16ca71188f
users/services: simplify the before/after/wantedBy criteria, to match s6 concepts
2024-03-21 17:16:11 +00:00
d2f6648bce
users/services: refactor: replace ExecStart/ExecStopPost with command/cleanupCommand
...
note that this completely breaks the systemd backend (though easily fixable if wanted)
2024-03-21 17:16:11 +00:00
9b793ef4b8
programs: services: no need to fully-qualify paths anymore (s6 doesn't require)
2024-03-21 17:16:11 +00:00
1417497001
users/services: remove serviceConfig.Type option
2024-03-21 17:16:11 +00:00
9afd9725d1
users: services: remove no-longer-needed Restart
and RestartSec
options
2024-03-21 17:16:11 +00:00
40e30cf2f8
programs: make sandbox.wrapperType default to "wrappedDerivation" and remove everywhere i manually set that
2024-02-28 17:39:00 +00:00
da1053d635
programs: configure auto-launching programs to only start *after* graphical-session.target
...
this ensures they really have their environment
2024-02-19 12:58:08 +00:00
080bd856ec
programs: sandboxing: only permit wayland socket access to those specific apps which require it
2024-02-14 01:49:49 +00:00
1a18ed533b
programs: don't include dbus in the sandbox by default
2024-02-13 11:58:33 +00:00
c9af5bf9b4
programs: sandboxing: enable net isolation for most sandboxed programs
2024-02-08 21:51:32 +00:00
6151eee8d5
programs (assorted): fix wantedBy = "default.target" to be more specific
...
now GUI apps aren't stuck in a restart loop until sway starts
in particular, signal-desktop can actually be autostarted
2024-02-02 14:21:57 +00:00
db6ba61429
programs: sandbox more apps with wrapperType=wrappedDerivation
2024-01-29 13:45:57 +00:00
be06e61bfb
programs: geary: fix sandboxing
...
this is an UGLY one. geary itself uses bwrap, and that fails if it's sandboxed AT ALL in landlock (i.e. even with just / landlocked as RW).
maybe this has to do with what landlock-sandboxer considers 'read/write' to be, and there's actually more file ops i need to enable on /
2024-01-27 11:28:08 +00:00
b03d7f7fb0
geary: test the firejail profile; it's not ready
2024-01-22 10:04:18 +00:00
4d2fecec13
geary: add my other email account
2023-11-27 07:56:26 +00:00
91c2f6fc95
implement sane.programs.slowToBuild and {moby,desko,lappy}-light targets
...
i'm not sure this is the exact right abstraction, but it's a starting point
2023-11-18 22:06:42 +00:00
3855fb5eb6
geary: integrate with swaync and auto-start
2023-11-14 00:39:24 +00:00
28d4a4b065
persistence: move stores behind a byStore attr to support disabling persistence altogether (for e.g. rescue image)
2023-11-08 15:33:15 +00:00
30486f4b4e
geary: fix a typo
2023-10-24 10:29:40 +00:00
69ac75131c
apps: add geary
2023-10-24 04:50:31 +00:00