1a18ed533b
programs: don't include dbus in the sandbox by default
2024-02-13 11:58:33 +00:00
18eec98cae
programs: brightnessctl: switch to landlock
2024-02-13 11:58:33 +00:00
6eaaeeb91a
programs: remove audio from the sandbox by default
2024-02-13 11:14:38 +00:00
b4a20da78a
programs: brightnessctl: sandbox
2024-02-13 10:55:44 +00:00
77e2af0ed9
programs: krita: enable sandbox
2024-02-13 10:36:42 +00:00
354ce378f6
programs: assorted: convert /mnt/servo "extraPaths" into "extraHomePaths" where possible
2024-02-12 12:54:16 +00:00
bcbc57f5ef
programs: get xdg-open to work from within sandboxes
...
note that implementation may have a quirk that applications launched via the portal cannot themselves "xdg-open" through the portal, because of the environment variable manipulation.
not sure how best to address that.
2024-02-09 10:27:30 +00:00
c9af5bf9b4
programs: sandboxing: enable net isolation for most sandboxed programs
2024-02-08 21:51:32 +00:00
0c050d1953
programs: fuzzel: fix overly-aggressive sandboxing
2024-02-06 20:10:29 +00:00
2fc1fe7510
modules/programs: make-sandboxed: fix that /share/* was being linked into top-level /; better way to enforce sandboxing of /share entries
2024-02-06 19:55:55 +00:00
5f8699fcef
rearrange /mnt structure for host-based subdirs
...
e.g. /mnt/servo/media, /mnt/desko/home, etc
2024-02-06 05:48:11 +00:00
5ff7bf0c69
programs: fuzzel: sandbox
2024-02-06 02:34:46 +00:00
2495200b67
tidy: programs: wget: remove warning about the sandbox being untested
2024-02-06 01:34:40 +00:00
4c499629f5
programs: vvvvvv: sandbox with bwrap
2024-02-06 01:34:04 +00:00
7b9f54dd54
programs: superTux: sandbox with bwrap
2024-02-06 01:16:36 +00:00
1c4e2f97fe
swaylock: mark sandboxing as unsupported
2024-02-05 23:36:35 +00:00
ddc41bc9d8
programs: pavucontrol/pwvucontrol: sandbox with bwrap
2024-02-05 22:15:48 +00:00
bfc0eadfaa
programs: hitori: sandbox with bwrap
2024-02-05 21:52:57 +00:00
ff1cbcc16b
programs: gnome-clocks,gnome-calendar: sandbox with bwrap
2024-02-05 21:46:27 +00:00
cd1d22e7b9
programs: gnome-calculator: sandbox with bwrap
2024-02-05 20:58:38 +00:00
2c0e93826d
programs: gimp: sandbox with bwrap
2024-02-05 20:53:05 +00:00
cab346f3ad
programs: delfin: sandbox with bwrap
2024-02-05 20:44:47 +00:00
12846732b9
programs: blanket: sandbox with bwrap
2024-02-05 18:26:21 +00:00
6d1eae2200
programs: gnome-2048: sandbox with bwrap
2024-02-05 08:26:06 +00:00
42523b75a8
programs: gdb: disable sandboxing
2024-02-03 23:53:34 +00:00
2f9fad503c
programs: fix sandboxing errors for programs which create files (notably: ffmpeg)
2024-02-03 00:17:54 +00:00
6e24a1ff28
programs: re-enable sops
2024-01-31 15:30:15 +00:00
0009e5ca4c
programs: sandboxing: use wrapperType="wrappedDerivation" where applicable
2024-01-29 15:21:16 +00:00
d3f7a036ce
ripgrep: move options out of assorted.nix into its own file
2024-01-29 12:57:56 +00:00
bfec531fa2
sandbox a bunch more apps
2024-01-28 11:43:05 +00:00
de11edffa5
programs/assorted: remove more unused programs
2024-01-28 11:34:33 +00:00
e536e3c718
programs/assorted.nix: remove unused tree-sitter package
2024-01-28 11:03:09 +00:00
17d14dbac2
programs/assorted.nix: uninstall some programs i don't frequently use
2024-01-28 10:40:57 +00:00
8ecb17ed3e
programs: enable libcap_ng/netcap
2024-01-26 09:13:20 +00:00
ab4bbc2224
programs: remove explicit firejail installation; let sane.programs decide when to install it sys-wide
2024-01-23 14:57:33 +00:00
59187a0ec0
programs: allow running binaries in a netns-style firejail
2024-01-20 11:11:12 +00:00
f43d6bff92
route VPN traffic such that i can configure any app to selectively use the VPN
...
e.g. firejail --net=br-ovpnd-us-mi --noprofile --dns=46.227.67.134 getent ahostsv4 uninsane.org
2024-01-19 09:54:01 +00:00
ca3f97ec51
docs: go2tv: elaborate seeking limitations
2024-01-04 16:25:49 +00:00
6471524f4a
programs: zecwallet-lite: move to own file
2024-01-01 15:17:51 +00:00
a933f8b512
delfin: persist server settings
2023-12-15 08:17:07 +00:00
f763448d6f
go2tv: docs: firewall
2023-12-14 10:56:07 +00:00
deb828e98a
programs: enable go2tv
2023-12-14 10:39:33 +00:00
cb0d9e077b
programs: enable catt
2023-12-14 08:41:16 +00:00
008a6192d4
mpv: associate with https://youtube.com/ ...
2023-12-11 04:52:49 +00:00
9e51d7f150
sane-wipe-*: consolidate into one sane-wipe binary
2023-12-03 14:25:35 +00:00
8772aaec65
zfs: dont ship on moby
2023-12-03 00:58:49 +00:00
a9f932408c
servo: add zfs dataset
2023-12-02 17:38:00 +00:00
936118b8cb
sane-tag-music: init
2023-11-29 12:29:58 +00:00
8eb83bb283
sane-ssl-dump: remove
...
i never used it
2023-11-28 09:12:39 +00:00
9ccbfd8bf0
sane-clone: init
...
script to "git clone" a nix packages source code
2023-11-24 21:29:15 +00:00