colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
4,686 Commits 125 Branches 1 Tag 12 MiB
38fd171713
Commit Graph

1917 Commits

Author SHA1 Message Date
Colin
38fd171713 spotify: sandbox with bwrap instead of firejail 2024-01-23 12:12:56 +00:00
Colin
84c78d9256 conky: sandbox with bwrap instead of firejail 2024-01-23 12:11:22 +00:00
Colin
973203d85e programs: mpv: sandbox with bwrap instead of firejail 2024-01-23 11:37:37 +00:00
Colin
f9174dd2aa programs: firefox: sandbox with bwrap instead of firejail 2024-01-23 11:37:19 +00:00
Colin
0bed4d0ada mpv: disable firejail sandboxing (it fails on moby) 2024-01-23 01:01:21 +00:00
Colin
f3e8af3fdb doc: libreoffice: mention "still" v.s. "fresh" variants 2024-01-23 01:00:34 +00:00
Colin
af542ec05f docs: gnome-keyring: point out that system gnome-keyring doesn't inherit my sandboxing 2024-01-23 01:00:06 +00:00
Colin
399a1d2052 steam: use wrapped package as system steam 2024-01-23 00:59:23 +00:00
Colin
bb6e5611d4 docs: conky: point out that un-sandboxed conky is used by sxmo-utils 2024-01-23 00:58:56 +00:00
Colin
c11f5a1401 wireshark: fix security.wrappers when wireshark is disabled 2024-01-22 23:58:04 +00:00
Colin
5b220f3fec wireshark: enable firejail isolation 2024-01-22 13:12:10 +00:00
Colin
df861a3ef0 programs: firejail: inject custom firejail config through /etc/firejail 
this improves rebuild times, and makes it easier for packages to inject their own free-form config
 2024-01-22 11:12:18 +00:00
Colin
d6754b6cac evince: sandbox with firejail 2024-01-22 10:20:29 +00:00
Colin
b03d7f7fb0 geary: test the firejail profile; it's not ready 2024-01-22 10:04:18 +00:00
Colin
008b186479 audacity: test the firejail profile; it's not ready 2024-01-22 10:04:03 +00:00
Colin
914f9b3703 vlc: sandbox with firejail 2024-01-22 09:47:24 +00:00
Colin
ed7ec4a371 conky: sandbox with firejail 2024-01-22 09:31:00 +00:00
Colin
2d338201a5 signal-desktop: sandbox with firejail 
TODO: fix URL opening / xdg-open
 2024-01-22 09:30:34 +00:00
Colin
a8aad1f98f dino: sandbox with firejail 
TODO: fix URL opening / xdg-open
 2024-01-22 09:30:13 +00:00
Colin
2d06b93118 fractal: sandbox with firejail 
TODO: seems this broke link opening? (xdg-open?)
 2024-01-22 09:28:50 +00:00
Colin
60547204a8 sane.programs: firejail: support wrapping "runCommand" packages 2024-01-22 09:16:25 +00:00
Colin
3d763a0021 tor-browser-bundle-bin -> tor-browser 
upstream nixpgs just has tor-browser-bundle-bin as an alias for tor-browser
 2024-01-22 08:13:37 +00:00
Colin
ad474873e2 dovecot: fix unparseable config 
upstream/nixpkgs is doing some shit, ugh
 2024-01-22 08:09:37 +00:00
Colin
0f3f0933b1 mpv: sandbox with firejail 2024-01-22 03:50:28 +00:00
Colin
f8440e3811 go2tv: allow more ports through the firewall 2024-01-22 03:50:04 +00:00
Colin
9ecd0adcbe firefox: sandbox with firejail 
TODO: get it so open-in-mpv launches an mpv that has access to ~/.config/mpv

i guess this is the 'firejail url problem'
 2024-01-21 23:59:15 +00:00
Colin
cf475c4696 nicotine-plus: remove distro-specific symlink 2024-01-21 03:56:33 +00:00
Colin
ce35330923 vpn.nix: factor into a proper module 
this will allow for better integration with 'sane.programs'
 2024-01-21 00:49:34 +00:00
Colin
59187a0ec0 programs: allow running binaries in a netns-style firejail 2024-01-20 11:11:12 +00:00
Colin
03fbf42680 servo: lemmy: pict-rs: fix broken CLI argument 2024-01-20 03:15:06 +00:00
Colin
7d670facd4 feeds: sort 2024-01-19 21:38:45 +00:00
Colin
61e5704fd6 feeds: unsub LW 
too verbose, and too many of y'all turned into authoritarians
 2024-01-19 21:38:14 +00:00
Colin
fd0723169f nix-serve: fix coredump loop 2024-01-19 21:34:45 +00:00
Colin
a725d42bf5 ip_forward: consolidate the options to fix servo build 2024-01-19 21:34:18 +00:00
Colin
c03cea2d4e net/vpn.nix: cleanup dead code 2024-01-19 09:58:13 +00:00
Colin
f43d6bff92 route VPN traffic such that i can configure any app to selectively use the VPN 
e.g. firejail --net=br-ovpnd-us-mi --noprofile --dns=46.227.67.134 getent ahostsv4 uninsane.org
 2024-01-19 09:54:01 +00:00
Colin
43a8ca90a7 feeds: add Cat and Girl 2024-01-16 19:12:25 +00:00
Colin
7d504892be servo: dovecot: fix broken sieve 2024-01-16 06:28:25 +00:00
Colin
d7a2bf9d26 servo: remove networking.useDHCP=false override 
seems likely that the change to systemd-networkd renamed the ethernet interface, and so eth0.useDHCP wasn't right. this change seems to restore networking
 2024-01-16 06:09:19 +00:00
Colin
851c15aa6d vpn: port ovpnd connections to use systemd-network 
this should allow better integration with e.g. systemd-run, in future
 2024-01-16 03:20:40 +00:00
Colin
c45898f903 WIP: wg-dev 2024-01-15 04:15:17 +00:00
Colin
0efec20904 hosts/common/net/vpn: remove unused "extraOptions" argument 2024-01-15 03:52:31 +00:00
Colin
5b9c58dbc6 hosts/common: use servo-style dns on all machines 
it'll be handy as i want to place individual applications inside VPNs/namespaces
 2024-01-15 01:16:22 +00:00
Colin
a7964c4f0c hosts/common: net: split upnp config into own file 2024-01-15 01:12:09 +00:00
Colin
006a7e9f72 consolidate net-related stuff into hosts/common/net/ directory 2024-01-15 01:11:13 +00:00
Colin
3856710faf net: annotate the UPNP rule 2024-01-15 01:08:10 +00:00
Colin
6cbc0bedf3 ddns-he (HurricaneElectric): remove 
it's unused for a year
 2024-01-15 00:55:10 +00:00
Colin
fbc0c7615a ddns-afraid (afraid.org): remove 
it's unused for a year
 2024-01-15 00:54:41 +00:00
Colin
34bcdb5128 firefox: disable kinetic scrolling 2024-01-14 20:34:14 +00:00
Colin
a5c6e41622 feeds: subscribe to POD OF JAKE 2024-01-14 05:20:28 +00:00