|
07aec3ca3c
|
apps: explain why i ship both engrampa and xarchiver archive managers
|
2024-05-31 08:39:23 +00:00 |
|
|
58d5f11c7a
|
overlays/cross: disable patches which im not actively using
|
2024-05-31 08:21:23 +00:00 |
|
|
ed2d4ef488
|
overlays/cross: update upstreaming status
|
2024-05-31 08:02:25 +00:00 |
|
|
e8f8866032
|
overlays/cross: remove old emulated package set and buildInQemu , etc
|
2024-05-31 06:59:32 +00:00 |
|
|
a2dfd8f08e
|
libphonenumber: use a better patch for cross (CMAKE_CROSSCOMPILING_EMULATOR)
|
2024-05-31 06:27:10 +00:00 |
|
|
c7fd3d2217
|
nixpkgs: 2024-05-26 -> 2024-05-31, nixpkgs-wayland -> 2024-05-31
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/2baa940f86e1fc54757fd7d1ed551c0a38904bf2' (2024-05-26)
→ 'github:nixos/nixpkgs/d3d81af60c22e9e93a3930a9630b210362341ab9' (2024-05-31)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/7780e5160e011b39019797a4c4b1a4babc80d1bf' (2024-05-26)
→ 'github:nixos/nixpkgs/4e60a4d94bdc1abafeefc1928aa3cda6ce6c4210' (2024-05-31)
• Updated input 'nixpkgs-wayland':
'github:nix-community/nixpkgs-wayland/397c85d463aef789a8dd24c4db467e9ad787907b' (2024-05-26)
→ 'github:nix-community/nixpkgs-wayland/1db9b79a45c8e346e03480767e6d9749fabfaf10' (2024-05-31)
```
|
2024-05-31 06:09:03 +00:00 |
|
|
0fcc3f8d5d
|
ModemManager: make the sandbox more strict
|
2024-05-30 21:32:35 +00:00 |
|
|
0bb887158b
|
implement a dropbear SSH module
|
2024-05-30 20:58:01 +00:00 |
|
|
6570c5ed84
|
modemmanager: sandbox with bwrap instead of landlock
|
2024-05-30 18:47:09 +00:00 |
|
|
820fdecfd5
|
modemmanager: minimal (working) sandbox
|
2024-05-30 18:27:34 +00:00 |
|
|
8d43565f31
|
sane-theme: disable sandbox
|
2024-05-30 16:54:10 +00:00 |
|
|
18364761dd
|
wireplumber: undo the enableSystemd=false patch
|
2024-05-30 16:50:53 +00:00 |
|
|
d3937487e6
|
moby: cleanup bonsai <-> sway circular dependency (slightly)
|
2024-05-30 12:43:09 +00:00 |
|
|
3fdeacc336
|
sane-input-handler: add a --help command
|
2024-05-30 12:30:41 +00:00 |
|
|
847414ac1f
|
health-check: add a test that git is online
|
2024-05-30 12:18:57 +00:00 |
|
|
84f2006115
|
servo: fix gitea
|
2024-05-30 12:12:06 +00:00 |
|
|
7f5e12da8d
|
dbus: dont consider the service "up" until the unix pipe actually appears
|
2024-05-30 11:04:02 +00:00 |
|
|
afa8a3c52e
|
activationScripts.notifyActive: future-proof for if ever DBUS_SESSION_BUS_ADDRESS changes
|
2024-05-30 11:03:35 +00:00 |
|
|
bfbcb4789b
|
activationScripts.notifyActive: fix forrenamed XDG_RUNTIME_DIR
|
2024-05-30 10:56:17 +00:00 |
|
|
2531cc1cf6
|
bonsai: place the socket in a subdirectory to improve sandboxing
|
2024-05-30 09:54:28 +00:00 |
|
|
e55b75c333
|
wireplumber: build without systemd
|
2024-05-30 09:46:29 +00:00 |
|
|
adb54657d4
|
sway: fix bonsai to be visible in the sandbox
|
2024-05-30 09:46:04 +00:00 |
|
|
6eefb9ce20
|
wireplumber: build against the same pipewire i deploy
|
2024-05-30 09:06:41 +00:00 |
|
|
2233622bb7
|
landlock-sandboxer: remove startup messages for 6.9
|
2024-05-30 08:55:13 +00:00 |
|
|
274a7821a7
|
wireplumber: remove no-longer-needed /run/systemd directory
not necessary when using seatd/when a member of the 'audio' group
|
2024-05-30 08:54:41 +00:00 |
|
|
4c84d1a727
|
doc: modules/users: show what XDG_SESSION_{ID,CLASS,TYPE} could look like if set
|
2024-05-30 08:44:26 +00:00 |
|
|
175acf6442
|
pipewire: build without systemd
|
2024-05-30 08:44:11 +00:00 |
|
|
0761b6135a
|
users/colin: add myself to "audio" group so that wireplumber can access audio devices w/o systemd/logind
|
2024-05-30 08:44:11 +00:00 |
|
|
66c899d099
|
callaudiod: fix to not start before dbus/pipewire are up (avoids coredump on boot)
|
2024-05-30 06:07:08 +00:00 |
|
|
4aeb3360d3
|
cleanup: programs: dont assume sway is always the wayland/x11 provider
|
2024-05-30 06:00:32 +00:00 |
|
|
0c456d11d8
|
programs: ensure things which depend on sound or wayland are ordered after it
|
2024-05-30 04:55:05 +00:00 |
|
|
3b73773169
|
programs: ensure things which depend on dbus are ordered after it
|
2024-05-30 03:48:45 +00:00 |
|
|
9ba8ff738b
|
refactor: sane.programs.$foo.service: specify type concretely
|
2024-05-30 03:39:32 +00:00 |
|
|
f1d397940f
|
seatd: patch sandboxing for desko
|
2024-05-29 19:42:45 +00:00 |
|
|
fa94fa8e6c
|
seatd: sandbox with bwrap
it always surprises my that you can sandbox something with cap_sys_admin like this...
i think this works *only* because the user is root
|
2024-05-29 19:09:57 +00:00 |
|
|
4b9c125c8c
|
seatd: sandbox
|
2024-05-29 18:58:38 +00:00 |
|
|
0f7d25d8a5
|
doc: sway: say why i wrapperType = "inplace"
|
2024-05-29 18:58:05 +00:00 |
|
|
140641729e
|
gvfs: disable (it was broken)
|
2024-05-29 18:39:31 +00:00 |
|
|
32124d76bf
|
cups: disable (not currently used, and not sandboxed)
|
2024-05-29 18:33:17 +00:00 |
|
|
c5c174f988
|
sway: patch to use a narrower sandbox
|
2024-05-29 18:24:59 +00:00 |
|
|
29bc1608aa
|
sway: remove sandbox input which are no longer necessary
|
2024-05-29 17:07:18 +00:00 |
|
|
635ca1e5d8
|
seatd: pull the service definition into my own repo
this will allow me to configure the package
|
2024-05-29 16:34:32 +00:00 |
|
|
2789868703
|
seatd: split out of sway conf
|
2024-05-29 16:22:52 +00:00 |
|
|
c40ec1990a
|
sshd: disable systemd integration
|
2024-05-29 15:57:19 +00:00 |
|
|
d4dfcd6510
|
login : remove systemd pam integration (so it doesnt try, and fail, to start the user manager)
|
2024-05-29 15:42:39 +00:00 |
|
|
d865be952a
|
refactor: sandboxing: replace manual --sanebox-keep-namespace pid config with isolatePids = false
|
2024-05-29 12:56:46 +00:00 |
|
|
7c8a18ecbd
|
systemd: remove no-longer-used user@1000 override
|
2024-05-29 12:56:19 +00:00 |
|
|
35ff7de06e
|
dbus: manage it ourselves instead of having systemd do it
|
2024-05-29 12:55:51 +00:00 |
|
|
00d06db66a
|
make-sandboxed: handle more systemd service files
|
2024-05-29 12:54:44 +00:00 |
|
|
c570b7bf5d
|
dbus: manage it ourselves instead of having systemd do it
|
2024-05-29 11:30:33 +00:00 |
|