colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
7,585 Commits 141 Branches 1 Tag
55175e5957ed7520ce2694b35b51f6f8045d30a7
Commit Graph

80 Commits

Author SHA1 Message Date
Colin
05bc5923cf sway: sandbox out-of-place 2024-08-16 02:48:24 +00:00
Colin
e245164da3 nixpkgs-wayland: 2024-08-12 -> 2024-08-13 2024-08-13 22:01:31 +00:00
Colin
144afd8171 sway: fix wlroots drmSync bug via upstream patch 2024-08-12 21:52:44 +00:00
Colin
7827f6c584 sway: note that the activation patch is still necessary 2024-08-12 18:28:16 +00:00
Colin
e1899495a0 nixpkgs-wayland: 0-unstable-2024-08-06 -> 0-unstable-2024-08-12 2024-08-12 18:05:32 +00:00
Colin
1ee81db537 switch xdg-desktop-portal-gtk -> xdg-desktop-portal-gnome 
the gnome file chooser is far more responsive, on moby

though thumbnailing doesnt work, which may degrade the desktop experience :-(
 2024-08-08 09:43:47 +00:00
Colin
2de6491583 xdg-desktop-portal-gnome: get working as a xdp backend, on lappy 
probably needs some porting to moby before it works there
 2024-08-08 08:52:24 +00:00
Colin
9b1e053ead seatd: place the socket in a place that lends itself to better sandboxing 2024-08-07 19:37:20 +00:00
Colin
3b8d6c8587 refactor: s6/unl0kr/profile: put more shell init stuff directly in modules/users/default.nix when it doesnt benefit from being pluggable 2024-07-26 15:58:59 +00:00
Colin
af905a2f58 unl0kr: split the gocryptfs unlocking into its own separate service 
/mnt/persist/private can be depended on by both s6 user services and systemd system services (which will become useful for servo)

/mnt/persist/private can be unlocked by dropping the key in remotely, however that won't kill unl0kr

TODO: fix unl0kr to not also output text to the tty

TODO: ensure gocryptfs mount can handle being fed a wrong password
 2024-07-26 08:08:21 +00:00
Colin
2203d6db59 cleanup: remove XDG_SESSION_TYPE, XDG_VTNR from global environment 2024-07-25 15:26:24 +00:00
Colin
78f4cd9be2 sysvol: 2024-06-13 -> 2024-06-20 2024-06-21 07:25:15 +00:00
Colin
d1843b6b3d refactor: sway-config -> config, to match its installed name 2024-06-20 05:55:12 +00:00
Colin
543108a5dd networkmanager_dmenu: ship 2024-06-18 23:44:21 +00:00
Colin
b0f9733ac8 sway: fix that Super+L didnt have sandbox access to start the screen locker 2024-06-18 02:26:57 +00:00
Colin
02fdc91237 sway: switch from waybar -> nwg-panel (except for moby) 2024-06-14 08:47:24 +00:00
Colin
e0c741427e ship "switchboard" program, for configuring bluetooth/network/sound 2024-06-13 19:51:19 +00:00
Colin
6b8371c32b nixpkgs-wayland: import by fetchFromGitHub instead of via flake 2024-06-07 21:29:45 +00:00
Colin
7e32fab5d4 refactor: moby: split more stuff out of the toplevel config and hide behind roles/etc 2024-06-04 15:58:51 +00:00
Colin
e4bcbab224 hosts: networking: switch to using nixos NetworkManager/ModemManager/etc, just patched for hardening 2024-06-02 11:22:03 +00:00
Colin
d3937487e6 moby: cleanup bonsai <-> sway circular dependency (slightly) 2024-05-30 12:43:09 +00:00
Colin
adb54657d4 sway: fix bonsai to be visible in the sandbox 2024-05-30 09:46:04 +00:00
Colin
4aeb3360d3 cleanup: programs: dont assume sway is always the wayland/x11 provider 2024-05-30 06:00:32 +00:00
Colin
0c456d11d8 programs: ensure things which depend on sound or wayland are ordered after it 2024-05-30 04:55:05 +00:00
Colin
0f7d25d8a5 doc: sway: say why i wrapperType = "inplace" 2024-05-29 18:58:05 +00:00
Colin
c5c174f988 sway: patch to use a narrower sandbox 2024-05-29 18:24:59 +00:00
Colin
29bc1608aa sway: remove sandbox input which are no longer necessary 2024-05-29 17:07:18 +00:00
Colin
2789868703 seatd: split out of sway conf 2024-05-29 16:22:52 +00:00
Colin
d4dfcd6510 login: remove systemd pam integration (so it doesnt try, and fail, to start the user manager) 2024-05-29 15:42:39 +00:00
Colin
3c2ca46ef9 hosts/modules/gui/gtk: hoist to sane.programs.sane-theme 2024-05-28 16:44:27 +00:00
Colin
95dc395925 hosts/modules/gui/theme: lift my sway background up into its own package 2024-05-28 15:48:37 +00:00
Colin
447e1feb9c sway: fix Super+L shortcut to actually lock 2024-05-14 04:17:05 +00:00
Colin
4b04c283b6 fcitx5: temporarily disable 2024-05-10 17:51:37 +00:00
Colin
b7dd40e558 sane-open-desktop -> sane-open and have it auto-open/close the keyboard based on what an app wants 2024-04-30 19:22:37 +00:00
Colin
f784550b9b networkmanager: migrate from nixpkgs service to my own 2024-04-27 09:51:55 +00:00
Colin
dd58ba8b00 gvfs: enable as part of nautilus, not sway 2024-04-13 20:29:24 +00:00
Colin
cd6a91e995 sway: tune sandboxing 2024-03-31 05:59:10 +00:00
Colin
6d4a43fa0d sway: warn when needed runtime dirs dont exist 2024-03-31 05:20:20 +00:00
Colin
1e7de43da8 docs: sway: mention that hotplugging is broken 2024-03-31 03:24:33 +00:00
Colin
46fe6c690b sway: fix WAYLAND_DISPLAY to be relative 2024-03-23 17:59:37 +00:00
Colin
dd7b1dae5f sway: remove unnecessary pidspace sandbox exception 
i guess this was from when SWAYSOCK was named after the pid?
 2024-03-23 17:35:39 +00:00
Colin
2e58353b0e refactor: users/services: have waitExists support waiting on multiple paths 2024-03-23 17:28:29 +00:00
Colin
f65d3d04dc sway: do the WAYLAND_DISPLAY moving inside sway config itself 2024-03-23 17:09:57 +00:00
Colin
6102a0301d sway: move $WAYLAND_DISPLAY into a subdir to make it easier to sandbox 2024-03-23 16:37:22 +00:00
Colin
39de5b84c2 sway: fix readiness check 2024-03-23 15:54:20 +00:00
Colin
5205251f6f programs: xwayland: sandbox it without exposing net access 2024-03-23 15:33:23 +00:00
Colin
db2801c652 sway: don't launch s6 from within the sway session 2024-03-23 13:11:14 +00:00
Colin
36ea5b53ad sway: place SWAYSOCK in a subdirectory 2024-03-23 11:33:58 +00:00
Colin
16ca71188f users/services: simplify the before/after/wantedBy criteria, to match s6 concepts 2024-03-21 17:16:11 +00:00
Colin
d2f6648bce users/services: refactor: replace ExecStart/ExecStopPost with command/cleanupCommand 
note that this completely breaks the systemd backend (though easily fixable if wanted)
 2024-03-21 17:16:11 +00:00