2ea3776d84
programs: sane-sync-from-servo: remove
...
this was obsoleted by the top-level flake `sync` scripts
2024-02-20 13:16:21 +00:00
d596d005ca
systemd: configure a 25s stop timeout for the user manager too (hopefully)
2024-02-20 13:11:47 +00:00
e92db138ef
systemd: allow ordinary users to invoke shutdown/reboot
2024-02-20 12:25:04 +00:00
5fed127c23
refactor: split systemd config into own file
2024-02-20 12:18:28 +00:00
db49f0461c
refactor: move nix stuff out of common/default.nix -> common/nix/default.nix
2024-02-20 12:16:00 +00:00
73bb7827c0
refactor: nix-path/ -> nix/
2024-02-20 12:13:52 +00:00
a624571b22
move glib program recommendation into programs/assorted.nix
2024-02-20 12:11:26 +00:00
53cbe5c8da
dconf: split into own sane.programs
definition
2024-02-20 12:09:52 +00:00
46de7b7e0d
move environment.defaultPackages clearing into polyunfill.nix
2024-02-20 11:54:39 +00:00
d7be5da483
warnings.nix: port to a proper module
2024-02-20 11:19:12 +00:00
902e351085
hack: silence the warning about using hashedPasswordFile *and* initialPassword
...
see: <https://github.com/NixOS/nixpkgs/pull/287506 >
i'll factor this into something more general, later
2024-02-20 11:11:07 +00:00
9e8e1d82a6
flake: add a deploy.self-light target
2024-02-20 10:24:33 +00:00
a05184f956
programs: neovim: fix nvim-treesitter typo
2024-02-20 10:23:52 +00:00
36ad2d5421
programs: unl0kr: auto-derive the user option
2024-02-20 07:21:22 +00:00
b0f62830a5
unl0kr: port to sane.programs
2024-02-20 07:14:30 +00:00
f970679266
sxmo: remove symlinks for legacy sxmo_hook_{poweroff,reboot}.sh
2024-02-20 06:49:42 +00:00
c7f4661c1c
programs: htop: persist config
2024-02-20 05:38:45 +00:00
e8306831c5
programs: qemu: mark as slowToBuild
2024-02-20 05:34:47 +00:00
41b1a013d7
programs: sane-sudo-redirect: disable sandbox
2024-02-19 17:09:27 +00:00
f785ccd351
programs: sane-reclaim-disk-space: sandbox
2024-02-19 17:06:22 +00:00
48744dcaaa
programs: sane-ip-reconnect: remove (unused)
2024-02-19 17:05:27 +00:00
9373864b60
programs: sane-git-init: remove (unused)
2024-02-19 16:53:59 +00:00
c16c9dfe0b
programs: sandbox a bunch of sane scripts
2024-02-19 16:51:53 +00:00
292a411fb3
linux-megous: 6.7.2 (20240127-1717) -> 6.7.4 (20240211-1928)
2024-02-19 16:37:11 +00:00
2d17826731
programs: eza: sandbox with bwrap instead of landlock
2024-02-19 15:32:40 +00:00
34dedcff57
modules/programs: sane-sandboxed: fix normPath handling of paths containing special characters like [
2024-02-19 15:32:23 +00:00
de297f22be
programs: split sane-scripts out of assorted.nix
2024-02-19 14:19:10 +00:00
4b47b76461
programs: sfeed: sandbox
2024-02-19 14:14:59 +00:00
3effd59c9b
xdg-desktop-portal-{gtk,wlr}: start via service manager, with ordered deps, instead of letting dbus activate it for us
...
that gets more reliable environment importing, etc
2024-02-19 13:44:23 +00:00
a3d0691d99
trivial-builders: add rmDbusServicesInPlace for when the symlink method isnt applicable
2024-02-19 13:43:22 +00:00
44647e0d36
programs: forkstat: sandbox
2024-02-19 13:15:15 +00:00
da1053d635
programs: configure auto-launching programs to only start *after* graphical-session.target
...
this ensures they really have their environment
2024-02-19 12:58:08 +00:00
273b1b84e3
systemd: reduce the stop job timeout
2024-02-19 12:58:08 +00:00
0b6b98bba6
sway: add a safeguard to catch if the systemd environ race condition is re-introduced
2024-02-19 12:58:08 +00:00
8886177c23
xdg-desktop-portal: fix it to find all the portal configs again
...
maybe i broke this when i simplified XDG_CONFIG_DIRS? not sure
2024-02-19 12:58:08 +00:00
7e343bfc05
sway: fix race condition around dbus/systemd environment importing
2024-02-19 10:52:51 +00:00
f72bdb6f3a
activationScripts: notify on deploy: fix to work with new SWAYSOCK name
2024-02-19 08:21:23 +00:00
5666a05ef0
strip out a bunch of unused nixpkgs defaults
2024-02-19 06:20:13 +00:00
05daf738fc
nixpkgs: 2024-02-17 -> 2024-02-18
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/6caa6affcc4774c81467ed08fa3ec35da40fd1d9' (2024-02-17)
→ 'github:nixos/nixpkgs/d076cde70cbceca9315a11bdc609ddfcec9dfbca' (2024-02-18)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/28d6a724f54085377102db7c3278ba82a0a5255f' (2024-02-17)
→ 'github:nixos/nixpkgs/9511a7b219df1f8d8f5c2a58c4870fde169fe397' (2024-02-18)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/48afd3264ec52bee85231a7122612e2c5202fa74' (2024-02-13)
→ 'github:Mic92/sops-nix/ffed177a9d2c685901781c3c6c9024ae0ffc252b' (2024-02-18)
• Updated input 'sops-nix/nixpkgs-stable':
'github:NixOS/nixpkgs/d8cd80616c8800feec0cab64331d7c3d5a1a6d98' (2024-02-10)
→ 'github:NixOS/nixpkgs/69405156cffbdf2be50153f13cbdf9a0bea38e49' (2024-02-17)
```
2024-02-18 19:05:04 +00:00
35b4cc779f
megapixels: switch to bwrap, to support Loupe image viewer
2024-02-18 18:46:37 +00:00
c7d111a318
megapixels: 1.7.0 -> 1.8.0
2024-02-18 18:27:47 +00:00
7e5eb6324d
megapixels: sandbox
...
it's iffy... 1.8.0 is released, which can be sandboxed w/o sys/dev/char or ~/.local/share/applications, but seems to be even flakier
2024-02-18 17:44:49 +00:00
95cb5624ca
modules/programs: sane-sandboxed: fix but that --sane-sandbox-path / wasnt being canonicalized
2024-02-18 13:53:53 +00:00
55c305812d
WIP: megapixels: sandbox
2024-02-18 13:53:18 +00:00
600f6eb56c
modules/programs: sane-sandboxed: remove all remaining forks/subshells
...
launchtime for firefox in bwrap is about 65ms; 35ms for --sane-sandbox-method none
2024-02-18 13:15:04 +00:00
fd6f8493a7
modules/programs: sane-sandboxed: remove all forking from normPath
...
reduces time for librewolf benchmark from 90ms -> 65ms. there's still _some_ forking in this script, but it's constant now.
2024-02-18 12:25:03 +00:00
f10f1ee7b1
modules/programs: sane-sandboxed: optimize "normPath" to not invoke subshells
...
each subshell causes like 5ms just on my laptop, which really adds up.
this implementation still forks internally, but doesn't exec.
runtime decreases from 150ms -> 90ms for
`time librewolf --sane-sandbox-replace-cli true`
2024-02-18 12:08:23 +00:00
67395bdcd3
programs: ship forkstat
2024-02-18 11:58:30 +00:00
90ceeede74
programs: flare-signal: disable (unused)
2024-02-18 07:07:29 +00:00
32a704b1b8
moby: disable unused "calls" program
...
i may have future use for it, but as-is currently it's not worth the difficulty of sandboxing
2024-02-18 07:07:29 +00:00