colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
4,941 Commits 125 Branches 1 Tag 12 MiB
590a239f7d
Commit Graph

4941 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Colin
590a239f7d programs: gpodder: sandbox with bwrap 
which we can do, now that xdg-open works correctly within sandboxes
 2024-02-09 10:31:42 +00:00
Colin
bcbc57f5ef programs: get xdg-open to work from within sandboxes 
note that implementation may have a quirk that applications launched via the portal cannot themselves "xdg-open" through the portal, because of the environment variable manipulation.

not sure how best to address that.
 2024-02-09 10:27:30 +00:00
Colin
0d3adcdc5c modules: users: have user services inherit PATH from environment rather than forcibly overwriting it 2024-02-09 09:50:26 +00:00
Colin
d19907a38d sway: enable OpenURI interface in xdg-desktop-portal 2024-02-09 05:57:02 +00:00
Colin
9ac0e0e4fc modules/programs: put things in a pid namespace by default 2024-02-08 23:36:59 +00:00
Colin
c9af5bf9b4 programs: sandboxing: enable net isolation for most sandboxed programs 2024-02-08 21:51:32 +00:00
Colin
bc85169e3d programs: sandboxer: allow disable net access 2024-02-08 21:07:34 +00:00
Colin
7b9b3344a0 nixpkgs: 2024-02-07 -> 2024-02-08 
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/966fd30804ad0e400fa3502e9f848bfad63b1852' (2024-02-07)
  → 'github:nixos/nixpkgs/74098fff8838394e2cdf78012bbc7f5bf835197e' (2024-02-08)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/be4596f17b30403478c629b27d87fd914a2b9f8a' (2024-02-07)
  → 'github:nixos/nixpkgs/075bf9cffe5b04d39874747239022de9aec5cdcd' (2024-02-08)
```
 2024-02-08 11:09:25 +00:00
Colin
f6ca6210f9 feeds: link to podcastindex.org 2024-02-07 21:47:19 +00:00
Colin
19cfc86d1a nixpkgs: 2024-02-06 -> 2024-02-07 
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/952bd699447d82d69f4b15d994d5dc232e7addfb' (2024-02-06)
  → 'github:nixos/nixpkgs/966fd30804ad0e400fa3502e9f848bfad63b1852' (2024-02-07)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/8ad5408ea36be34ae262b04c8e913a95f8248fc7' (2024-02-06)
  → 'github:nixos/nixpkgs/be4596f17b30403478c629b27d87fd914a2b9f8a' (2024-02-07)
```
 2024-02-07 09:45:02 +00:00
Colin
227d159c66 sway: map Super+Shift+PageUp/Down to next/prev track 2024-02-06 23:52:53 +00:00
Colin
a6becb8c42 sway: add Super+space to toggle media 2024-02-06 23:22:24 +00:00
Colin
2a5398beb3 sway: simplify brightness_up_cmd 
sxmo just uses brightnessctl internally, plus a call to 'notify'

i don't really need the notification, and if i did i could implement wob support on both desktop and mobile
 2024-02-06 23:10:01 +00:00
Colin
0f12ed68f7 sway: simplify config templating 2024-02-06 23:04:44 +00:00
Colin
0c050d1953 programs: fuzzel: fix overly-aggressive sandboxing 2024-02-06 20:10:29 +00:00
Colin
2fc1fe7510 modules/programs: make-sandboxed: fix that /share/* was being linked into top-level /; better way to enforce sandboxing of /share entries 2024-02-06 19:55:55 +00:00
Colin
8d705af7a0 nixpkgs: 2024-02-04 -> 2024-02-06 
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/259981b0af5c285bb3cc7146de1da1b5af92236d' (2024-02-04)
  → 'github:nixos/nixpkgs/952bd699447d82d69f4b15d994d5dc232e7addfb' (2024-02-06)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/2be0b5db83fbea4a838f753994e8ebd35af91968' (2024-02-04)
  → 'github:nixos/nixpkgs/8ad5408ea36be34ae262b04c8e913a95f8248fc7' (2024-02-06)
```
 2024-02-06 06:18:59 +00:00
Colin
e91ec2c35e todo.md: task to consolidate ~/dev and ~/ref 2024-02-06 06:08:06 +00:00
Colin
5fbf66fb15 programs: loupe: sandbox with bwrap 2024-02-06 06:05:32 +00:00
Colin
97d50629e9 programs: handbrake: sandbox with landlock 2024-02-06 05:48:54 +00:00
Colin
5f8699fcef rearrange /mnt structure for host-based subdirs 
e.g. /mnt/servo/media, /mnt/desko/home, etc
 2024-02-06 05:48:11 +00:00
Colin
7ce957c3af gtk: set GSK_RENDERER=cairo to fix a bug somewhere in moby's render stack 2024-02-06 05:02:02 +00:00
Colin
d7612d5034 modules/programs: make-sandboxed: avoid deep-copying all of /share when sandboxing 
saves like 1 GiB of closure. but i haven't thoroughly tested this
 2024-02-06 05:02:02 +00:00
Colin
5ff7bf0c69 programs: fuzzel: sandbox 2024-02-06 02:34:46 +00:00
Colin
2495200b67 tidy: programs: wget: remove warning about the sandbox being untested 2024-02-06 01:34:40 +00:00
Colin
4c499629f5 programs: vvvvvv: sandbox with bwrap 2024-02-06 01:34:04 +00:00
Colin
7b9f54dd54 programs: superTux: sandbox with bwrap 2024-02-06 01:16:36 +00:00
Colin
bda932c3df programs: supertuxkart: sandbox with bwrap 2024-02-06 01:10:39 +00:00
Colin
3f96f4af82 sway: refer to fewer programs in the config by absolute path 
this aids in sandboxing and swapping stuff in/out at runtime
 2024-02-05 23:40:18 +00:00
Colin
1c4e2f97fe swaylock: mark sandboxing as unsupported 2024-02-05 23:36:35 +00:00
Colin
594a729968 feeds: remove balaji 2024-02-05 22:48:09 +00:00
Colin
5c8bb55cec todo.md: better sandboxing around /mnt/servo-media 2024-02-05 22:33:42 +00:00
Colin
6eb2a3d67f programs: handbrake: sandbox with bwrap 2024-02-05 22:28:15 +00:00
Colin
ddc41bc9d8 programs: pavucontrol/pwvucontrol: sandbox with bwrap 2024-02-05 22:15:48 +00:00
Colin
7d833ebf76 programs: kdenlive: sandbox with bwrap 2024-02-05 22:07:37 +00:00
Colin
bfc0eadfaa programs: hitori: sandbox with bwrap 2024-02-05 21:52:57 +00:00
Colin
ff1cbcc16b programs: gnome-clocks,gnome-calendar: sandbox with bwrap 2024-02-05 21:46:27 +00:00
Colin
fd81e35c31 todo.md: package blurble game! 2024-02-05 21:46:09 +00:00
Colin
9a8d8a20bd programs: frozen-bubble: persist data and sandbox with bwrap 2024-02-05 21:32:58 +00:00
Colin
cd1d22e7b9 programs: gnome-calculator: sandbox with bwrap 2024-02-05 20:58:38 +00:00
Colin
2c0e93826d programs: gimp: sandbox with bwrap 2024-02-05 20:53:05 +00:00
Colin
cab346f3ad programs: delfin: sandbox with bwrap 2024-02-05 20:44:47 +00:00
Colin
568a72f6a4 gpodder-configured: remove unused derivation inputs 2024-02-05 20:22:27 +00:00
Colin
a2decaff9c programs: bemenu: sandbox with landlock 2024-02-05 18:41:52 +00:00
Colin
23411ed973 todo.md: make dconf stuff less monolithic 2024-02-05 18:33:03 +00:00
Colin
8ef9f7a485 epiphany: persist dconf settings; reduce sandboxer errors 2024-02-05 18:31:38 +00:00
Colin
12846732b9 programs: blanket: sandbox with bwrap 2024-02-05 18:26:21 +00:00
Colin
e84079e84c programs: firefox: allow sandbox access to ~/dev 2024-02-05 18:17:49 +00:00
Colin
45ffd9246d programs: brave: sandbox with bwrap 2024-02-05 18:17:28 +00:00
Colin
ed3935318d feeds: subscribe to non-paywalled Matt Levine 2024-02-05 16:41:38 +00:00