colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
5,303 Commits 125 Branches 1 Tag 12 MiB
5838603953
Commit Graph

790 Commits

Author SHA1 Message Date
Colin
aa0991bd6c persistence: cleanup so it all works well with symlink-based stores 2024-02-23 13:09:44 +00:00
Colin
62b39bf01e firefox: integrate the "persist" config into "sane.programs" 2024-02-23 11:23:41 +00:00
Colin
0d8307e877 programs: gnome-keyring: sandbox 
and now secrets are readable again. they were broken for the last ~10 commits :)
 2024-02-23 09:49:35 +00:00
Colin
9b1a2ae9bb programs: mpv: remove useless "extraRuntimePaths = []" override 2024-02-23 09:32:19 +00:00
Colin
b8b805765b programs: gnome-keyring-daemon: remove the SUID wrapper 
it's not actually mandated. just, when enabled, gkd will `mlock` its
secrets into memory. but i don't use swap anyway. plus, i'll enable that
momentarily anyway (though systemd will probably not understand the
capablity)
 2024-02-23 09:28:41 +00:00
Colin
84eae20765 gnome-keyring: don't integrate with PAM 
PAM integration is only required if the keyring is encrypted on-disk
 2024-02-23 09:15:30 +00:00
Colin
4a10c5f729 gnome-keyring: start as systemd service explicitly, not as implicit dbus service 2024-02-23 09:09:54 +00:00
Colin
c2696c1cd9 gnome-keyring: use sane.fs abstractions to write out the keyrings 2024-02-23 08:57:41 +00:00
Colin
ea6f45555c gnome-keyring: simplify the scripts (untested) 2024-02-23 08:14:09 +00:00
Colin
687db545b4 gnome-keyring: move persistence and init script to sane.programs 2024-02-23 07:22:07 +00:00
Colin
24d1d13d0a programs: simplify sandboxing of file browsers/etc now that private data lives on a different mount 2024-02-23 07:06:29 +00:00
Colin
057b9e3fed replace links/references to ~/private/FOO with just ~/FOO 2024-02-23 07:06:29 +00:00
Colin
4a316d4b91 bonsai: lift out of sxmo 2024-02-23 07:06:29 +00:00
Colin
af03b3f6e8 xwayland: sandbox 2024-02-23 01:05:24 +00:00
Colin
5819f07181 programs: xwayland: sandbox 2024-02-22 22:12:03 +00:00
Colin
122f3fa5cc sway: remove xwayland-specific placement of Signal 
it breaks non-xwayland sway config parsing, and Signal is native Wayland now anyway even with Xwayland running'
 2024-02-22 22:01:48 +00:00
Colin
473999c001 sway: re-enable networkmanager 2024-02-21 23:46:25 +00:00
Colin
d1de9efde1 sway: port xwayland use to sane.programs API 2024-02-21 23:32:10 +00:00
Colin
50c3f04714 pipewire: remove dead alsa comments 2024-02-21 23:26:40 +00:00
Colin
49bad8f186 sway: split pipewire persisted file into pipewire.nix 2024-02-21 23:26:25 +00:00
Colin
fd9f500e97 sway: split pipewire config into separate sane.programs.pipewire 2024-02-21 23:23:52 +00:00
Colin
386651044e sway: port to sane.programs API 2024-02-21 23:18:57 +00:00
Colin
d77a12ce7b unl0kr: remove the "afterLogin" option and choose automatically which desktop to launch 2024-02-21 20:47:48 +00:00
Colin
153d2a1047 GSK_RENDERER: don't set globally, but just for the apps which _actually_ require it 
this way i can avoid conflicts around apps which don't expect this to be set (e.g. delfin)
 2024-02-21 16:56:56 +00:00
Colin
b8f090be93 programs: delfin: add required mpris permissions 2024-02-21 13:27:19 +00:00
Colin
5a0760a571 programs: sandbox oathtools 2024-02-21 00:03:48 +00:00
Colin
757ab79724 programs: dconf: sandbox 2024-02-20 23:43:25 +00:00
Colin
81148b7b42 programs: explicitly depend on dconf instead of manually persisting dconf's dirs 2024-02-20 23:39:27 +00:00
Colin
429d0c53e7 programs: ripgrep: sandbox with bwrap instead of landlock 
this provides network isolation
 2024-02-20 23:32:54 +00:00
Colin
6cf1bc5a28 programs: grep: sandbox 2024-02-20 23:32:28 +00:00
Colin
768b340c93 findutils: sandbox 
use bwrap instead of landlock for the dumb preference that i can disable
net
 2024-02-20 23:31:58 +00:00
Colin
d9901aa161 programs: sane-secrets-*: sandbox 2024-02-20 23:31:39 +00:00
Colin
be2098c18a programs: sane-vpn: sandbox 2024-02-20 23:05:24 +00:00
Colin
bb569b1668 sane-vpn: port away from systemd so that i can use it as an ordinary user (no sudo) 2024-02-20 22:21:02 +00:00
Colin
71025329e7 programs: sane-dev-cargo-loop: sandbox 2024-02-20 19:26:38 +00:00
Colin
ca4d1e3b9d programs: sane-tag-music: sandbox 2024-02-20 19:26:18 +00:00
Colin
284b698015 sane-reclaim-boot-space: fix, and sandbox 
well i didn't get to test this thoroughly: might still have problems
 2024-02-20 19:16:36 +00:00
Colin
8beac8df2f programs: sandbox sane-shutdown, sane-reboot 2024-02-20 13:43:05 +00:00
Colin
58db553c84 programs: unl0kr: sandbox 2024-02-20 13:29:56 +00:00
Colin
2ea3776d84 programs: sane-sync-from-servo: remove 
this was obsoleted by the top-level flake `sync` scripts
 2024-02-20 13:16:21 +00:00
Colin
a624571b22 move glib program recommendation into programs/assorted.nix 2024-02-20 12:11:26 +00:00
Colin
53cbe5c8da dconf: split into own sane.programs definition 2024-02-20 12:09:52 +00:00
Colin
a05184f956 programs: neovim: fix nvim-treesitter typo 2024-02-20 10:23:52 +00:00
Colin
36ad2d5421 programs: unl0kr: auto-derive the user option 2024-02-20 07:21:22 +00:00
Colin
b0f62830a5 unl0kr: port to sane.programs 2024-02-20 07:14:30 +00:00
Colin
c7f4661c1c programs: htop: persist config 2024-02-20 05:38:45 +00:00
Colin
e8306831c5 programs: qemu: mark as slowToBuild 2024-02-20 05:34:47 +00:00
Colin
41b1a013d7 programs: sane-sudo-redirect: disable sandbox 2024-02-19 17:09:27 +00:00
Colin
f785ccd351 programs: sane-reclaim-disk-space: sandbox 2024-02-19 17:06:22 +00:00
Colin
48744dcaaa programs: sane-ip-reconnect: remove (unused) 2024-02-19 17:05:27 +00:00