aa0991bd6c
persistence: cleanup so it all works well with symlink-based stores
2024-02-23 13:09:44 +00:00
62b39bf01e
firefox: integrate the "persist" config into "sane.programs"
2024-02-23 11:23:41 +00:00
0d8307e877
programs: gnome-keyring: sandbox
...
and now secrets are readable again. they were broken for the last ~10 commits :)
2024-02-23 09:49:35 +00:00
9b1a2ae9bb
programs: mpv: remove useless "extraRuntimePaths = []" override
2024-02-23 09:32:19 +00:00
b8b805765b
programs: gnome-keyring-daemon: remove the SUID wrapper
...
it's not actually mandated. just, when enabled, gkd will `mlock` its
secrets into memory. but i don't use swap anyway. plus, i'll enable that
momentarily anyway (though systemd will probably not understand the
capablity)
2024-02-23 09:28:41 +00:00
84eae20765
gnome-keyring: don't integrate with PAM
...
PAM integration is only required if the keyring is encrypted on-disk
2024-02-23 09:15:30 +00:00
4a10c5f729
gnome-keyring: start as systemd service explicitly, not as implicit dbus service
2024-02-23 09:09:54 +00:00
c2696c1cd9
gnome-keyring: use sane.fs abstractions to write out the keyrings
2024-02-23 08:57:41 +00:00
ea6f45555c
gnome-keyring: simplify the scripts (untested)
2024-02-23 08:14:09 +00:00
687db545b4
gnome-keyring: move persistence and init script to sane.programs
2024-02-23 07:22:07 +00:00
24d1d13d0a
programs: simplify sandboxing of file browsers/etc now that private data lives on a different mount
2024-02-23 07:06:29 +00:00
057b9e3fed
replace links/references to ~/private/FOO with just ~/FOO
2024-02-23 07:06:29 +00:00
4a316d4b91
bonsai: lift out of sxmo
2024-02-23 07:06:29 +00:00
af03b3f6e8
xwayland: sandbox
2024-02-23 01:05:24 +00:00
5819f07181
programs: xwayland: sandbox
2024-02-22 22:12:03 +00:00
122f3fa5cc
sway: remove xwayland-specific placement of Signal
...
it breaks non-xwayland sway config parsing, and Signal is native Wayland now anyway even with Xwayland running'
2024-02-22 22:01:48 +00:00
473999c001
sway: re-enable networkmanager
2024-02-21 23:46:25 +00:00
d1de9efde1
sway: port xwayland use to sane.programs API
2024-02-21 23:32:10 +00:00
50c3f04714
pipewire: remove dead alsa comments
2024-02-21 23:26:40 +00:00
49bad8f186
sway: split pipewire persisted file into pipewire.nix
2024-02-21 23:26:25 +00:00
fd9f500e97
sway: split pipewire config into separate sane.programs.pipewire
2024-02-21 23:23:52 +00:00
386651044e
sway: port to sane.programs API
2024-02-21 23:18:57 +00:00
d77a12ce7b
unl0kr: remove the "afterLogin" option and choose automatically which desktop to launch
2024-02-21 20:47:48 +00:00
153d2a1047
GSK_RENDERER: don't set globally, but just for the apps which _actually_ require it
...
this way i can avoid conflicts around apps which don't expect this to be set (e.g. delfin)
2024-02-21 16:56:56 +00:00
b8f090be93
programs: delfin: add required mpris permissions
2024-02-21 13:27:19 +00:00
5a0760a571
programs: sandbox oathtools
2024-02-21 00:03:48 +00:00
757ab79724
programs: dconf: sandbox
2024-02-20 23:43:25 +00:00
81148b7b42
programs: explicitly depend on dconf instead of manually persisting dconf's dirs
2024-02-20 23:39:27 +00:00
429d0c53e7
programs: ripgrep: sandbox with bwrap instead of landlock
...
this provides network isolation
2024-02-20 23:32:54 +00:00
6cf1bc5a28
programs: grep: sandbox
2024-02-20 23:32:28 +00:00
768b340c93
findutils: sandbox
...
use bwrap instead of landlock for the dumb preference that i can disable
net
2024-02-20 23:31:58 +00:00
d9901aa161
programs: sane-secrets-*: sandbox
2024-02-20 23:31:39 +00:00
be2098c18a
programs: sane-vpn: sandbox
2024-02-20 23:05:24 +00:00
bb569b1668
sane-vpn: port away from systemd so that i can use it as an ordinary user (no sudo)
2024-02-20 22:21:02 +00:00
71025329e7
programs: sane-dev-cargo-loop: sandbox
2024-02-20 19:26:38 +00:00
ca4d1e3b9d
programs: sane-tag-music: sandbox
2024-02-20 19:26:18 +00:00
284b698015
sane-reclaim-boot-space: fix, and sandbox
...
well i didn't get to test this thoroughly: might still have problems
2024-02-20 19:16:36 +00:00
8beac8df2f
programs: sandbox sane-shutdown, sane-reboot
2024-02-20 13:43:05 +00:00
58db553c84
programs: unl0kr: sandbox
2024-02-20 13:29:56 +00:00
2ea3776d84
programs: sane-sync-from-servo: remove
...
this was obsoleted by the top-level flake `sync` scripts
2024-02-20 13:16:21 +00:00
a624571b22
move glib program recommendation into programs/assorted.nix
2024-02-20 12:11:26 +00:00
53cbe5c8da
dconf: split into own sane.programs
definition
2024-02-20 12:09:52 +00:00
a05184f956
programs: neovim: fix nvim-treesitter typo
2024-02-20 10:23:52 +00:00
36ad2d5421
programs: unl0kr: auto-derive the user option
2024-02-20 07:21:22 +00:00
b0f62830a5
unl0kr: port to sane.programs
2024-02-20 07:14:30 +00:00
c7f4661c1c
programs: htop: persist config
2024-02-20 05:38:45 +00:00
e8306831c5
programs: qemu: mark as slowToBuild
2024-02-20 05:34:47 +00:00
41b1a013d7
programs: sane-sudo-redirect: disable sandbox
2024-02-19 17:09:27 +00:00
f785ccd351
programs: sane-reclaim-disk-space: sandbox
2024-02-19 17:06:22 +00:00
48744dcaaa
programs: sane-ip-reconnect: remove (unused)
2024-02-19 17:05:27 +00:00