da1053d635
programs: configure auto-launching programs to only start *after* graphical-session.target
...
this ensures they really have their environment
2024-02-19 12:58:08 +00:00
080bd856ec
programs: sandboxing: only permit wayland socket access to those specific apps which require it
2024-02-14 01:49:49 +00:00
1a18ed533b
programs: don't include dbus in the sandbox by default
2024-02-13 11:58:33 +00:00
c9af5bf9b4
programs: sandboxing: enable net isolation for most sandboxed programs
2024-02-08 21:51:32 +00:00
6151eee8d5
programs (assorted): fix wantedBy = "default.target" to be more specific
...
now GUI apps aren't stuck in a restart loop until sway starts
in particular, signal-desktop can actually be autostarted
2024-02-02 14:21:57 +00:00
db6ba61429
programs: sandbox more apps with wrapperType=wrappedDerivation
2024-01-29 13:45:57 +00:00
be06e61bfb
programs: geary: fix sandboxing
...
this is an UGLY one. geary itself uses bwrap, and that fails if it's sandboxed AT ALL in landlock (i.e. even with just / landlocked as RW).
maybe this has to do with what landlock-sandboxer considers 'read/write' to be, and there's actually more file ops i need to enable on /
2024-01-27 11:28:08 +00:00
b03d7f7fb0
geary: test the firejail profile; it's not ready
2024-01-22 10:04:18 +00:00
4d2fecec13
geary: add my other email account
2023-11-27 07:56:26 +00:00
91c2f6fc95
implement sane.programs.slowToBuild and {moby,desko,lappy}-light targets
...
i'm not sure this is the exact right abstraction, but it's a starting point
2023-11-18 22:06:42 +00:00
3855fb5eb6
geary: integrate with swaync and auto-start
2023-11-14 00:39:24 +00:00
28d4a4b065
persistence: move stores behind a byStore attr to support disabling persistence altogether (for e.g. rescue image)
2023-11-08 15:33:15 +00:00
30486f4b4e
geary: fix a typo
2023-10-24 10:29:40 +00:00
69ac75131c
apps: add geary
2023-10-24 04:50:31 +00:00