|
1cb2c5225f
|
programs: use wrapperType=wrappedDerivation where possible
|
2024-01-29 12:07:04 +00:00 |
|
|
7af970f38c
|
modules/programs: extend wrapperType="wrappedDerivation" to handle common share/ items
|
2024-01-29 11:59:38 +00:00 |
|
|
6f86e61a00
|
firefox: fix build
zip was giving some complaints... i'm not sure why, i think it still works
|
2024-01-29 09:57:35 +00:00 |
|
|
3ea3776281
|
nixpkgs: 2024-01-27 -> 2024-01-28
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/ef4dd61b7d53af44b060473308c50fa3b34d5681' (2024-01-27)
→ 'github:nixos/nixpkgs/a86d1125195505d4ea8997b12507b9c623511256' (2024-01-28)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/c002c6aa977ad22c60398daaa9be52f2203d0006' (2024-01-27)
→ 'github:nixos/nixpkgs/f58fe0f36dbbef39b3f5ec8542a02dece7c9559b' (2024-01-28)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/4606d9b1595e42ffd9b75b9e69667708c70b1d68' (2024-01-24)
→ 'github:Mic92/sops-nix/73bf36912e31a6b21af6e0f39218e067283c67ef' (2024-01-28)
• Updated input 'sops-nix/nixpkgs-stable':
'github:NixOS/nixpkgs/a1982c92d8980a0114372973cbdfe0a307f1bdea' (2024-01-12)
→ 'github:NixOS/nixpkgs/9a333eaa80901efe01df07eade2c16d183761fa3' (2024-01-22)
```
|
2024-01-29 09:57:35 +00:00 |
|
|
a7eb8dd6fa
|
nixpkgs: 2024-01-22 -> 2024-01-27
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/dceddd03df4f840ea28c65887c199495793fb322' (2024-01-22)
→ 'github:nixos/nixpkgs/ef4dd61b7d53af44b060473308c50fa3b34d5681' (2024-01-27)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/8cccce637e19577815de54c5ecc3132dff965aee' (2024-01-22)
→ 'github:nixos/nixpkgs/c002c6aa977ad22c60398daaa9be52f2203d0006' (2024-01-27)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/ae171b54e76ced88d506245249609f8c87305752' (2024-01-21)
→ 'github:Mic92/sops-nix/4606d9b1595e42ffd9b75b9e69667708c70b1d68' (2024-01-24)
```
this breaks sway login for lappy. not obvious why.
|
2024-01-29 09:57:35 +00:00 |
|
|
c1a1f51ca2
|
git: fix git-upload-pack (used on the remote when doing git pull)
|
2024-01-29 09:57:27 +00:00 |
|
|
32824cfade
|
modules/programs: sandbox in a manner that's more compatible with link-heavy apps like busybox, git, etc
|
2024-01-29 09:56:30 +00:00 |
|
|
51fc61b211
|
sane-sandboxed: cleanup
|
2024-01-29 09:14:43 +00:00 |
|
|
7b9795ea3d
|
modules/programs: implement embedWrapper option
|
2024-01-29 09:13:49 +00:00 |
|
|
5f3e481fe4
|
sane-sandboxed: refactor and avoid passing duplicate/subpaths into the sandbox
|
2024-01-29 07:15:02 +00:00 |
|
|
86219d7006
|
sane-sandboxed: simplify: consolidate homePaths and rootPaths into just "paths"
|
2024-01-29 05:43:10 +00:00 |
|
|
381da74e6c
|
users: enable pam_cap for "login" program
|
2024-01-28 17:55:19 +00:00 |
|
|
24c70c3683
|
feeds: switch acoup.blog to the database type feed
at some point my feed script became capable of understanding his RSS :)
|
2024-01-28 12:37:38 +00:00 |
|
|
bfec531fa2
|
sandbox a bunch more apps
|
2024-01-28 11:43:05 +00:00 |
|
|
de11edffa5
|
programs/assorted: remove more unused programs
|
2024-01-28 11:34:33 +00:00 |
|
|
294f167df0
|
sane-sandboxed: fix CLI escaping with capsh
|
2024-01-28 11:11:07 +00:00 |
|
|
e536e3c718
|
programs/assorted.nix: remove unused tree-sitter package
|
2024-01-28 11:03:09 +00:00 |
|
|
17d14dbac2
|
programs/assorted.nix: uninstall some programs i don't frequently use
|
2024-01-28 10:40:57 +00:00 |
|
|
94981ef335
|
vim: sandbox
|
2024-01-28 10:39:08 +00:00 |
|
|
3cd244be76
|
git: sandbox with bwrap
|
2024-01-28 10:36:19 +00:00 |
|
|
f100595257
|
modules/programs: properly forward autodetectCliPaths to the sandboxer
|
2024-01-28 10:31:07 +00:00 |
|
|
e84da827c2
|
sane-sandboxed: fix typo in add-pwd flag
|
2024-01-28 09:17:12 +00:00 |
|
|
42f9fa029d
|
modules/programs: fix that whitelistPwd wasnt passed into the sandbox profile
|
2024-01-28 09:04:27 +00:00 |
|
|
40fee97b06
|
modules/programs: make-sandboxed: disallowReferences to the fake sane-sandboxed used during checkPhase
|
2024-01-28 08:58:13 +00:00 |
|
|
3cc8292d8b
|
modules/programs: make-sandboxed: support packages with checkPhase by bypassing the sandbox
|
2024-01-28 07:45:08 +00:00 |
|
|
9261d30a34
|
modules/programs: reformatting
|
2024-01-28 05:58:08 +00:00 |
|
|
3eb3a8db5a
|
modules/programs: add a whitelistPwd option to grant the program access to the directory it was called from
|
2024-01-28 05:57:30 +00:00 |
|
|
97129268f0
|
modules/programs: sandbox: add "capshonly" as a valid sandbox.method
|
2024-01-28 05:57:11 +00:00 |
|
|
fa39a965ca
|
TODO: investigate sane.programs as a contributor to nixos-rebuild times
|
2024-01-28 05:55:32 +00:00 |
|
|
7da979503b
|
bubblewrap: explicitly disable sandboxing
|
2024-01-27 17:20:40 +00:00 |
|
|
3b32c26026
|
zsh: explicitly disable sandboxing
|
2024-01-27 17:20:24 +00:00 |
|
|
cad25306e7
|
alacritty: explicitly disable sandbox
|
2024-01-27 17:20:11 +00:00 |
|
|
4d7414c941
|
programs: introduce and use "autodetectCliPaths" nix config
|
2024-01-27 17:19:48 +00:00 |
|
|
b29b8bdec7
|
wireshark: specify capabilities via sandbox.capabilities config
|
2024-01-27 17:12:40 +00:00 |
|
|
a7d081bfcb
|
modules/programs: add a sane.strictSandboxing option
|
2024-01-27 17:11:07 +00:00 |
|
|
5ca208d07f
|
modules/programs: sandbox: add enable flag and capabilities structured config
|
2024-01-27 17:08:27 +00:00 |
|
|
6c605944c5
|
pkgs: firefox-extensions: update to latest
|
2024-01-27 15:50:47 +00:00 |
|
|
02b6e17449
|
nicotine-plus: disable
now i have no firejail programs; no more setuid wrapper in /run/wrappers :)
|
2024-01-27 15:37:43 +00:00 |
|
|
770db96ec6
|
go2tv: sandbox with bwrap
|
2024-01-27 15:31:08 +00:00 |
|
|
ff356fdd49
|
playerctl: sandbox with bwrap
|
2024-01-27 15:18:56 +00:00 |
|
|
eec89e2cc1
|
librewolf: sandbox with bwrap
|
2024-01-27 15:16:53 +00:00 |
|
|
d69d8f64f3
|
tor-browser: sandbox with bwrap; remove useHardenedMalloc patch
|
2024-01-27 15:04:22 +00:00 |
|
|
4ee2562202
|
programs: tidy: prefer "sandbox.extraHomePaths" over "fs" for external deps
|
2024-01-27 14:54:17 +00:00 |
|
|
08b1ece56e
|
programs: gnome-weather: sandbox with bwrap
|
2024-01-27 14:53:38 +00:00 |
|
|
26b978dcf2
|
modules/programs: sandbox: fix "inline" -> "inplace" typo
|
2024-01-27 14:42:25 +00:00 |
|
|
b22c2e094c
|
koreader: sandbox with bwrap
|
2024-01-27 14:39:22 +00:00 |
|
|
b40775f97c
|
koreader-from-src: document FTP configuration
|
2024-01-27 14:39:02 +00:00 |
|
|
a27a72646c
|
koreader-from-src: fix non-cross build
|
2024-01-27 14:38:52 +00:00 |
|
|
100ddad40e
|
wike: link to issue about state directory
|
2024-01-27 14:27:02 +00:00 |
|
|
d8b6d419b6
|
modules/programs: sandboxing: add wrapperType = "wrappedDerivation" to wrap without rebuilding the whole package
|
2024-01-27 14:26:41 +00:00 |
|