9e8e1d82a6
flake: add a deploy.self-light target
2024-02-20 10:24:33 +00:00
a05184f956
programs: neovim: fix nvim-treesitter typo
2024-02-20 10:23:52 +00:00
36ad2d5421
programs: unl0kr: auto-derive the user option
2024-02-20 07:21:22 +00:00
b0f62830a5
unl0kr: port to sane.programs
2024-02-20 07:14:30 +00:00
f970679266
sxmo: remove symlinks for legacy sxmo_hook_{poweroff,reboot}.sh
2024-02-20 06:49:42 +00:00
c7f4661c1c
programs: htop: persist config
2024-02-20 05:38:45 +00:00
e8306831c5
programs: qemu: mark as slowToBuild
2024-02-20 05:34:47 +00:00
41b1a013d7
programs: sane-sudo-redirect: disable sandbox
2024-02-19 17:09:27 +00:00
f785ccd351
programs: sane-reclaim-disk-space: sandbox
2024-02-19 17:06:22 +00:00
48744dcaaa
programs: sane-ip-reconnect: remove (unused)
2024-02-19 17:05:27 +00:00
9373864b60
programs: sane-git-init: remove (unused)
2024-02-19 16:53:59 +00:00
c16c9dfe0b
programs: sandbox a bunch of sane scripts
2024-02-19 16:51:53 +00:00
292a411fb3
linux-megous: 6.7.2 (20240127-1717) -> 6.7.4 (20240211-1928)
2024-02-19 16:37:11 +00:00
2d17826731
programs: eza: sandbox with bwrap instead of landlock
2024-02-19 15:32:40 +00:00
34dedcff57
modules/programs: sane-sandboxed: fix normPath handling of paths containing special characters like [
2024-02-19 15:32:23 +00:00
de297f22be
programs: split sane-scripts out of assorted.nix
2024-02-19 14:19:10 +00:00
4b47b76461
programs: sfeed: sandbox
2024-02-19 14:14:59 +00:00
3effd59c9b
xdg-desktop-portal-{gtk,wlr}: start via service manager, with ordered deps, instead of letting dbus activate it for us
...
that gets more reliable environment importing, etc
2024-02-19 13:44:23 +00:00
a3d0691d99
trivial-builders: add rmDbusServicesInPlace for when the symlink method isnt applicable
2024-02-19 13:43:22 +00:00
44647e0d36
programs: forkstat: sandbox
2024-02-19 13:15:15 +00:00
da1053d635
programs: configure auto-launching programs to only start *after* graphical-session.target
...
this ensures they really have their environment
2024-02-19 12:58:08 +00:00
273b1b84e3
systemd: reduce the stop job timeout
2024-02-19 12:58:08 +00:00
0b6b98bba6
sway: add a safeguard to catch if the systemd environ race condition is re-introduced
2024-02-19 12:58:08 +00:00
8886177c23
xdg-desktop-portal: fix it to find all the portal configs again
...
maybe i broke this when i simplified XDG_CONFIG_DIRS? not sure
2024-02-19 12:58:08 +00:00
7e343bfc05
sway: fix race condition around dbus/systemd environment importing
2024-02-19 10:52:51 +00:00
f72bdb6f3a
activationScripts: notify on deploy: fix to work with new SWAYSOCK name
2024-02-19 08:21:23 +00:00
5666a05ef0
strip out a bunch of unused nixpkgs defaults
2024-02-19 06:20:13 +00:00
05daf738fc
nixpkgs: 2024-02-17 -> 2024-02-18
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/6caa6affcc4774c81467ed08fa3ec35da40fd1d9' (2024-02-17)
→ 'github:nixos/nixpkgs/d076cde70cbceca9315a11bdc609ddfcec9dfbca' (2024-02-18)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/28d6a724f54085377102db7c3278ba82a0a5255f' (2024-02-17)
→ 'github:nixos/nixpkgs/9511a7b219df1f8d8f5c2a58c4870fde169fe397' (2024-02-18)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/48afd3264ec52bee85231a7122612e2c5202fa74' (2024-02-13)
→ 'github:Mic92/sops-nix/ffed177a9d2c685901781c3c6c9024ae0ffc252b' (2024-02-18)
• Updated input 'sops-nix/nixpkgs-stable':
'github:NixOS/nixpkgs/d8cd80616c8800feec0cab64331d7c3d5a1a6d98' (2024-02-10)
→ 'github:NixOS/nixpkgs/69405156cffbdf2be50153f13cbdf9a0bea38e49' (2024-02-17)
```
2024-02-18 19:05:04 +00:00
35b4cc779f
megapixels: switch to bwrap, to support Loupe image viewer
2024-02-18 18:46:37 +00:00
c7d111a318
megapixels: 1.7.0 -> 1.8.0
2024-02-18 18:27:47 +00:00
7e5eb6324d
megapixels: sandbox
...
it's iffy... 1.8.0 is released, which can be sandboxed w/o sys/dev/char or ~/.local/share/applications, but seems to be even flakier
2024-02-18 17:44:49 +00:00
95cb5624ca
modules/programs: sane-sandboxed: fix but that --sane-sandbox-path / wasnt being canonicalized
2024-02-18 13:53:53 +00:00
55c305812d
WIP: megapixels: sandbox
2024-02-18 13:53:18 +00:00
600f6eb56c
modules/programs: sane-sandboxed: remove all remaining forks/subshells
...
launchtime for firefox in bwrap is about 65ms; 35ms for --sane-sandbox-method none
2024-02-18 13:15:04 +00:00
fd6f8493a7
modules/programs: sane-sandboxed: remove all forking from normPath
...
reduces time for librewolf benchmark from 90ms -> 65ms. there's still _some_ forking in this script, but it's constant now.
2024-02-18 12:25:03 +00:00
f10f1ee7b1
modules/programs: sane-sandboxed: optimize "normPath" to not invoke subshells
...
each subshell causes like 5ms just on my laptop, which really adds up.
this implementation still forks internally, but doesn't exec.
runtime decreases from 150ms -> 90ms for
`time librewolf --sane-sandbox-replace-cli true`
2024-02-18 12:08:23 +00:00
67395bdcd3
programs: ship forkstat
2024-02-18 11:58:30 +00:00
90ceeede74
programs: flare-signal: disable (unused)
2024-02-18 07:07:29 +00:00
32a704b1b8
moby: disable unused "calls" program
...
i may have future use for it, but as-is currently it's not worth the difficulty of sandboxing
2024-02-18 07:07:29 +00:00
a591be98d4
programs: portfolio-filemanager: sandbox
2024-02-18 07:07:29 +00:00
82e028e37d
programs: nautilus: assign a mime priority
2024-02-18 07:07:29 +00:00
a531676d0d
mime: include an error message when two file associations have identical mime priority
2024-02-18 07:07:29 +00:00
7f7543ee78
programs: planify: sandbox
2024-02-18 07:07:29 +00:00
8d0e3e0db3
programs: notejot: sandbox
2024-02-18 07:07:29 +00:00
bf352d184c
programs: tangram: sandbox
2024-02-18 07:07:29 +00:00
81a6600f54
programs: xarchiver: sandbox
2024-02-18 07:07:29 +00:00
9fde167e71
firefox-extensions.open-in-mpv: build from source
...
this ensures that the extension and the native component stay in sync
2024-02-18 06:14:49 +00:00
4e180e11df
open-in-mpv: update the non-browser component to 2.2.0
...
i _suppose_ i should keep these in sync... hmm
2024-02-18 06:02:00 +00:00
902166e45a
sxmo-utils: 2024-01-01 -> 2024-02-05
2024-02-18 04:57:20 +00:00
797bc4e188
delfin: 0.3.0 -> 0.4.0
...
i can't upstream this until i figure out why both versions fail to open media for me (portal stuff?)
2024-02-18 04:54:35 +00:00