colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
4,915 Commits 125 Branches 1 Tag 12 MiB
7b9f54dd54
Commit Graph

4915 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Colin
7b9f54dd54 programs: superTux: sandbox with bwrap 2024-02-06 01:16:36 +00:00
Colin
bda932c3df programs: supertuxkart: sandbox with bwrap 2024-02-06 01:10:39 +00:00
Colin
3f96f4af82 sway: refer to fewer programs in the config by absolute path 
this aids in sandboxing and swapping stuff in/out at runtime
 2024-02-05 23:40:18 +00:00
Colin
1c4e2f97fe swaylock: mark sandboxing as unsupported 2024-02-05 23:36:35 +00:00
Colin
594a729968 feeds: remove balaji 2024-02-05 22:48:09 +00:00
Colin
5c8bb55cec todo.md: better sandboxing around /mnt/servo-media 2024-02-05 22:33:42 +00:00
Colin
6eb2a3d67f programs: handbrake: sandbox with bwrap 2024-02-05 22:28:15 +00:00
Colin
ddc41bc9d8 programs: pavucontrol/pwvucontrol: sandbox with bwrap 2024-02-05 22:15:48 +00:00
Colin
7d833ebf76 programs: kdenlive: sandbox with bwrap 2024-02-05 22:07:37 +00:00
Colin
bfc0eadfaa programs: hitori: sandbox with bwrap 2024-02-05 21:52:57 +00:00
Colin
ff1cbcc16b programs: gnome-clocks,gnome-calendar: sandbox with bwrap 2024-02-05 21:46:27 +00:00
Colin
fd81e35c31 todo.md: package blurble game! 2024-02-05 21:46:09 +00:00
Colin
9a8d8a20bd programs: frozen-bubble: persist data and sandbox with bwrap 2024-02-05 21:32:58 +00:00
Colin
cd1d22e7b9 programs: gnome-calculator: sandbox with bwrap 2024-02-05 20:58:38 +00:00
Colin
2c0e93826d programs: gimp: sandbox with bwrap 2024-02-05 20:53:05 +00:00
Colin
cab346f3ad programs: delfin: sandbox with bwrap 2024-02-05 20:44:47 +00:00
Colin
568a72f6a4 gpodder-configured: remove unused derivation inputs 2024-02-05 20:22:27 +00:00
Colin
a2decaff9c programs: bemenu: sandbox with landlock 2024-02-05 18:41:52 +00:00
Colin
23411ed973 todo.md: make dconf stuff less monolithic 2024-02-05 18:33:03 +00:00
Colin
8ef9f7a485 epiphany: persist dconf settings; reduce sandboxer errors 2024-02-05 18:31:38 +00:00
Colin
12846732b9 programs: blanket: sandbox with bwrap 2024-02-05 18:26:21 +00:00
Colin
e84079e84c programs: firefox: allow sandbox access to ~/dev 2024-02-05 18:17:49 +00:00
Colin
45ffd9246d programs: brave: sandbox with bwrap 2024-02-05 18:17:28 +00:00
Colin
ed3935318d feeds: subscribe to non-paywalled Matt Levine 2024-02-05 16:41:38 +00:00
Colin
8052f62796 programs: sane-wipe browser: also clear epiphany artifacts 2024-02-05 16:31:19 +00:00
Colin
413903d03c make-sandboxed: also embed profiles for the withEmbeddedSandboxer passthru pkg 2024-02-05 08:26:40 +00:00
Colin
6d1eae2200 programs: gnome-2048: sandbox with bwrap 2024-02-05 08:26:06 +00:00
Colin
4d51c34ad2 programs: allow sane.strictSandboxing = "warn" 2024-02-05 05:28:02 +00:00
Colin
bc50a8c489 nixpkgs: 2024-02-03 -> 2024-02-04; sops-nix -> 2024-02-04 
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/94db8d8c016a54feeaaf2643e2ce42bf4cc29286' (2024-02-03)
  → 'github:nixos/nixpkgs/259981b0af5c285bb3cc7146de1da1b5af92236d' (2024-02-04)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/79a13f1437e149dc7be2d1290c74d378dad60814' (2024-02-03)
  → 'github:nixos/nixpkgs/2be0b5db83fbea4a838f753994e8ebd35af91968' (2024-02-04)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/73bf36912e31a6b21af6e0f39218e067283c67ef' (2024-01-28)
  → 'github:Mic92/sops-nix/23f61b897c00b66855074db471ba016e0cda20dd' (2024-02-04)
```
 2024-02-04 22:55:03 +00:00
Colin
ee8e33b795 koreader: remove dead patching code 
it still builds (in 3:00 minutes), huh
 2024-02-04 22:08:12 +00:00
Colin
8afb6406a1 koreader: remove dead code/build inputs 2024-02-04 22:02:03 +00:00
Colin
7ac1ee66ad koreader: use nixpkgs' luasocket and luasec 2024-02-04 21:30:30 +00:00
Colin
8a47eb92ed koreader: use nixpkgs' lua-rapidjson 2024-02-04 21:30:30 +00:00
Colin
b87934d5f8 koreader: use nixpkgs lpeg and remove vendor-external-projects.patch 2024-02-04 20:37:10 +00:00
Colin
293eab8225 koreader: use modern openssl 2024-02-04 20:05:02 +00:00
Colin
abdbb83e10 koreader: replace vendored dependencies with their nixpkgs equivalents much more effectively 
the old method was still causing everything to be re-compiled within koreader, rather than linking against the nix store.

decreases build time to about 3m on a desktop
 2024-02-04 19:39:32 +00:00
Colin
4a96fa233a koreader: 2023.10 -> 2024.01 2024-02-04 02:51:27 +00:00
Colin
4bd73ddca3 koreader-from-src: build even more from source 2024-02-03 23:58:41 +00:00
Colin
dc74bca06a programs: vim: add private/knowledge to sandbox 2024-02-03 23:53:53 +00:00
Colin
42523b75a8 programs: gdb: disable sandboxing 2024-02-03 23:53:34 +00:00
Colin
79736a4a0a koreader-from-src: tidy 2024-02-03 16:30:03 +00:00
Colin
111946eb1d programs: vim, imagemagick: fix sandboxing to consider uncreated files 2024-02-03 14:07:53 +00:00
Colin
09f3bfc944 flake: make "nix run .#deploy" deploy to all hosts 2024-02-03 02:55:13 +00:00
Colin
b8fc75ebd6 nixpkgs: 2024-02-02 -> 2024-02-03 
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/1bfd22b6448ac4d407510bd37fe16d87a9dcb41b' (2024-02-02)
  → 'github:nixos/nixpkgs/94db8d8c016a54feeaaf2643e2ce42bf4cc29286' (2024-02-03)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/eef63ea04722d812a09a5974ed18c9761088a6e1' (2024-02-02)
  → 'github:nixos/nixpkgs/79a13f1437e149dc7be2d1290c74d378dad60814' (2024-02-03)
```
 2024-02-03 02:15:09 +00:00
Colin
8de015f098 flake: preDeploy: fix host/addr mixup 2024-02-03 02:15:05 +00:00
Colin
6da85f6d8f flake: add a preDeploy target 2024-02-03 02:04:41 +00:00
Colin
2dc6da476b flake: deploy app: remove the last call to nixos-rebuild 2024-02-03 01:42:54 +00:00
Colin
453f40d0a8 flake: sync photos from moby with "nix run .#sync.moby" 2024-02-03 00:54:04 +00:00
Colin
14b20fd9c2 programs: komikku: fix sandboxing 2024-02-03 00:52:17 +00:00
Colin
2df1b20f02 programs: epiphany: simplify the sandboxing 2024-02-03 00:44:23 +00:00