"
"Videos" "Videos/local"
"Videos/servo" "Videos/servo"
]; ];

6
hosts/common/programs/rofi/default.nix
View File

@ -60,7 +60,11 @@
sandbox.extraHomePaths = [ sandbox.extraHomePaths = [
".local/share/applications" #< to locate .desktop files ".local/share/applications" #< to locate .desktop files
"Music" "Music"
"Pictures" "Pictures/albums"
"Pictures/cat"
"Pictures/from"
"Pictures/Photos"
"Pictures/Screenshots"
"Pictures/servo-macros" "Pictures/servo-macros"
"Videos/local" "Videos/local"
"Videos/servo" "Videos/servo"

8
hosts/common/programs/signal-desktop.nix
View File

@ -29,9 +29,13 @@ in
sandbox.whitelistWayland = true; sandbox.whitelistWayland = true;
sandbox.extraHomePaths = [ sandbox.extraHomePaths = [
"Music" "Music"
"Pictures" "Pictures/albums"
"Pictures/cat"
"Pictures/from"
"Pictures/Photos"
"Pictures/Screenshots"
"Pictures/servo-macros" "Pictures/servo-macros"
"Videos" "Videos/local"
"Videos/servo" "Videos/servo"
"tmp" "tmp"
]; ];

8
hosts/common/programs/tuba.nix
View File

@ -9,9 +9,13 @@
sandbox.whitelistWayland = true; sandbox.whitelistWayland = true;
sandbox.extraHomePaths = [ sandbox.extraHomePaths = [
"Music" "Music"
"Pictures" "Pictures/albums"
"Pictures/cat"
"Pictures/from"
"Pictures/Photos"
"Pictures/Screenshots"
"Pictures/servo-macros" "Pictures/servo-macros"
"Videos" "Videos/local"
"Videos/servo" "Videos/servo"
"tmp" "tmp"
]; ];

11
hosts/common/programs/xdg-desktop-portal-gtk.nix
View File

@ -16,11 +16,16 @@ in
# for file-chooser portal users (fractal, firefox, ...), need to provide anything they might want. # for file-chooser portal users (fractal, firefox, ...), need to provide anything they might want.
# i think (?) portal users can only access the files here interactively, i.e. by me interacting with the portal's visual filechooser, # i think (?) portal users can only access the files here interactively, i.e. by me interacting with the portal's visual filechooser,
# so shoving stuff here is trusting the portal but not granting any trust to the portal user. # so shoving stuff here is trusting the portal but not granting any trust to the portal user.
"Books" "Books/local"
"Books/servo"
"Music" "Music"
"Pictures" "Pictures/albums"
"Pictures/cat"
"Pictures/from"
"Pictures/Photos"
"Pictures/Screenshots"
"Pictures/servo-macros" "Pictures/servo-macros"
"Videos" "Videos/local"
"Videos/servo" "Videos/servo"
"archive" "archive"
"dev" "dev"