colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
5,230 Commits 125 Branches 1 Tag 13 MiB
284b698015
Commit Graph

754 Commits

Author SHA1 Message Date
Colin
556c20bc04 programs: vulkan-tools: sandbox 2024-02-17 14:53:22 +00:00
Colin
cf5f58dda6 programs: nmap: sandbox 2024-02-17 14:51:26 +00:00
Colin
6f8c299c69 programs: xdg-desktop-portal: log more 2024-02-17 14:40:56 +00:00
Colin
bbf7aac062 programs: gnome-frog: sandbox 2024-02-17 14:40:42 +00:00
Colin
7d1fd2f30a programs: nvme-cli: sandbox 2024-02-17 14:40:29 +00:00
Colin
472987f164 programs: gimp: fix sandboxing failure 2024-02-17 13:43:35 +00:00
Colin
784c2145f3 programs: iputils: sandbox 2024-02-17 03:33:05 +00:00
Colin
0000afb315 programs: make nixosBuiltins package set more precise 2024-02-17 03:08:14 +00:00
Colin
31fa21bd20 programs: host/iproute2/iw/nettools/wirelesstools: sandbox 2024-02-17 03:05:58 +00:00
Colin
9510817604 programs: document nixosBuiltins programs 2024-02-17 02:40:28 +00:00
Colin
4a84de3ee4 programs: inetutils/iptables: sandbox 2024-02-17 02:32:57 +00:00
Colin
ab42a4cc5a programs: qemu: disable sandbox 2024-02-17 01:43:58 +00:00
Colin
f6537b083a programs: discord: add dbus to sandbox 2024-02-17 01:42:22 +00:00
Colin
1b4306e649 programs: switch bridge-utils, btrfs-progs from landlock -> bwrap 
landlock can't isolate net yet, so bwrap gives better sandboxing
 2024-02-16 15:32:41 +00:00
Colin
af8a8358bd programs: hdparm: sandbox 2024-02-16 15:32:41 +00:00
Colin
464c6c56c5 programs: btrfs-progs: sandbox 2024-02-16 15:32:41 +00:00
Colin
8e314e8b73 programs: bridge-utils: sandbox 2024-02-16 15:32:41 +00:00
Colin
198029f95f programs: netcat: sandbox 2024-02-16 15:32:41 +00:00
Colin
1d646459ab programs: pulsemixer: sandbox 2024-02-16 15:32:41 +00:00
Colin
8f3bab3636 programs: sort 2024-02-16 15:32:41 +00:00
Colin
a909a93c29 programs: strings: fix sandboxing 2024-02-16 15:32:41 +00:00
Colin
6aaa724abf programs: strings: sandbox 2024-02-16 14:57:25 +00:00
Colin
a1c721d5b4 programs: binutils-unwrapped -> strings: distribute just the binary i care about 2024-02-16 14:57:25 +00:00
Colin
cd3b4dde7b programs: nix-index: sandbox 2024-02-16 11:39:05 +00:00
Colin
a9d384688a programs: alsaUtils: sandbox 2024-02-16 11:28:43 +00:00
Colin
fffd6f4204 programs: pciutils: sandbox 2024-02-16 11:12:47 +00:00
Colin
324485d105 programs: networkmanagerapplet: sandbox 2024-02-16 11:07:24 +00:00
Colin
7cb8b144b2 programs: sandbox fatresize 2024-02-16 10:45:56 +00:00
Colin
c2bb97e7e6 programs: ethtool: sandbox 2024-02-16 10:38:39 +00:00
Colin
3cbdc03369 programs: zeal: disable sandboxing 2024-02-16 10:32:49 +00:00
Colin
5c7fa591a0 programs: sandbox: dtrx/e2fsprogs/efibootmgr/electrum 2024-02-16 10:32:18 +00:00
Colin
18c54e8b04 programs: sandbox cryptsetup and ddrescue (latter is untested, probably lacking!) 2024-02-16 10:05:24 +00:00
Colin
1416856fb6 programs: blueberry: sandbox 2024-02-16 07:58:00 +00:00
Colin
2a5bc6f612 programs: util-linux: disable sandbox 2024-02-16 07:37:59 +00:00
Colin
c56a6a8c24 programs: disable libcap_ng since it cant sandbox 2024-02-16 07:32:34 +00:00
Colin
f5a4bdedaf programs: libcap_ng (netcap): disable sandbox 2024-02-16 07:32:05 +00:00
Colin
114a45f347 programs: pstree: sandbox 2024-02-16 06:57:45 +00:00
Colin
d53344d527 programs: killall: sandbox 2024-02-16 06:57:32 +00:00
Colin
561447de70 programs: shattered-pixel-dungeon: sandbox 2024-02-16 06:57:03 +00:00
Colin
9cc12fab5d programs: gpodder: fix to work in sandbox (add dbus) 2024-02-16 06:07:46 +00:00
Colin
5cda3b2805 programs: firefox/fractal: document portal filechooser limitations 2024-02-16 05:49:56 +00:00
Colin
4afd56ff4c programs: powertop: fix capabilities typo in sandbox definition 2024-02-16 05:49:13 +00:00
Colin
94b4f78e39 programs: lemoa: sandbox 2024-02-16 05:32:22 +00:00
Colin
3fd89ec91b programs: sandbox powertop 2024-02-16 05:28:17 +00:00
Colin
4085828575 programs: sandbox parted 2024-02-16 05:28:07 +00:00
Colin
1a972927b6 programs: sandbox nethogs, nmon, nixpkgs-review 2024-02-16 05:27:50 +00:00
Colin
5f3ec42f57 programs: sandbox lsof with capsh only 
can't get it to sandbox any more aggressively with either landlock or
bwrap
 2024-02-16 04:55:18 +00:00
Colin
28aaeb051f programs: disable sandboxing for strace and screen 2024-02-16 04:51:52 +00:00
Colin
9d252d095e programs: htop/iotop/iftop: sandbox 2024-02-16 04:51:18 +00:00
Colin
4e5e4219ec programs: usbutils: sandbox 2024-02-16 04:03:47 +00:00
Colin
824dd7c1f5 programs: endless-sky: sandbox with bwrap 2024-02-16 04:00:27 +00:00
Colin
b840a0d61c programs: space-cadet-pinball: sandbox w/ bwrap 2024-02-16 03:58:09 +00:00
Colin
36bcecfd68 programs: sort 2024-02-16 03:53:53 +00:00
Colin
c3a5fb9394 programs: wdisplays: sandbox with bwrap 2024-02-16 03:53:27 +00:00
Colin
30507c3564 programs: soundconverter: sandbox with bwrap 2024-02-16 03:51:23 +00:00
Colin
2b66ffc58a programs: feedbackd: sandbox w/ bwrap 2024-02-16 03:49:59 +00:00
Colin
48d96c1f36 programs: hase: sandbox with bwrap 
couldn't test the net feature, because hase servers have since gone
offline :((
 2024-02-16 03:48:59 +00:00
Colin
cdf61755a3 programs: splatmoji: document the sandboxing approach 2024-02-16 03:46:48 +00:00
Colin
511752fab5 programs: xdg-desktop-portal{-gtk,-wlr}: enable sandbox 2024-02-16 03:17:19 +00:00
Colin
40ed7cff1b programs: git: fix failing sandbox build 2024-02-16 03:16:46 +00:00
Colin
5e7f914354 programs: superTux: fix failing sandbox build 2024-02-16 03:16:28 +00:00
Colin
0dec8b6d5b programs: fontconfig: sandbox 2024-02-15 18:26:45 +00:00
Colin
7eaffc9fa0 programs: w3m: enable sandbox 2024-02-15 18:25:48 +00:00
Colin
b7c1a6331d programs: mate.engrampa: enable sandbox 2024-02-15 18:24:27 +00:00
Colin
d6868d58e6 xdg-desktop-portal: disable sandbox 2024-02-15 18:23:40 +00:00
Colin
52d768a162 programs: xterm: mark as not needing a sandbox 2024-02-15 17:26:55 +00:00
Colin
7a685d8de9 programs: inkscape: sandbox with bwrap 2024-02-15 17:26:37 +00:00
Colin
838c6d7dc8 programs: swaync: sandbox 2024-02-15 16:38:38 +00:00
Colin
9d706df5b5 programs: waybar: narrow the /run/user paths to just sway-ipc.sock 2024-02-15 14:40:01 +00:00
Colin
24d23f7903 programs: bemenu: fix sandboxing 2024-02-15 14:33:20 +00:00
Colin
5090c4e88c sway: define without using nixos "programs.sway" 
motivation was to leverage 'sane.programs.sway.env' to statically configure SWAYSOCK. i think that's still the right way: we'll see
 2024-02-15 14:25:27 +00:00
Colin
081114da65 programs: waybar: sandbox in a way that works well for moby too 2024-02-15 13:16:18 +00:00
Colin
02b7586ffa programs: komikku: add dbus to the sandbox to fix it 2024-02-15 11:58:08 +00:00
Colin
25dcb7f89a programs: open-in-mpv: document that upstream merged my PR 2024-02-15 11:38:37 +00:00
Colin
88f1d63b6e firefox: properly integrate xdg-desktop-portal for opening media 2024-02-15 11:36:50 +00:00
Colin
d36e269edd programs: loupe: remove the dbus services to make it work with Firefox 2024-02-15 11:36:24 +00:00
Colin
582a003739 programs: waybar: fix battery indicator within sandbox 2024-02-15 10:35:24 +00:00
Colin
df60be8c61 open-in-mpv: sandbox with bwrap 2024-02-15 09:49:03 +00:00
Colin
e8b4c36442 programs: nautilus: specify inode/directory mime association 2024-02-15 09:48:26 +00:00
Colin
2f699737f5 firefox: fix open-in-mpv integration 
two parts: add open-in-mpv's config to firefox's sandbox; patch open-in-mpv to forward to xdg-open
 2024-02-15 09:14:57 +00:00
Colin
4a3d24be3f waybar: migrate all config to "sane.programs" 2024-02-15 07:18:12 +00:00
Colin
10feb319fe sway: lift waybar to own file and sandbox it 2024-02-15 02:33:40 +00:00
Colin
b2fcf6fdfd programs: messengers (fractal, signal, dino, tuba): add media libraries to the sandbox 2024-02-15 00:49:24 +00:00
Colin
dcc2eb265d programs: re-enable sandbox for tumiki-fighters and losslesscut (X applications) 2024-02-15 00:09:40 +00:00
Colin
518c3afd07 programs: sandbox: disable losslesscut/tumiki-fighters sandbox until i can figure out Xwayland 2024-02-14 14:37:59 +00:00
Colin
90dee85664 programs: sort alphabetically 2024-02-14 14:28:22 +00:00
Colin
26fc283fd9 programs: losslesscut: sandbox 2024-02-14 14:26:56 +00:00
Colin
d0430ce1e9 programs: pavucontrol/pwvucontrol: enable audio devices inside the sandbox 2024-02-14 14:26:56 +00:00
Colin
368a52b91e programs: speedtest-cli: sandbox with bwrap 2024-02-14 14:26:56 +00:00
Colin
d90dacee1f programs: grimshot: sandbox with bwrap 2024-02-14 14:17:41 +00:00
Colin
a6e2b3bc5c programs: xdg-terminal-exec: disable sandbox 2024-02-14 14:11:35 +00:00
Colin
8863a3c674 programs: wob: sandbox with bwrap 2024-02-14 14:10:20 +00:00
Colin
fa8d6dbb9f programs: wob: fix config substitution 2024-02-14 14:04:54 +00:00
Colin
e5e79a6b60 programs: FileMimeInfo: disable sandbox 2024-02-14 13:54:21 +00:00
Colin
95f7eeeb5c programs: libnotify: sandbox with bwrap 2024-02-14 13:49:48 +00:00
Colin
29d638c68b programs: dig: sandbox with bwrap 2024-02-14 13:47:44 +00:00
Colin
7d22a5466f programs: zsh: fix "switch" function to be friendly to sandboxing 2024-02-14 13:45:56 +00:00
Colin
5907d9fa42 Revert "xdg-desktop-portal-gtk: build without support for notifications" 
This reverts commit c9e02bfd8a.

disable notifications at this level did not cause fractal (gtk app) to
send its notifications to swaync. instead, it still tried to deliver to
the Portal, where the Portal wasn't expecting anything and just returned
an error to fractal.

setting `GNOTIFICATION_BACKEND = "freedesktop"` seems to be the correct
way to get gtk apps to behave as desired with their notifications.
 2024-02-14 11:09:37 +00:00
Colin
67fe8d4666 swaync: propagate GNOTIFICATION_BACKEND = "freedesktop" to all users 2024-02-14 11:09:20 +00:00
Colin
c9e02bfd8a xdg-desktop-portal-gtk: build without support for notifications 2024-02-14 10:51:18 +00:00