3aba91b360
mpv: fix race condition in uosc/ao-volume monitoring
2024-04-06 23:41:59 +00:00
907933612d
htop: statically populate config
2024-04-06 23:41:59 +00:00
b4877a488e
discord: add media into sandbox
2024-04-06 09:36:55 +00:00
4b3975367a
fix warnings: remove xdg-desktop-portal patch; fix mautrix-meta enable logic
2024-04-05 21:40:42 +00:00
28110c3e85
fix system hang during vim ctrl+z (disable io_uring in libuv)
2024-04-05 07:29:55 +00:00
43aa498ff9
mpv: fix uosc touch controls
2024-04-05 07:29:15 +00:00
0dfeec3260
mpv-uosc: 5.2.0 -> 5.2.0-unstable-2024-03-13
2024-04-04 06:19:15 +00:00
eb2317a743
mpv: 0.37.0 -> 0.37.0-unstable-2024-03-31
2024-04-04 06:19:15 +00:00
7c3ad85d75
sane-bt-add: fix sandboxing
2024-04-03 09:48:21 +00:00
a0550660e7
feeds: add The Corresponding Source podcast
2024-04-02 22:10:36 +00:00
a814832e48
feeds: add Hacker Public Radio podcast
2024-04-02 19:34:42 +00:00
747032d9a4
dino: run with higher scheduling priority
2024-04-02 09:02:44 +00:00
9b2e35b93f
pipewire: ship rtkit and unlock better scheduling priority
2024-04-02 09:02:06 +00:00
d2751237c1
xdg-desktop-portal-wlr: propery document its dependency on pipewire
2024-04-02 09:01:35 +00:00
ae87160de3
dino: 0.4.3 -> 0.4.3-unstable-2024-04-01
2024-04-02 04:57:11 +00:00
24c04b8fc0
docs: xdg-desktop-portal: link to Door Knocker debugging tool
2024-04-02 04:18:53 +00:00
9d9791814a
audacity: fix sandboxing
2024-04-02 02:56:51 +00:00
331e673589
common/fs: mount /mnt/servo/media/* directories more granularly
...
this benefits sandboxing
2024-04-01 07:31:25 +00:00
bbb93600b7
/mnt/servo/*: mount in a way which doesn't block sandboxes
2024-04-01 06:00:17 +00:00
c0de54c11a
curlftpfs: exit on timeout error
2024-04-01 04:02:32 +00:00
0d29722443
common/fs: refactor and DRY
2024-04-01 02:12:06 +00:00
1c2a375b6d
common/fs: split curlftpfs into sane.programs
...
this makes it easier to build outside of /etc/fstab context, and opens a future path to sandboxing
2024-04-01 00:50:14 +00:00
b6840a3ed4
curlftpfs: build via my own repo
2024-04-01 00:43:07 +00:00
74e994598e
feeds: add David Revoy
2024-03-31 20:28:41 +00:00
856b6fcd7a
feeds: add Willow
2024-03-31 18:20:49 +00:00
cd6a91e995
sway: tune sandboxing
2024-03-31 05:59:10 +00:00
ade680d9d2
unl0kr: remove legacy wayland stuff (it's handled by s6 now)
2024-03-31 05:20:33 +00:00
6d4a43fa0d
sway: warn when needed runtime dirs dont exist
2024-03-31 05:20:20 +00:00
1e7de43da8
docs: sway: mention that hotplugging is broken
2024-03-31 03:24:33 +00:00
e855be4796
hosts/common: port /mnt/servo/* from NFS -> FTP
...
fuse ftp seems to be easier to debug than kernel nfs so far
2024-03-28 23:15:05 +00:00
701e10b121
hosts/common/fs: optimize NFS options
2024-03-28 23:15:05 +00:00
eadb2057d9
sane-wipe: port from systemd -> s6
2024-03-28 23:15:05 +00:00
32e691b85b
feeds: add Hardcore Software by Steven Sinofsky
2024-03-26 14:08:13 +00:00
0108502055
feedbackd: fix so it depends on pipewire before launch
2024-03-26 13:48:13 +00:00
fb79ca4c8e
programs: iproute: use a less restrictive sandbox
2024-03-26 10:54:29 +00:00
5ecabc57bf
feeds: add low<-tech magazine
2024-03-25 13:13:41 +00:00
48a4c1bd26
feeds: add nixpkgs.news
2024-03-25 13:13:03 +00:00
febedb9323
nits: update --replace
uses to --replace-{fail,quiet}
as appropriate
2024-03-24 12:49:18 +00:00
4e74ba5bab
swaync-service-dispatcher: fix start/stop inversion
2024-03-24 12:22:54 +00:00
9c0b175260
swaync: allow toggling of s6 services
2024-03-24 11:54:12 +00:00
774066e53c
swaync: factor out a "service-dispatcher"
2024-03-24 09:21:07 +00:00
86400f45d6
swaync: port to s6
2024-03-24 08:56:06 +00:00
ddef2d0bfc
swaync: rename: print-is-active -> print-systemd-active
2024-03-24 08:54:27 +00:00
0172aa0b69
swaync: refactor
2024-03-24 08:54:27 +00:00
ce991c8887
swaync: refactor
2024-03-24 08:54:27 +00:00
92d8d42997
swaync: split the buttons out of the main config file
2024-03-24 08:54:27 +00:00
1c4ef84ec7
swaync: remove legacy sxmo-specific notification visibility rules
2024-03-24 08:54:27 +00:00
a820ae57c0
swaync: remove sxmo timer rules
2024-03-24 08:54:27 +00:00
89f913cadc
xdg-desktop-portal: 1.18.2 -> 1.18.2-unstable-2024-03-11
...
this will *hopefully* improve stability
2024-03-24 08:08:48 +00:00
d14fda2e62
engrampa: remove custom patch (upstream released a new version)
2024-03-24 07:46:22 +00:00
f680a4a25c
engrampa: patch the package via sane.programs, not nixpkgs overlay
2024-03-24 07:44:30 +00:00
47d37b4ce5
xdg-desktop-portal: enable logging
2024-03-24 07:19:33 +00:00
a1cc045837
waybar: update persistent_workspaces -> persistent-workspaces
...
the former is deprecated
2024-03-24 06:17:43 +00:00
7f8cae42ff
s6: migrate to /run/user/$id/s6
2024-03-23 21:33:08 +00:00
5b83d4d944
s6-rc: patch to use /run/user/$id/s6 as the default live dir
2024-03-23 20:52:42 +00:00
f16a68f5bb
element-desktop: use native wayland, not Xwayland
2024-03-23 18:51:41 +00:00
46fe6c690b
sway: fix WAYLAND_DISPLAY to be relative
2024-03-23 17:59:37 +00:00
dd7b1dae5f
sway: remove unnecessary pidspace sandbox exception
...
i guess this was from when SWAYSOCK was named after the pid?
2024-03-23 17:35:39 +00:00
2e58353b0e
refactor: users/services: have waitExists
support waiting on multiple paths
2024-03-23 17:28:29 +00:00
f65d3d04dc
sway: do the WAYLAND_DISPLAY moving inside sway config itself
2024-03-23 17:09:57 +00:00
6102a0301d
sway: move $WAYLAND_DISPLAY into a subdir to make it easier to sandbox
2024-03-23 16:37:22 +00:00
39de5b84c2
sway: fix readiness check
2024-03-23 15:54:20 +00:00
5205251f6f
programs: xwayland: sandbox it without exposing net access
2024-03-23 15:33:23 +00:00
8c48adefa5
pipewire: move sockets into a subdirectory for easier sandboxing
2024-03-23 13:34:13 +00:00
db2801c652
sway: don't launch s6 from within the sway session
2024-03-23 13:11:14 +00:00
36ea5b53ad
sway: place SWAYSOCK in a subdirectory
2024-03-23 11:33:58 +00:00
c404c8b2ae
xdg-terminal-exec: fix bad interaction with TERMINAL
2024-03-23 09:28:26 +00:00
8d45aad534
xdg-dirs: populate env vars at login
...
otherwise i believe they dont actually take effect?
2024-03-22 19:31:04 +00:00
267d374b19
xdg-dirs: specify XDG_SCREENSHOTS_DIR
2024-03-22 19:23:14 +00:00
1e25f37774
nixpkgs: 2024-03-21 -> 2024-03-22
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/33cddc79aa062e243c59d3ac36b8b938f267748a' (2024-03-21)
→ 'github:nixos/nixpkgs/86b5ff8306a63bb266590018b21d2ae502a74880' (2024-03-22)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/783b241f949bea90e3347ce516ad8af84bde3126' (2024-03-21)
→ 'github:nixos/nixpkgs/6e147dce88054c47dd90c0be8c33500e023f8261' (2024-03-22)
```
2024-03-22 11:56:51 +00:00
cdac23211c
nixpkgs: 2024-03-13 -> 2024-03-21; others
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/4ee0840ba2ecc50458ab1677d108afcd691f4815' (2024-03-13)
→ 'github:nixos/nixpkgs/33cddc79aa062e243c59d3ac36b8b938f267748a' (2024-03-21)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/2dbc8f62d8af7a1ab962e4b20d12b25ddcb86ced' (2024-03-13)
→ 'github:nixos/nixpkgs/783b241f949bea90e3347ce516ad8af84bde3126' (2024-03-21)
• Updated input 'nixpkgs-wayland':
'github:nix-community/nixpkgs-wayland/771cb198c281db6918829651f194bf4db32e342d' (2024-03-13)
→ 'github:nix-community/nixpkgs-wayland/7d053c33b7a130ddada43ba09b089244390b3a23' (2024-03-19)
• Updated input 'nixpkgs-wayland/lib-aggregate':
'github:nix-community/lib-aggregate/45b75bf534592c0c1c881a1c447f7fdb37a87eaf' (2024-03-11)
→ 'github:nix-community/lib-aggregate/f890211817b941d9ed9de48d62ba8553fa2c20f3' (2024-03-17)
• Updated input 'nixpkgs-wayland/lib-aggregate/nixpkgs-lib':
'github:nix-community/nixpkgs.lib/630ebdc047ca96d8126e16bb664c7730dc52f6e6' (2024-03-10)
→ 'github:nix-community/nixpkgs.lib/fa827dda806c5aa98f454da4c567991ab8ce422c' (2024-03-17)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/e52d8117b330f690382f1d16d81ae43daeb4b880' (2024-03-11)
→ 'github:Mic92/sops-nix/83b68a0e8c94b72cdd0a6e547a14ca7eb1c03616' (2024-03-17)
• Updated input 'sops-nix/nixpkgs-stable':
'github:NixOS/nixpkgs/b17375d3bb7c79ffc52f3538028b2ec06eb79ef8' (2024-03-10)
→ 'github:NixOS/nixpkgs/6dc11d9859d6a18ab0c5e5829a5b8e4810658de3' (2024-03-16)
• Updated input 'uninsane-dot-org':
'git+https://git.uninsane.org/colin/uninsane?ref=refs/heads/master&rev=bb10cd8853d05191e4d62947d93687c462e92c30 ' (2024-02-15)
→ 'git+https://git.uninsane.org/colin/uninsane?ref=refs/heads/master&rev=9a3b2d74c3e6d177fd1317d03f4e3eecca7beb7b ' (2024-03-19)
```
2024-03-21 18:03:37 +00:00
e6c00e6215
users/services: implement dbus readiness checks for s6-rc
2024-03-21 17:16:11 +00:00
16ca71188f
users/services: simplify the before/after/wantedBy criteria, to match s6 concepts
2024-03-21 17:16:11 +00:00
d2f6648bce
users/services: refactor: replace ExecStart/ExecStopPost with command/cleanupCommand
...
note that this completely breaks the systemd backend (though easily fixable if wanted)
2024-03-21 17:16:11 +00:00
e7153ce4a1
users/services: remove ExecStartPre option
2024-03-21 17:16:11 +00:00
b13e7c38c7
users/services: remove script
option
2024-03-21 17:16:11 +00:00
058c95bb2c
sysvol: remove autostart option (assume true)
2024-03-21 17:16:11 +00:00
9b793ef4b8
programs: services: no need to fully-qualify paths anymore (s6 doesn't require)
2024-03-21 17:16:11 +00:00
1417497001
users/services: remove serviceConfig.Type option
2024-03-21 17:16:11 +00:00
db12e03f64
users/services: remove oneshot
service type
2024-03-21 17:16:11 +00:00
81a6c53c26
users/services: remove RemainAfterExit option
2024-03-21 17:16:11 +00:00
9afd9725d1
users: services: remove no-longer-needed Restart
and RestartSec
options
2024-03-21 17:16:11 +00:00
384bc9e816
xdg-desktop-portal: fix to not over-escape $HOME in s6 service definition
2024-03-21 17:16:11 +00:00
6c6e10e470
s6: install manpages
2024-03-21 17:16:11 +00:00
dcdf58e1ab
sway: simplify wrapper
2024-03-21 17:16:11 +00:00
48b2280f2e
feedbackd: fix over-escaping of $HOME
2024-03-21 17:16:11 +00:00
291e704477
programs: replace systemd-specific 'environment' option with generic 'env'
...
note, these services no longer work with systemd, because systemd expects absolute paths
2024-03-21 17:16:11 +00:00
d199e9df99
programs: wob (and wob-audio): remove
...
i don't use it, and its service file was no longer compatible with s6 (it used 'environment')
2024-03-21 17:16:11 +00:00
2336767059
port service manager to s6
...
still a lot of cleanup to do (e.g. support dbus service types), but it boots to a usable desktop
2024-03-21 17:16:11 +00:00
63af94383b
sane-input-handler: only inhibit controls if screen is on
2024-03-21 17:16:11 +00:00
0335b89a12
fractal: stop persisting old directories
2024-03-21 17:16:01 +00:00
0a6b0cbec7
gtkcord4: rename to dissent
2024-03-21 17:16:01 +00:00
df2310d590
gnome-keyring: ensure the keyring directory is created before entering the sandbox
2024-03-21 17:16:01 +00:00
3c43fba878
feeds: add NativLang per Ben's rec
2024-03-14 07:53:19 +00:00
7904957544
give self cap_sys_nice
2024-03-14 07:02:57 +00:00
d08f318e4b
pmos: move to correct section
2024-03-13 23:51:24 +00:00
288d57e5d5
feeds: subscribe to pmOS blog
2024-03-13 23:20:45 +00:00
6595d177be
gimp: fix sandboxing
2024-03-13 11:36:57 +00:00
d194abb4bf
swaync: stylize the actual notifications
2024-03-13 11:29:05 +00:00
eaf45e2366
swaync: re-theme (pink/black)
2024-03-13 11:07:17 +00:00
66e04857b6
swaync: fix dimensions to be compatible with pinephone
2024-03-13 08:29:23 +00:00
fa0dcdc5be
swaync: splie style.css out to own file
2024-03-13 08:18:34 +00:00
23b87a283a
swaync: move to own directory
2024-03-13 08:17:14 +00:00
849ca59f68
swaync: fix styling of toggle buttons
2024-03-13 08:16:47 +00:00
5e1a6062af
swaync: ensure it starts *after* pipewire-pulse so that the mpris plugin can function
2024-03-13 07:53:45 +00:00
8dacb93861
fontconfig: remove no-longer-needed cache; disable Font Awesome (emoji seem well-covered by Noto Color Emoji)
2024-03-13 05:28:57 +00:00
eafabe87c4
xdg-desktop-portal: tell systemd the BusName of the service so that it won't consider it started until after said bus name is acquired
...
this partially fixes an error in sandboxed gtk apps where they would try to connect to org.freedesktop.portal to query settings, and then fall back to bad default fonts when the endpoint errored (because xdp-gtk wasn't ready)
2024-03-13 05:27:43 +00:00
ac22b36d78
dconf: invoke it ourselves instead of letting dbus do it for us
2024-03-13 04:49:48 +00:00
4439491bf0
dconf: fix over-restrictive sandboxing (because previously it was being run unsandboxed...)
2024-03-13 04:49:48 +00:00
546482dc80
dconf: disable GIO_EXTRA_MODULES patch
2024-03-13 02:41:39 +00:00
2f07fff084
dconf: migrate to sane.programs
2024-03-13 02:33:02 +00:00
294563c655
dbus: fix to only search /run/current-system/sw/share/dbus-1 for service files
2024-03-13 02:04:02 +00:00
7513811111
blast: minor cleanups
2024-03-12 12:06:57 +00:00
eabd113262
mpv: blast: shut it down properly even when sandboxed
...
it only cost everything. also, blast doesnt reliably clean up its pseudo devices
2024-03-12 11:51:15 +00:00
01fa9919fd
mpv: route casting through a lua script
...
this lets me use `subcprocess` instead of `run`, and so the command terminate alongside mpv
2024-03-12 05:01:45 +00:00
56a2c4e49f
mpv: split conf files out of main nix code
2024-03-12 03:32:07 +00:00
bf953fbdb5
mpv: move to own dir
2024-03-12 03:27:20 +00:00
4f2d0f2e56
mpv: tune uosc options
2024-03-12 03:05:56 +00:00
08ee0375cc
mpv: blast-to-default: remove unnecessary xdg-terminal-exec indirection
2024-03-11 12:07:08 +00:00
afd1a42ec7
mpv: refer to xdg-terminal-exec by name, not full path
2024-03-11 11:56:53 +00:00
21691fc2fd
mpv: add a menu option to cast just the audio, via Blast
2024-03-11 11:43:53 +00:00
c1edf96ce0
blast-ugjka: introduce a helper blast-to-default
program
2024-03-11 11:43:29 +00:00
21714849cf
sway: get Celeste to run in fullscreen again
2024-03-11 08:04:21 +00:00
379f3ef9e0
zsh: deref alias: make the result writable
2024-03-11 08:01:27 +00:00
6822dad9c0
splatmoji: remove from config
2024-03-11 07:53:48 +00:00
9f8e42ef92
fcitx5: enable
2024-03-11 07:44:21 +00:00
bda374db13
sway: ship the nightly version
2024-03-11 05:53:14 +00:00
180a217744
cleanup: remove unnecessary config = { ... }
scope
2024-03-11 04:31:11 +00:00
f13ece2212
sway: tune resize more shortcuts; enable natural scrolling
2024-03-11 04:30:28 +00:00
0905a658ad
rofi: cherry-pick my patches instead of pinning to a fork
...
wayland upstream released 1.7.5+wayland3, which is compatible with my patches
2024-03-10 23:43:34 +00:00
90b9d00f37
swaync: remove mpris icon patch (upstreamed)
2024-03-10 23:16:33 +00:00
573a50fedc
doc: pipewire: mention some debug env vars
2024-03-10 04:59:51 +00:00
f8797a77ff
blast: ship it!
...
TODO: integrate into mpv :)
2024-03-10 04:09:34 +00:00
e6111c9d5e
firefox: hide the bookmarks menuabar
2024-03-10 01:59:46 +00:00
ce8c4a4f6f
remove dead binfmt code
2024-03-10 01:05:33 +00:00
4d6eb705eb
mpv: link to some useful extensions
2024-03-10 01:02:54 +00:00
fd70b6acbf
rofi: tune maximum height
2024-03-09 23:34:43 +00:00
30d49dc3c3
feeds: update Anish's URL
2024-03-09 20:51:15 +00:00
8e0031e770
feeds: update Byrne Hobart's feed URL
2024-03-09 20:49:01 +00:00
7a50fcf566
feeds: unsubscribe webcurious.co.uk (defunct)
2024-03-09 20:46:08 +00:00
8af962c3a6
mpv: auto-populate internal playlist with other files in the same directory, on launch
...
so now i can listen to whole albums by opening any file from within them.
and for shows the next episode will automatically launch.
2024-03-09 03:02:09 +00:00
9ea39799a5
zsh: fix c
alias
2024-03-09 03:01:37 +00:00
f2e760710d
sysvol: tune its position
2024-03-08 23:06:37 +00:00
dc70ed8bd8
pipewire: wait for sockets to appear before considering it active
...
this fixes race around consumers like sysvol starting too early
2024-03-08 22:44:59 +00:00
2b73ebb4c1
sysvol: don't start until after pipewire is ready
2024-03-08 12:55:33 +00:00
df98ef30e0
sysvol: integrate as a service (sane.programs)
2024-03-08 11:53:13 +00:00
f3568b3ffc
sway: port volume controls: pulse -> pipewire
2024-03-08 09:56:15 +00:00
9eaf4d71b2
sway: use simpler assign
notation where applicable
2024-03-08 09:53:07 +00:00
3200188a32
sway: factor/generalize the TV workspace/output assignment
2024-03-08 09:50:35 +00:00
a4ab60b836
sway: auto-fullscreen everything on the TV
2024-03-08 09:42:07 +00:00
3282b40e9b
doc: sway: consider how to auto-fullscreen mpv on external display
2024-03-08 09:31:08 +00:00
39411164af
zsh: add deref
function to turn a symlink into a real file
2024-03-08 08:50:28 +00:00
c0a94995a5
docs: note limitations of schlock
2024-03-08 08:16:11 +00:00
f4b5d3a70a
sway: position certain apps (mpv, Celeste) on external displays by default
2024-03-08 06:27:16 +00:00
07373b5e6b
sway: configure TV output
2024-03-08 06:23:33 +00:00
7281b94e23
deadd-notification-center: add to sane.programs
...
this is the bare, nearly-default config. i may come back to this,
or explore fixing swaync up into shape. deadd looks possibly a bit more
limited; needs much more effort to style.
2024-03-08 04:06:18 +00:00
0e83742096
sway: allow config reloading
2024-03-08 03:44:33 +00:00
7d8205352c
moby: use screen scale of 2.0 in portrait AND landscape
2024-03-08 02:21:47 +00:00
c4994162e1
mpv: fix go2tv sandbox interaction
2024-03-08 02:06:23 +00:00
24a211bd3d
sane-input-handler: remove keyboard launch fallback
...
it'll never work, because of sandboxing
2024-03-08 01:18:39 +00:00
27c12edec0
wvkbd: change default key border 2 -> 1 px
...
since moby is scaled 2x, it's actually 2 px *in practice*
2024-03-08 00:45:45 +00:00
b41320ffb3
megapixels: fix sandbox-related crash
2024-03-08 00:16:29 +00:00
ac41cfcd42
wvkbd: tune height (by guess)
2024-03-08 00:01:23 +00:00
62cbc65f12
epiphany: fix sandboxing
2024-03-07 23:24:33 +00:00
ccb856faf5
sane-input-handler: power -> vol to rotate display
2024-03-07 23:22:07 +00:00
bb300a4eb5
swayidle: dont enable screenoff action by default
2024-03-07 11:18:34 +00:00
fd4842ab5b
swayidle: auto screenoff
2024-03-07 10:59:44 +00:00
041ce0654e
schlock: sandbox + auto-launch via .desktop file
2024-03-07 10:32:40 +00:00
1d0458ab10
schlock: ship as sane.programs
2024-03-07 10:10:39 +00:00
219fe67f34
systemd: reduce shutdown timeout from "20" to "10" sec (40s IRL)
2024-03-07 01:01:06 +00:00
90e3c33536
feeds: subscribe to slatecave.net
2024-03-06 22:40:57 +00:00
a9419b7351
swayidle: sandbox
2024-03-06 21:33:11 +00:00
f0d0343b32
sway: lappy: fix output name
2024-03-06 21:18:43 +00:00
bd27f3a015
swayidle: enable; pair with swaylock
2024-03-06 20:55:01 +00:00
6a3e632335
sway: remove config for old external displays i no longer use
2024-03-06 19:03:13 +00:00
a4c4b0575c
sway: map touch inputs to their correct display
2024-03-06 19:02:23 +00:00
63d95edcbe
zsh: fix c
alias
2024-03-06 09:47:33 +00:00
687e72897b
xdg-desktop-portal: don't always prompt the user for how to open every file
2024-03-06 06:25:36 +00:00
5f4e421ab9
sane-wipe: fix sandboxing
2024-03-06 05:11:24 +00:00
085232f18c
wvkbd: configure layers
2024-03-06 05:07:30 +00:00
18c7fc17fd
alacritty: configure font size per-host
2024-03-06 05:07:30 +00:00
a7567dfbe6
ship celeste64
2024-03-06 04:56:39 +00:00
bc0660b623
PDF viewer: evince -> zathura
2024-03-06 04:51:01 +00:00
d39bed46b5
rofi: allow access to Books
2024-03-06 01:39:48 +00:00
4b5d6b16e1
alacritty: ignore media keys
2024-03-05 23:25:31 +00:00
d5811f142d
notifyActive activation script -> apply only to GUI systems
...
else i get warnings on every servo activation
2024-03-05 18:46:43 +00:00
4d6d79cc81
servo: /var/lib/uninsane/media -> /var/media
2024-03-05 18:44:30 +00:00
6765fe8d7d
wob: rename sxmo.wobsock -> wob.sock
2024-03-05 10:00:45 +00:00
955119e07b
wob-audio: fix, by finishing the port to pipewire
...
also rewrote it in Python because bash can't do floating point math
2024-03-05 09:32:37 +00:00
d43cc6c61c
alsa-ucm-conf: fold the Pinephone patches into sane.programs.alsa-ucm-conf & distribute to all hosts
2024-03-05 00:28:07 +00:00
c86afca795
cozy: patch via sane.programs, not overlay
2024-03-04 09:26:25 +00:00
b1dff9bfa8
steam: fix controllers to work in the sandbox
2024-03-03 20:03:20 +00:00
0630037f86
steam: sandbox
...
controllers are untested, probably need to be added; graphics and sound work fine
2024-03-03 10:10:14 +00:00
9513680538
sway: enable net access in the sandbox (for Xwayland)
2024-03-03 10:09:29 +00:00
0affeb098a
rofi: optimize sizing
2024-03-03 07:36:33 +00:00
979d07d693
wob: port pulseaudio -> pipewire
2024-03-03 07:22:03 +00:00
fd072883dc
sane-input-handler: port pulseaudio -> pipewire native
2024-03-03 07:13:23 +00:00
ed87792f9b
sed: sandbox
2024-03-03 07:06:00 +00:00
8821b3ca7d
procps: sandbox
2024-03-03 06:55:17 +00:00
5e5a1fbaae
rofi: allow to use more space on moby when keyboard is active
2024-03-03 04:46:12 +00:00
d2f470dc74
wvkbd: sandbox
2024-03-03 04:44:23 +00:00
7933ef41a2
unl0kr: simplify this code
2024-03-03 04:43:44 +00:00
6b45589e54
wireplumber: ensure ALSA_UCM_CONF2 env var is on PATH
...
this is critical for pipewire/wireplumber to work on moby
2024-03-03 04:43:11 +00:00
b04357c9de
nix.conf: dont ship NIX_PATH for light deploys
...
it's like 150 MiB
2024-03-03 03:53:13 +00:00
4b04cbc078
mpv: couple app volume to system volume
2024-03-03 03:22:28 +00:00
1498e364b2
doc: mimeo: mention jaro as alternative
2024-03-03 03:16:10 +00:00
0aaa3eaaeb
mpv: remove legacy vo=wlshim hack
2024-03-02 23:46:52 +00:00
3ac6b92c18
/etc/nix/registry.json: don't generate for -light builds (it links back to src)
2024-03-02 23:42:58 +00:00
c747855810
bonsai: sandbox
2024-03-02 22:34:38 +00:00
711865018d
/etc/nixos: don't link on '*-light' builds
2024-03-02 22:13:04 +00:00
96ec0106ee
sane-input-handler: leverage sane-open-desktop instead of making direct gdbus calls
2024-03-02 21:20:47 +00:00
0c4d7761d3
sane-input-handler: sandbox
2024-03-02 21:20:47 +00:00
fe10640821
wob-pulse: sandbox
2024-03-02 20:57:44 +00:00
1fcf0bfcb1
swaync: fix signal-desktop check to be --user
2024-03-02 18:33:35 +00:00
a3ae650273
dialect: fix so it works inside a sandbox
2024-03-02 18:25:13 +00:00
3b603519ff
fuzzel: sandbox (well, i probably dont even have it on my system anymore :P)
2024-03-02 07:43:42 +00:00
f69ca166f4
sway: sandbox
2024-03-02 07:41:51 +00:00
3dd1d18dcd
less: sandbox
2024-03-02 07:11:45 +00:00
28cb705bd4
grim: sandbox
2024-03-02 07:11:45 +00:00
7fa1dbc5d5
slurp: sandbox
2024-03-02 07:11:45 +00:00
8b7575c205
swappy: sandbox
2024-03-02 07:11:45 +00:00
52e9902fa1
sane-screenshot: give it permissions to my screenshots dir (derp)
2024-03-02 06:14:05 +00:00
ab765a81af
sway: integrate sane-screenshot as the PrintScreen shortcut
2024-03-02 06:14:05 +00:00
a7bd831ad8
sane-screenshot: port to sane.programs
2024-03-02 06:14:05 +00:00
f4ec09f010
rofi: remember the last selected directory
2024-03-02 00:35:29 +00:00
a40cefc8a5
pipewire: speculatively add /dev/video*
2024-03-02 00:14:47 +00:00
f55bb3518f
wireplumber: add missing /dev/video2 which is on moby
2024-03-02 00:14:21 +00:00
3d16aa62ea
sway: let the pinephone default to it's normal scaling
...
it's actually pretty nice at 2.0 scaling with my current apps. i'll need to tweak swaync, conky, wvkbd, etc. later.
2024-03-01 23:53:31 +00:00
2548cfeadc
xdg-desktop-portal-wlr: fix crashing due to over-restrictive sandbox
2024-03-01 21:17:31 +00:00
90acbf716d
Videos/gPodder: allow access from mpv and rofi
2024-03-01 21:02:04 +00:00
bba149c670
zsh: new c
helper to change into a dir and list it
2024-03-01 20:09:20 +00:00
c056984003
zsh: alias exiy -> exit
2024-03-01 19:56:09 +00:00
2324d75165
switch psmisc -> killall
...
otherwise a really shitty `pstree` makes its way onto my PATH
2024-03-01 18:50:20 +00:00
9296b7731b
rofi: add a .desktop file to rofi-snippets
2024-03-01 18:07:52 +00:00
95c95d6f53
splatmoji: actually install the .desktop files
2024-03-01 18:03:45 +00:00
fca23e661a
xdg-desktop-portal: disable debug logging
2024-03-01 17:50:49 +00:00
9a7ebbd9d3
rofi: configure window height/location
2024-03-01 17:18:40 +00:00
56b00d998e
rofi: theme
...
i still need to figure out how to make it wider for moby
2024-03-01 16:40:09 +00:00
01ef182073
waybar: theme the indicator style
...
i don't know if it's perfect, but it is better
2024-03-01 15:32:52 +00:00
b6daeddfa2
waybar: show different modules for moby v.s. others
2024-03-01 15:25:42 +00:00
c6e956f3d2
waybar: fix button.urgent
color to match sway's client.urgent
2024-03-01 15:03:14 +00:00
82368eb45a
sway: desko: fix monitor layout
...
i guess my monitor's name changed... 👀
2024-03-01 07:19:00 +00:00
65fb9e1d57
rofi: allow access to more servo media paths
2024-03-01 07:14:41 +00:00
b02ae7ef74
moby: polyfill an OK sway layout
2024-03-01 05:20:28 +00:00
37ddb2ae17
waybar: fix font size to be more usable on moby
2024-03-01 04:46:06 +00:00
81e02e2885
sway: moby: fix layout/scale preferences
2024-03-01 04:38:26 +00:00
4a3f59468c
sway: launch gui apps via sane-open-desktop instead of inline
...
this will allow for sandboxing, in the future
2024-03-01 04:19:19 +00:00
daab5939e7
rofi: split sane-open-desktop
out as a helper
2024-03-01 04:19:19 +00:00
e7430c41f9
refactor: sway-config: for readability
2024-03-01 03:29:52 +00:00
5849e75577
sway-config: remove dead window specializations
2024-03-01 03:21:47 +00:00
296123651c
sway: fold sway-config.nix
into default.nix
2024-03-01 03:18:37 +00:00
7f0d5e7810
sane-input-handler: explain why i setsid
2024-03-01 03:11:06 +00:00
7af928a6d2
sway: direct inputs to bonsai WITHOUT swallowing them
2024-03-01 03:10:44 +00:00
b73569d675
wvkbd: fix service typo
2024-02-29 22:04:42 +00:00
50ee15ef2b
send sway-related cross patches upstream
2024-02-29 21:35:02 +00:00
9764d5f095
sway/waybar: decrease cross-specific patches
...
cava cross compiles now (yay); sndio is actually required by waybar if cava is enabled, so remove the disable
2024-02-29 18:56:54 +00:00
43386f3ba5
nixpkgs: update; couple cross-compiling patches have merged upstream
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/0852bff4370133e3a62b0cc7d14d193b928a7c59' (2024-02-29)
→ 'github:nixos/nixpkgs/e894afb6c101fea0771b47d7827bef022e89ee1e' (2024-02-29)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/9f21aa90cb8c078969543956d88c19696b646743' (2024-02-29)
→ 'github:nixos/nixpkgs/d29fabd630000579f744d04639d625828ba412bf' (2024-02-29)
```
2024-02-29 18:22:35 +00:00
a3a6278a59
notifyActive: don't depend on sway
...
it was a little silly to be shipping sway on headless systems
2024-02-29 17:32:19 +00:00
083f743c1f
remove nixpkgs less
defaults and manage PAGER myself
...
this lets me avoid the lesspipe cross failures, notably
2024-02-29 15:18:51 +00:00
6253d1799a
port sxmo_hook_inputhandler.sh -> sane-input-handler
...
this one can run outside the SXMO environment.
major thing missing at the moment is that rofi doesn't get volume
control inputs because bonsai out-competes it for exclusive control.
2024-02-29 01:26:38 +00:00
d8a8038cae
xdg-terminal-exec: define a .desktop file
2024-02-29 00:17:26 +00:00
7fd56b63cb
rofi: better patch for the DT_UNKNOWN edgecase
2024-02-28 21:41:59 +00:00
7a65bd36c7
rofi: patch the filebrowser to reliably list entries on remote filesystems
...
see: <https://github.com/davatorium/rofi/issues/1954 >
2024-02-28 21:18:19 +00:00
40e30cf2f8
programs: make sandbox.wrapperType default to "wrappedDerivation" and remove everywhere i manually set that
2024-02-28 17:39:00 +00:00
812c0c8029
packages: reduce the number of packages which are using inplace sandbox wrapping
2024-02-28 17:35:40 +00:00
70229e0839
rofi: persist the filebrowsercache
2024-02-28 15:41:52 +00:00
cd303a76bc
rofi: disable "run" from combi
...
they wouldn't work, since i only 'xdg-open' the entries
2024-02-28 15:32:12 +00:00
e43aa3bb8b
splatmoji: fix sandboxing so rofi can read its config/cache
2024-02-28 15:19:53 +00:00
6c2d80715c
rofi-snippets: fix sandboxing so rofi can read its config/cache
2024-02-28 15:15:02 +00:00
d912190db5
sway: split snippets into own program (rofi-snippets)
2024-02-28 14:44:05 +00:00
c380f61bea
fix "rescue" host to eval again
2024-02-28 14:19:45 +00:00
b302113fc0
modules/programs: require manual definition; don't auto-populate attrset
...
this greatly decreases nix eval time
2024-02-28 13:35:09 +00:00
3816393e06
rofi: try integrating rofi-emoji (failed)
2024-02-28 01:28:05 +00:00
4c6c470c86
sway: snippets: port from fuzzel -> rofi
2024-02-28 01:26:22 +00:00
409a4db232
splatmoji: use rofi instead of fuzzel
...
will be best if i can port everything to one dmenu helper
2024-02-28 01:18:51 +00:00
8f424dcd5a
programs: sandboxing: link /etc into sandboxed programs
...
this is crucial for e.g. swaync, to find its resource files.
maybe a good idea to link *every* package directory which i also link
into /run/current-system.
2024-02-27 22:25:17 +00:00
67536e3c1f
programs: assorted: correct sandbox paths now that Pictures/Videos/Books are categorized
...
i don't like this Pictures/ approach though. i may reconsolidate some of those
2024-02-27 21:37:20 +00:00
715de37954
rofi: fix files to be opened with xdg-open
2024-02-27 21:20:12 +00:00
c8035abddf
fs: Books: persist subdirectories individually
...
TODO: KOReader will need to be updated for this
2024-02-27 20:48:38 +00:00
ef1cdac6b4
fs: split Pictures into separate persisted directory
...
TODO: update camera and screenshot apps to be aware of these directories
2024-02-27 20:46:25 +00:00
e37a7d85b3
~/Videos: don't persist ALL videos: just ~/Videos/local
...
otherwise, ~/Videos/servo is a symlink which the programs module doesn't know how to traverse (and hence, sandbox).
2024-02-27 20:45:56 +00:00
36f6c72183
rofi: sandbox, and launch apps via xdg-open or gdbus
2024-02-27 18:35:15 +00:00
20a1aeb5b3
programs: add gdbus as a standalone program, separate from the rest of glib
2024-02-27 18:28:24 +00:00
4379addf9e
plumb my configured sway through to everywhere that wants pkgs.sway
.
...
kinda ugly. this lets me avoid having multiple versions of sway on my
system.
2024-02-27 16:11:10 +00:00
5c7eceeb55
grimshot: move to own file
2024-02-27 14:54:53 +00:00
50aa16df81
cross compilation: remove unused patches; note upstreaming status
2024-02-27 14:53:26 +00:00
40e22533fb
swaynotificationcenter: update config/patches to be compatible with 0.10.0
2024-02-27 11:19:29 +00:00
92033c8414
rofi: place druncache into rofi cache dir
2024-02-27 01:21:27 +00:00
16f0424631
rofi: patch so that i can use -run-command "my-launcher {app_id}.desktop"
...
this plus xdg-desktop-portal's DynamicLauncher should provide a way to sandbox everything
2024-02-27 01:03:21 +00:00
6fd1ce1f61
rofi: port cache from plaintext to cryptClearOnBoot
...
because i don't think it has any invalidation logic
2024-02-26 23:04:50 +00:00
a7c325c8e1
xdg-desktop-portal: link applications
so that DynamicLauncher portal can work
2024-02-26 22:31:48 +00:00
fc7814e6cd
docs: mime: document gio launch
2024-02-26 22:29:15 +00:00
245e6c93cd
docs: xdg-desktop-portal: document notable dbus endpoints
2024-02-26 22:29:03 +00:00
ec073592ed
sway: use rofi app launcher instead of fuzzel
2024-02-26 21:22:03 +00:00
617525a317
programs: add rofi (dmenu-style launcher/file browser)
2024-02-26 21:21:30 +00:00
dd6e1c5e38
flake: fix "deploy" commands to bypass substituters, and address deprecated nix path signing
2024-02-26 15:01:14 +00:00
f2e1bb6b86
programs: python3-repl: sandbox
2024-02-25 18:52:55 +00:00
c402a265cd
programs: stepmania: sandbox
2024-02-25 18:26:32 +00:00
d5643a6a5d
assorted static-nix-shell packages: use srcRoot
2024-02-25 17:37:38 +00:00
c9c1181242
programs: wireplumber: sandbox
2024-02-25 17:11:48 +00:00
f9888fe8d6
programs: sane-private-init: sandbox
2024-02-25 16:46:10 +00:00
036145e6ba
programs: sane-private-change-passwd: sandbox
...
note that this is entirely untested
2024-02-25 16:35:13 +00:00
7c486492c8
programs: pipewire: port sandbox to bwrap and restrict further
2024-02-25 15:19:57 +00:00
890b41f563
programs: pipewire: sandbox
...
still need to sandbox wireplumber
2024-02-25 14:34:11 +00:00
ca36fe1b96
programs: gnome.seahorse: sandbox
2024-02-25 12:03:42 +00:00
d2df668c9e
modules/programs: sane-sandboxed: replace --sane-sandbox-keep-pidspace with --sane-sandbox-keep-namespace <pid|cgroup|ipc|uts>
2024-02-25 12:00:00 +00:00
b7921ac41b
refactor: programs: sort
2024-02-25 11:53:49 +00:00
c304367e21
programs: gnome-maps: sandbox
2024-02-25 11:51:50 +00:00
2ad33a49df
refactor: pipewire: remove dead code
2024-02-25 10:38:42 +00:00
0b4efd2ab2
pipewire: migrate services to sane.programs to completely disable socket activation
...
see: https://github.com/NixOS/nixpkgs/issues/291318
2024-02-25 10:36:21 +00:00
0745e9fc06
refactor: programs: split gnome-maps into own file
2024-02-25 09:06:32 +00:00
e0267b5669
programs: pipewire: disable socket activation
2024-02-25 08:55:59 +00:00
b3c7aac8c5
programs: wike: sandbox: enable DRI to fix graphical glitches
2024-02-25 08:38:10 +00:00
c788596c45
programs: sane-private-do: grant net access
...
crucial for e.g. sane-private-do git push
2024-02-25 08:25:13 +00:00
6865331b48
programs: sandbox sane-scripts.private-do
2024-02-25 05:41:27 +00:00
04a6055d06
remove /libexec from environment.pathsToLink
2024-02-25 05:12:44 +00:00
f714bd8281
programs: jq: sandbox
2024-02-25 01:59:01 +00:00
73b2594d9b
programs: sandboxing: distinguish between "existingFileOrParent" and "existingOrParent"
2024-02-25 01:59:01 +00:00
0f1ad0f3c9
fs: auto-mount /mnt/<host>/home and enable "follow_symlinks" option
2024-02-24 16:04:04 +00:00
eecb98e2ee
programs: bonsai: fix eval error
2024-02-23 16:00:32 +00:00
6267e7f966
tidy up small persist/private nitpicks
2024-02-23 14:44:38 +00:00
120a41b169
persistence: split /var/log persistence into dedicated "initrd" store
2024-02-23 14:42:47 +00:00
aa0991bd6c
persistence: cleanup so it all works well with symlink-based stores
2024-02-23 13:09:44 +00:00
62b39bf01e
firefox: integrate the "persist" config into "sane.programs"
2024-02-23 11:23:41 +00:00
0d8307e877
programs: gnome-keyring: sandbox
...
and now secrets are readable again. they were broken for the last ~10 commits :)
2024-02-23 09:49:35 +00:00
9b1a2ae9bb
programs: mpv: remove useless "extraRuntimePaths = []" override
2024-02-23 09:32:19 +00:00
b8b805765b
programs: gnome-keyring-daemon: remove the SUID wrapper
...
it's not actually mandated. just, when enabled, gkd will `mlock` its
secrets into memory. but i don't use swap anyway. plus, i'll enable that
momentarily anyway (though systemd will probably not understand the
capablity)
2024-02-23 09:28:41 +00:00
84eae20765
gnome-keyring: don't integrate with PAM
...
PAM integration is only required if the keyring is encrypted on-disk
2024-02-23 09:15:30 +00:00
4a10c5f729
gnome-keyring: start as systemd service explicitly, not as implicit dbus service
2024-02-23 09:09:54 +00:00
c2696c1cd9
gnome-keyring: use sane.fs abstractions to write out the keyrings
2024-02-23 08:57:41 +00:00
ea6f45555c
gnome-keyring: simplify the scripts (untested)
2024-02-23 08:14:09 +00:00
687db545b4
gnome-keyring: move persistence and init script to sane.programs
2024-02-23 07:22:07 +00:00
24d1d13d0a
programs: simplify sandboxing of file browsers/etc now that private data lives on a different mount
2024-02-23 07:06:29 +00:00
2ada436634
home: remove ~/private symlink; move to .persist/private and add related aliases
2024-02-23 07:06:29 +00:00
e5ad0862fb
refactor: move ~/ fs definitions into hosts/common/home, not users/
2024-02-23 07:06:29 +00:00
057b9e3fed
replace links/references to ~/private/FOO with just ~/FOO
2024-02-23 07:06:29 +00:00
1bcfccf7e3
refactor: persist ~/knowledge formally instead of relying on the symlink
2024-02-23 07:06:29 +00:00
a402822084
move "private" store to /mnt/persist/private instead of ~/private
...
this will allow me to add all of ~ to a sandbox without giving all of ~/private
2024-02-23 07:06:29 +00:00
771dc2e1ce
fs: allow common /mnt points to be mounted by me without sudo
2024-02-23 07:06:29 +00:00
4a316d4b91
bonsai: lift out of sxmo
2024-02-23 07:06:29 +00:00
af03b3f6e8
xwayland: sandbox
2024-02-23 01:05:24 +00:00
5819f07181
programs: xwayland: sandbox
2024-02-22 22:12:03 +00:00
122f3fa5cc
sway: remove xwayland-specific placement of Signal
...
it breaks non-xwayland sway config parsing, and Signal is native Wayland now anyway even with Xwayland running'
2024-02-22 22:01:48 +00:00
f27f994090
systemd: fix the timeout for the user service manager
2024-02-22 00:24:05 +00:00
473999c001
sway: re-enable networkmanager
2024-02-21 23:46:25 +00:00
d1de9efde1
sway: port xwayland use to sane.programs API
2024-02-21 23:32:10 +00:00
50c3f04714
pipewire: remove dead alsa comments
2024-02-21 23:26:40 +00:00
49bad8f186
sway: split pipewire persisted file into pipewire.nix
2024-02-21 23:26:25 +00:00
fd9f500e97
sway: split pipewire config into separate sane.programs.pipewire
2024-02-21 23:23:52 +00:00
386651044e
sway: port to sane.programs API
2024-02-21 23:18:57 +00:00
55a6c828f2
sway: lift portal/menu reset into polyunfill.nix
2024-02-21 22:09:53 +00:00
d77a12ce7b
unl0kr: remove the "afterLogin" option and choose automatically which desktop to launch
2024-02-21 20:47:48 +00:00
153d2a1047
GSK_RENDERER: don't set globally, but just for the apps which _actually_ require it
...
this way i can avoid conflicts around apps which don't expect this to be set (e.g. delfin)
2024-02-21 16:56:56 +00:00
b8f090be93
programs: delfin: add required mpris permissions
2024-02-21 13:27:19 +00:00
5a0760a571
programs: sandbox oathtools
2024-02-21 00:03:48 +00:00
757ab79724
programs: dconf: sandbox
2024-02-20 23:43:25 +00:00
81148b7b42
programs: explicitly depend on dconf instead of manually persisting dconf's dirs
2024-02-20 23:39:27 +00:00
429d0c53e7
programs: ripgrep: sandbox with bwrap instead of landlock
...
this provides network isolation
2024-02-20 23:32:54 +00:00
6cf1bc5a28
programs: grep: sandbox
2024-02-20 23:32:28 +00:00
768b340c93
findutils: sandbox
...
use bwrap instead of landlock for the dumb preference that i can disable
net
2024-02-20 23:31:58 +00:00
d9901aa161
programs: sane-secrets-*: sandbox
2024-02-20 23:31:39 +00:00
be2098c18a
programs: sane-vpn: sandbox
2024-02-20 23:05:24 +00:00
bb569b1668
sane-vpn: port away from systemd so that i can use it as an ordinary user (no sudo)
2024-02-20 22:21:02 +00:00
71025329e7
programs: sane-dev-cargo-loop: sandbox
2024-02-20 19:26:38 +00:00
ca4d1e3b9d
programs: sane-tag-music: sandbox
2024-02-20 19:26:18 +00:00
284b698015
sane-reclaim-boot-space: fix, and sandbox
...
well i didn't get to test this thoroughly: might still have problems
2024-02-20 19:16:36 +00:00
bc50daf685
nix.settings: port to structured attrs
2024-02-20 18:35:03 +00:00
47dcfb9cba
fix nix.settings.nix-path
to actually take effect
...
now i can `nix-shell` again! nix-path takes precedence over `NIX_PATH`
env var.
2024-02-20 17:54:25 +00:00
2bd99f6e51
remove no-longer-needed nix trusted-users setting
...
well, it *seems* to work, at least!
2024-02-20 13:43:41 +00:00
8beac8df2f
programs: sandbox sane-shutdown, sane-reboot
2024-02-20 13:43:05 +00:00
58db553c84
programs: unl0kr: sandbox
2024-02-20 13:29:56 +00:00
2ea3776d84
programs: sane-sync-from-servo: remove
...
this was obsoleted by the top-level flake `sync` scripts
2024-02-20 13:16:21 +00:00
d596d005ca
systemd: configure a 25s stop timeout for the user manager too (hopefully)
2024-02-20 13:11:47 +00:00
e92db138ef
systemd: allow ordinary users to invoke shutdown/reboot
2024-02-20 12:25:04 +00:00
5fed127c23
refactor: split systemd config into own file
2024-02-20 12:18:28 +00:00
db49f0461c
refactor: move nix stuff out of common/default.nix -> common/nix/default.nix
2024-02-20 12:16:00 +00:00
73bb7827c0
refactor: nix-path/ -> nix/
2024-02-20 12:13:52 +00:00
a624571b22
move glib program recommendation into programs/assorted.nix
2024-02-20 12:11:26 +00:00
53cbe5c8da
dconf: split into own sane.programs
definition
2024-02-20 12:09:52 +00:00
46de7b7e0d
move environment.defaultPackages clearing into polyunfill.nix
2024-02-20 11:54:39 +00:00
d7be5da483
warnings.nix: port to a proper module
2024-02-20 11:19:12 +00:00
902e351085
hack: silence the warning about using hashedPasswordFile *and* initialPassword
...
see: <https://github.com/NixOS/nixpkgs/pull/287506 >
i'll factor this into something more general, later
2024-02-20 11:11:07 +00:00
a05184f956
programs: neovim: fix nvim-treesitter typo
2024-02-20 10:23:52 +00:00
36ad2d5421
programs: unl0kr: auto-derive the user option
2024-02-20 07:21:22 +00:00
b0f62830a5
unl0kr: port to sane.programs
2024-02-20 07:14:30 +00:00
c7f4661c1c
programs: htop: persist config
2024-02-20 05:38:45 +00:00
e8306831c5
programs: qemu: mark as slowToBuild
2024-02-20 05:34:47 +00:00
41b1a013d7
programs: sane-sudo-redirect: disable sandbox
2024-02-19 17:09:27 +00:00
f785ccd351
programs: sane-reclaim-disk-space: sandbox
2024-02-19 17:06:22 +00:00
48744dcaaa
programs: sane-ip-reconnect: remove (unused)
2024-02-19 17:05:27 +00:00
9373864b60
programs: sane-git-init: remove (unused)
2024-02-19 16:53:59 +00:00
c16c9dfe0b
programs: sandbox a bunch of sane scripts
2024-02-19 16:51:53 +00:00
2d17826731
programs: eza: sandbox with bwrap instead of landlock
2024-02-19 15:32:40 +00:00
de297f22be
programs: split sane-scripts out of assorted.nix
2024-02-19 14:19:10 +00:00
4b47b76461
programs: sfeed: sandbox
2024-02-19 14:14:59 +00:00
3effd59c9b
xdg-desktop-portal-{gtk,wlr}: start via service manager, with ordered deps, instead of letting dbus activate it for us
...
that gets more reliable environment importing, etc
2024-02-19 13:44:23 +00:00
44647e0d36
programs: forkstat: sandbox
2024-02-19 13:15:15 +00:00
da1053d635
programs: configure auto-launching programs to only start *after* graphical-session.target
...
this ensures they really have their environment
2024-02-19 12:58:08 +00:00
273b1b84e3
systemd: reduce the stop job timeout
2024-02-19 12:58:08 +00:00
8886177c23
xdg-desktop-portal: fix it to find all the portal configs again
...
maybe i broke this when i simplified XDG_CONFIG_DIRS? not sure
2024-02-19 12:58:08 +00:00
f72bdb6f3a
activationScripts: notify on deploy: fix to work with new SWAYSOCK name
2024-02-19 08:21:23 +00:00
5666a05ef0
strip out a bunch of unused nixpkgs defaults
2024-02-19 06:20:13 +00:00
35b4cc779f
megapixels: switch to bwrap, to support Loupe image viewer
2024-02-18 18:46:37 +00:00
c7d111a318
megapixels: 1.7.0 -> 1.8.0
2024-02-18 18:27:47 +00:00
7e5eb6324d
megapixels: sandbox
...
it's iffy... 1.8.0 is released, which can be sandboxed w/o sys/dev/char or ~/.local/share/applications, but seems to be even flakier
2024-02-18 17:44:49 +00:00
55c305812d
WIP: megapixels: sandbox
2024-02-18 13:53:18 +00:00
67395bdcd3
programs: ship forkstat
2024-02-18 11:58:30 +00:00
a591be98d4
programs: portfolio-filemanager: sandbox
2024-02-18 07:07:29 +00:00
82e028e37d
programs: nautilus: assign a mime priority
2024-02-18 07:07:29 +00:00
a531676d0d
mime: include an error message when two file associations have identical mime priority
2024-02-18 07:07:29 +00:00
7f7543ee78
programs: planify: sandbox
2024-02-18 07:07:29 +00:00
8d0e3e0db3
programs: notejot: sandbox
2024-02-18 07:07:29 +00:00
bf352d184c
programs: tangram: sandbox
2024-02-18 07:07:29 +00:00
81a6600f54
programs: xarchiver: sandbox
2024-02-18 07:07:29 +00:00
536f0aedc3
open-in-mpv: remove my patch which has been upstreamed, previously required to use xdg-open
2024-02-18 04:52:27 +00:00
98aafead94
programs: wob: add missing "coreutils" dep
...
it *should* be acquired via user's PATH, but wob-pulse can start before sway imports PATH to systemd
2024-02-17 16:38:22 +00:00
f8663cd827
programs: monero-gui: sandbox
2024-02-17 16:06:58 +00:00
af1ee1734d
programs: wireguard-tools: sandbox
2024-02-17 15:54:16 +00:00
5375cab716
programs: ntfy-sh: sandbox
2024-02-17 15:47:47 +00:00
162b3f5674
imagemagick: don't add 'ghostscript' package to path
2024-02-17 15:45:50 +00:00
a729f91d21
programs: jq: add working sandbox criteria, but don't enable yet
...
i need to handle the extremely common `cat foo | jq .` without adding
`.` to the sandbox
2024-02-17 15:36:41 +00:00
a273b559e2
programs: gnome-disk-utility: sandbox
2024-02-17 15:36:28 +00:00
785b375671
programs: smartmontools (smartctl): sandbox
2024-02-17 15:36:13 +00:00
24cba0c856
programs: xq: remove
2024-02-17 15:30:23 +00:00
df1db5d01c
programs: sox: sandbox
2024-02-17 15:27:22 +00:00
6749b64bca
programs: nautilus: add mounted media to the sandbox
2024-02-17 15:26:49 +00:00
d3e4bdfcd5
programs: gdisk: fix sandboxing
2024-02-17 15:26:16 +00:00
799cd4373f
programs: socat: disable
2024-02-17 15:11:12 +00:00
2efa6d1e27
programs: mepo: sandbox
2024-02-17 15:08:21 +00:00
a1470956a5
programs: gdisk: sandbox
2024-02-17 14:57:33 +00:00
556c20bc04
programs: vulkan-tools: sandbox
2024-02-17 14:53:22 +00:00
cf5f58dda6
programs: nmap: sandbox
2024-02-17 14:51:26 +00:00
6f8c299c69
programs: xdg-desktop-portal: log more
2024-02-17 14:40:56 +00:00
bbf7aac062
programs: gnome-frog: sandbox
2024-02-17 14:40:42 +00:00
7d1fd2f30a
programs: nvme-cli: sandbox
2024-02-17 14:40:29 +00:00
472987f164
programs: gimp: fix sandboxing failure
2024-02-17 13:43:35 +00:00
784c2145f3
programs: iputils: sandbox
2024-02-17 03:33:05 +00:00
0000afb315
programs: make nixosBuiltins
package set more precise
2024-02-17 03:08:14 +00:00
31fa21bd20
programs: host/iproute2/iw/nettools/wirelesstools: sandbox
2024-02-17 03:05:58 +00:00
9510817604
programs: document nixosBuiltins programs
2024-02-17 02:40:28 +00:00
4a84de3ee4
programs: inetutils/iptables: sandbox
2024-02-17 02:32:57 +00:00
ab42a4cc5a
programs: qemu: disable sandbox
2024-02-17 01:43:58 +00:00
f6537b083a
programs: discord: add dbus to sandbox
2024-02-17 01:42:22 +00:00
1b4306e649
programs: switch bridge-utils, btrfs-progs from landlock -> bwrap
...
landlock can't isolate net yet, so bwrap gives better sandboxing
2024-02-16 15:32:41 +00:00
af8a8358bd
programs: hdparm: sandbox
2024-02-16 15:32:41 +00:00
464c6c56c5
programs: btrfs-progs: sandbox
2024-02-16 15:32:41 +00:00
8e314e8b73
programs: bridge-utils: sandbox
2024-02-16 15:32:41 +00:00
198029f95f
programs: netcat: sandbox
2024-02-16 15:32:41 +00:00
1d646459ab
programs: pulsemixer: sandbox
2024-02-16 15:32:41 +00:00
8f3bab3636
programs: sort
2024-02-16 15:32:41 +00:00