d01e49f566
pipewire: switch back to bwrap
sandboxing and document limitations
2024-04-24 13:14:35 +00:00
7447d4879e
pipewire: man: link to docs
2024-04-24 10:33:23 +00:00
215864e3d4
pipewire: reduce realtime priority so it doesnt crash moby gpu driver
2024-04-24 09:36:22 +00:00
0cbb81cfea
WIP: pipewire: trying to tune so lima doesnt crash
2024-04-24 09:20:13 +00:00
9d7816a1cd
koreader: fix sandboxing so that i can open links again
2024-04-24 01:02:02 +00:00
461aa5ede0
htop: include "PRIORITY" column
2024-04-23 12:01:15 +00:00
10fc7bbb84
curlftpfs: document sandbox attempt
2024-04-23 09:08:05 +00:00
87e3f2a9ef
pipewire: split rtkit into own file, and use defaults from pipewire project
2024-04-23 09:08:05 +00:00
9481131daf
pipewire: sandbox with landlock (so that rtkit integration works) and split rtkit into own file
2024-04-23 09:08:05 +00:00
ae418fb2d1
valgrind: mark as not sandboxable
2024-04-23 09:08:05 +00:00
c174eddddf
wireplumber: sandbox such that it gets higher sched priority
2024-04-23 09:08:05 +00:00
6d74c6616c
pipewire: shrink the mount sandbox
2024-04-23 09:08:05 +00:00
7db40fbf47
sane-cast: add a menu for choosing which device to cast to whenever there are multiple
2024-04-23 08:10:05 +00:00
152a5d4c92
sane-cast: integrate with mpv
2024-04-23 07:52:48 +00:00
fd771cdb2c
fs: mount media/torrents instead of media/freeleech (the latter was removed)
2024-04-23 01:25:57 +00:00
4c7cd06212
go2tv: clarify compatibility
2024-04-22 12:45:55 +00:00
d0de6a9254
sftpgo: reduce the passive port range
...
hopefully this eases the load on the upstream firewall's UPNP service
2024-04-22 12:08:23 +00:00
12f2798140
servo: sftpgo: move to own directory
2024-04-22 12:05:16 +00:00
bd92076291
fontconfig: populate the cache directory even when cross compiling
2024-04-22 09:47:20 +00:00
9cbe774c5a
sane-input-handler: fix power_hold -> power_tap_1_hold when inhibited by rofi
2024-04-22 06:27:33 +00:00
b4653b20a2
moby: button map: move vol{up,down}_hold to only act in power-off, else they may falsely trigger during other power-on actions
2024-04-22 05:13:29 +00:00
2c011df252
moby: tweak button mappings
...
- power hold: toggle media
- power x1 -> hold: kill
now nothing in screenoff uses power x2, which means we can get to
screen-on without waiting for any timeout.
2024-04-22 05:10:35 +00:00
9d472bb290
sane-input-handler: clean up suggestedPrograms
2024-04-22 04:13:56 +00:00
95b21cbed9
moby: update improve button mappings
...
- power + volup: screenshot
- power + voldown: camera
- volup_hold: file browser
- remove modal media controls
2024-04-22 04:05:52 +00:00
82007c9b40
bonsai: store the config in ~/.config to allow easier online editing
2024-04-22 04:05:15 +00:00
50c72de4f9
megapixels: fix folder icon to actually open ~/Pictures/Photos
2024-04-22 00:16:46 +00:00
36237a3201
megapixels: remove unnecessary ~/tmp
directory from sandbox
2024-04-22 00:16:14 +00:00
eb9df628e6
megapixels: remove unnecessary ~/.local/share/applications from sandbox
2024-04-21 23:49:29 +00:00
a92960d778
megapixels: place photos in ~/Pictures/Photos instead of directly in ~/Pictures
2024-04-21 23:13:49 +00:00
ef9b0e9309
megapixels: fix .dng -> .jpg conversion
2024-04-21 21:59:05 +00:00
350e00e0cd
firefox: decrease scrollbar width 20px -> 14px
2024-04-21 21:08:07 +00:00
b77e811ad4
blast-to-default: leverage sane-die-with-parent
2024-04-21 11:09:23 +00:00
a000a722ba
mpv: fix so sane-sysvol doesnt hang exit
2024-04-21 10:08:46 +00:00
4dde01245e
mpv: sane_sysvol: fix non_blocking_popen to use metatables and be more readable
2024-04-21 03:47:01 +00:00
f50c0a98c2
sane-sysvol -> sane_sysvol, sane-cast -> sane_cast
...
when a script contains a dash, mpv silently renames *parts* of it to _, which causes confusion
2024-04-21 00:27:30 +00:00
0625bfdd10
mpv: sane-cast: fix crash due to missing table.concat
function
2024-04-21 00:24:46 +00:00
4dfee58d09
sops: fix sandbox path
2024-04-20 21:43:13 +00:00
a7b8eb179b
pipewire: move the clock quantum config into sane.programs proper
...
this ensures it's available in the sandbox
2024-04-20 09:09:05 +00:00
f10bb6c86c
sftpgo: adjust file mode to be compatible with Kodi
2024-04-20 08:07:00 +00:00
a59a7b5346
feeds: podcasts: add Tech Tales
2024-04-19 21:46:03 +00:00
1bd715e57e
nixpkgs: 2024-04-18 -> 2024-04-19; nixpkgs-wayland, sops-nix
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/19d2eb80a0e23daf1c4a8cf25b1011fbdb2260fb' (2024-04-18)
→ 'github:nixos/nixpkgs/6ad1fe08582fcdfedb2cb7c31b4a016a227bd38a' (2024-04-19)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/457c34178411e0072e59564ee7986e86255a6eff' (2024-04-18)
→ 'github:nixos/nixpkgs/40d15ed86dd08eff6a29e0a9abc416001d19cd67' (2024-04-19)
• Updated input 'nixpkgs-wayland':
'github:nix-community/nixpkgs-wayland/7867aa617c6eb205b1ac1b71d98cd18a2561bb18' (2024-04-17)
→ 'github:nix-community/nixpkgs-wayland/ab0f8d391a960764348935e6497fc62ba0d2378d' (2024-04-19)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/cc535d07cbcdd562bcca418e475c7b1959cefa4b' (2024-04-15)
→ 'github:Mic92/sops-nix/b94c6edbb8355756c53efc8ca3874c63622f287a' (2024-04-18)
• Updated input 'sops-nix/nixpkgs-stable':
'github:NixOS/nixpkgs/c27f3b6d8e29346af16eecc0e9d54b1071eae27e' (2024-04-13)
→ 'github:NixOS/nixpkgs/8494ae076b7878d61a7d2d25e89a847fe8f8364c' (2024-04-18)
```
2024-04-19 20:33:48 +00:00
317996b609
clightning-sane: document the status
command more
2024-04-19 07:29:20 +00:00
135f63480b
clightning-sane: add a help message
2024-04-19 07:29:20 +00:00
d9ffa5bb5a
wike: fix sandboxing for 3.0
2024-04-19 01:26:58 +00:00
f59f13588f
jackett/transmission/slskd: validate public IP address before starting
2024-04-18 20:05:59 +00:00
40af93a7fb
feeds: add apenwarr
2024-04-18 17:29:50 +00:00
a36ff517e7
servo: slskd: disable
2024-04-18 06:55:56 +00:00
60c370df3f
sftpgo: fix domain name in banner
2024-04-18 05:01:57 +00:00
d80852c6c1
sftpgo: re-enable password login
2024-04-18 04:58:59 +00:00
62b3047fff
sftpgo: support FTPS
2024-04-18 04:34:41 +00:00
de2c3a30ff
programs: ship lftp ftp client
2024-04-18 04:17:10 +00:00
c08280589d
lsof: fix sandboxing
2024-04-17 23:43:42 +00:00
9a9ffcbea9
transmission: fix faulty "find" expression (thanks shellcheck!)
2024-04-17 23:32:00 +00:00
733efcfaf7
servo: nginx: forceSSL for anything media related
2024-04-17 22:49:24 +00:00
b34d984572
servo: transmission: remove noisy files upon torrent completion
2024-04-17 20:47:00 +00:00
e2b58e1b77
servo: transmission: be extra strict about requiring VPN
2024-04-17 19:52:11 +00:00
b7e5bc5972
servo: sftpgo: disable external access
2024-04-17 19:41:57 +00:00
54cefa247a
dino: record another bug
2024-04-17 09:53:08 +00:00
b7fd5e78cc
swaync: show volume-per-app (TODO: stylize it better)
2024-04-17 01:37:03 +00:00
79985ff009
dino: docs: update notes about BUGS
2024-04-16 20:50:00 +00:00
62f5b9276f
pwvucontrol: whitelist DRI inside the sandbox, for better perf
2024-04-16 20:49:33 +00:00
13c1f01a6b
servo: pleroma: migrate port 4000 -> 4040
...
port 4000 is used by NFS
2024-04-16 18:57:54 +00:00
5f281f57de
servo: transmission: inline nested torrent directories
2024-04-16 18:25:41 +00:00
089e434e3f
servo: transmission: fix group permissions of media when copying them to public dir
2024-04-16 16:31:10 +00:00
539fe48947
swaync: cleanup
2024-04-16 04:14:07 +00:00
259c3af526
swaync-fbcli: fix CPU pegging when canceling a phone ringer
2024-04-16 02:18:51 +00:00
6b5e0e57bc
swaync: unify the *DEBUG variables
2024-04-15 21:29:17 +00:00
4f06f0dc5e
unl0kr: disable animations
2024-04-15 21:10:55 +00:00
c0dde0e540
unl0kr: populate config file with upstream defaults
2024-04-15 21:05:21 +00:00
0385c09f23
sane-sandboxed: split out into an actual package
2024-04-15 18:57:22 +00:00
bd57b95598
swaync-fbcli: fix so that the child actually exits when killed (critical is to use SIGINT)
2024-04-15 18:32:50 +00:00
465da7c939
swaync-fbcli: migrate an "echo" to a "log"
2024-04-15 18:22:30 +00:00
44f76e656a
swaync-fbcli: fix that pkill expression wouldn't work for wrapped binaries
2024-04-15 18:21:27 +00:00
824046aca1
swaync-fbcli: fix CPU pegging
2024-04-15 18:09:21 +00:00
827c50ff43
swaync: cleanup the swaync-fbcli helper
2024-04-15 18:00:51 +00:00
0230291bb2
swaync: move the pkill logic into swaync-fbcli
2024-04-15 17:46:40 +00:00
3d3618256d
swaync: split the fbcli wrapper into its own file
2024-04-15 17:46:40 +00:00
590cb2dd7f
feeds: sort the list
2024-04-15 16:21:31 +00:00
d9dcab544c
feeds: unsubscribe from Profectus
2024-04-15 16:20:17 +00:00
4ee0f0c659
feeds: disable TheSideView
2024-04-15 14:59:50 +00:00
2af5bb3d78
i-still-dont-care-about-cookies: enable
2024-04-15 03:36:49 +00:00
2d8fe1d3e5
bonsai: tune niceness to hopefully be more responsive
2024-04-15 01:46:32 +00:00
0741d87bcb
rofi: theme so that i can read more text on narrow moby display
2024-04-15 00:04:10 +00:00
2587c27f89
font-manager: fix sandboxing
2024-04-14 21:55:52 +00:00
2d74d0725d
feeds: podcasts: add Money Stuff
2024-04-14 20:39:53 +00:00
7804236499
xdg-terminal-exec: remove upstreamed patched
2024-04-14 14:16:50 +00:00
feb36d19ac
programs: ship cups
2024-04-14 03:33:55 +00:00
a8915661a7
style: refine the base pink color for mpv and sway/waybar
...
this matches swaync a little better. mpv had to be made lighter, i think because of transparency stuff. probably sway/waybar could be made normal lightness
2024-04-13 20:29:24 +00:00
dd58ba8b00
gvfs: enable as part of nautilus, not sway
2024-04-13 20:29:24 +00:00
0a888e205e
programs: ship objdump
2024-04-13 20:29:24 +00:00
4b22fd95bf
introduce 'moby-min' host variant for the quickest deployment (no webkitgtk)
2024-04-13 20:29:24 +00:00
527a9e7612
feeds: add The Side View
2024-04-10 04:47:34 +00:00
3686e6e508
feeds: subscribe to Future of Coding
2024-04-10 03:06:30 +00:00
cda50db23b
loupe: associate with avif filetype
2024-04-09 19:22:59 +00:00
9be6960bbf
sway: disable shortcuts for creating sub-splits
...
i'm just always accidentally triggering them
2024-04-09 16:24:02 +00:00
a45aabfb72
sway: todo: load background from a more traditional path
2024-04-09 16:19:56 +00:00
876103ff7b
mpv: remove legacy ao=alsa and volume-max config
2024-04-09 16:10:05 +00:00
46cda87d5e
notejot: fix sandboxing
2024-04-09 15:44:01 +00:00
d728dfcd70
mpv: uosc: tweak the maximize button to actually act as a fullscreen toggle
2024-04-09 10:14:40 +00:00
19fcd0318c
mpv: remove the double-click-to-fullscreen shortcut
2024-04-09 10:09:17 +00:00
030f6d1a99
mpv: fix so pseudo-gui mode doesnt break logging
2024-04-09 09:58:16 +00:00
86b495cb9f
mpv: sane-sysvol: integrate with uosc mute button
2024-04-09 08:05:00 +00:00
c897f4fa4b
mpv: sane-sysvol: fix pipewire mute to reflect onto uosc volume level
...
ideally it would actually show up as the mute parameter!
2024-04-09 08:05:00 +00:00
8181a0664d
mpv: sane-sysvol: remove the unused id tracking
2024-04-09 08:05:00 +00:00
c37e94493f
mpv: sane-sysvol: optimize
2024-04-09 08:05:00 +00:00
b9e107510d
mpv: sane-sysvol: dont force system volume to zero on init
2024-04-09 08:05:00 +00:00
0f4c1ccfe3
mpv: update input.conf for sane-cast rename
2024-04-09 08:05:00 +00:00
9d9413c790
mpv: announce pipewire volume changes so uosc can listen for them
2024-04-09 08:05:00 +00:00
64c28ae657
mpv: don't need to force uosc volume state to 0 by default; nil is OK
2024-04-09 08:05:00 +00:00
1f4c885748
mpv: sane-sysvol script: init
...
it's a one-way volume control, but that's a start
2024-04-09 08:05:00 +00:00
0545b178af
mpv: rename plugin: sane -> sane-cast
2024-04-09 08:04:51 +00:00
fe4b6c36c4
feeds: subscribe to jwz.org
2024-04-09 03:55:25 +00:00
fce3436c88
servo: expose Milkbags to the internet :)
2024-04-08 06:55:09 +00:00
3aba91b360
mpv: fix race condition in uosc/ao-volume monitoring
2024-04-06 23:41:59 +00:00
907933612d
htop: statically populate config
2024-04-06 23:41:59 +00:00
b4877a488e
discord: add media into sandbox
2024-04-06 09:36:55 +00:00
4b3975367a
fix warnings: remove xdg-desktop-portal patch; fix mautrix-meta enable logic
2024-04-05 21:40:42 +00:00
28110c3e85
fix system hang during vim ctrl+z (disable io_uring in libuv)
2024-04-05 07:29:55 +00:00
43aa498ff9
mpv: fix uosc touch controls
2024-04-05 07:29:15 +00:00
f7e4504764
pict-rs: remove no-transcoding patch (it doesnt apply anymore)
2024-04-04 19:09:12 +00:00
7ab148ea58
servo: migrate /var/media to be 100% on zfs pool
2024-04-04 06:20:50 +00:00
0dfeec3260
mpv-uosc: 5.2.0 -> 5.2.0-unstable-2024-03-13
2024-04-04 06:19:15 +00:00
eb2317a743
mpv: 0.37.0 -> 0.37.0-unstable-2024-03-31
2024-04-04 06:19:15 +00:00
7c3ad85d75
sane-bt-add: fix sandboxing
2024-04-03 09:48:21 +00:00
410097480f
docs: servo: fs: fix setfacl typo
2024-04-03 09:48:10 +00:00
f5fadbe4cf
transmission: place torrents in a separate directory, and copy them to the main media directory on completion
2024-04-03 09:48:10 +00:00
a0550660e7
feeds: add The Corresponding Source podcast
2024-04-02 22:10:36 +00:00
a814832e48
feeds: add Hacker Public Radio podcast
2024-04-02 19:34:42 +00:00
747032d9a4
dino: run with higher scheduling priority
2024-04-02 09:02:44 +00:00
9b2e35b93f
pipewire: ship rtkit and unlock better scheduling priority
2024-04-02 09:02:06 +00:00
d2751237c1
xdg-desktop-portal-wlr: propery document its dependency on pipewire
2024-04-02 09:01:35 +00:00
ae87160de3
dino: 0.4.3 -> 0.4.3-unstable-2024-04-01
2024-04-02 04:57:11 +00:00
a90a213cc0
apps: gui: disable under-used "blanket" noise generator
2024-04-02 04:18:53 +00:00
24c04b8fc0
docs: xdg-desktop-portal: link to Door Knocker debugging tool
2024-04-02 04:18:53 +00:00
9d9791814a
audacity: fix sandboxing
2024-04-02 02:56:51 +00:00
331e673589
common/fs: mount /mnt/servo/media/* directories more granularly
...
this benefits sandboxing
2024-04-01 07:31:25 +00:00
bbb93600b7
/mnt/servo/*: mount in a way which doesn't block sandboxes
2024-04-01 06:00:17 +00:00
c0de54c11a
curlftpfs: exit on timeout error
2024-04-01 04:02:32 +00:00
0d29722443
common/fs: refactor and DRY
2024-04-01 02:12:06 +00:00
1c2a375b6d
common/fs: split curlftpfs into sane.programs
...
this makes it easier to build outside of /etc/fstab context, and opens a future path to sandboxing
2024-04-01 00:50:14 +00:00
b6840a3ed4
curlftpfs: build via my own repo
2024-04-01 00:43:07 +00:00
74e994598e
feeds: add David Revoy
2024-03-31 20:28:41 +00:00
856b6fcd7a
feeds: add Willow
2024-03-31 18:20:49 +00:00
cd6a91e995
sway: tune sandboxing
2024-03-31 05:59:10 +00:00
ade680d9d2
unl0kr: remove legacy wayland stuff (it's handled by s6 now)
2024-03-31 05:20:33 +00:00
6d4a43fa0d
sway: warn when needed runtime dirs dont exist
2024-03-31 05:20:20 +00:00
d3ad661970
servo: zfs: enable reflink support
2024-03-31 03:48:34 +00:00
1e7de43da8
docs: sway: mention that hotplugging is broken
2024-03-31 03:24:33 +00:00
eff37765ae
sane.image: fix so imgs.moby
includes a working bootloader
2024-03-31 03:24:33 +00:00
a65673847a
superTux, superTuxKard: don't ship on moby
...
i don't use it there; it wastes deploy time
2024-03-31 03:24:33 +00:00