colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
6,197 Commits 125 Branches 1 Tag 19 MiB
7bb7a24b22
Commit Graph

22 Commits

Author SHA1 Message Date
Colin
43d32641f3 programs: buildCost: introduce a new level between min and light 2024-05-13 22:45:33 +00:00
Colin
4b22fd95bf introduce 'moby-min' host variant for the quickest deployment (no webkitgtk) 2024-04-13 20:29:24 +00:00
Colin
16ca71188f users/services: simplify the before/after/wantedBy criteria, to match s6 concepts 2024-03-21 17:16:11 +00:00
Colin
d2f6648bce users/services: refactor: replace ExecStart/ExecStopPost with command/cleanupCommand 
note that this completely breaks the systemd backend (though easily fixable if wanted)
 2024-03-21 17:16:11 +00:00
Colin
9b793ef4b8 programs: services: no need to fully-qualify paths anymore (s6 doesn't require) 2024-03-21 17:16:11 +00:00
Colin
1417497001 users/services: remove serviceConfig.Type option 2024-03-21 17:16:11 +00:00
Colin
9afd9725d1 users: services: remove no-longer-needed Restart and RestartSec options 2024-03-21 17:16:11 +00:00
Colin
40e30cf2f8 programs: make sandbox.wrapperType default to "wrappedDerivation" and remove everywhere i manually set that 2024-02-28 17:39:00 +00:00
Colin
da1053d635 programs: configure auto-launching programs to only start *after* graphical-session.target 
this ensures they really have their environment
 2024-02-19 12:58:08 +00:00
Colin
080bd856ec programs: sandboxing: only permit wayland socket access to those specific apps which require it 2024-02-14 01:49:49 +00:00
Colin
1a18ed533b programs: don't include dbus in the sandbox by default 2024-02-13 11:58:33 +00:00
Colin
c9af5bf9b4 programs: sandboxing: enable net isolation for most sandboxed programs 2024-02-08 21:51:32 +00:00
Colin
6151eee8d5 programs (assorted): fix wantedBy = "default.target" to be more specific 
now GUI apps aren't stuck in a restart loop until sway starts

in particular, signal-desktop can actually be autostarted
 2024-02-02 14:21:57 +00:00
Colin
db6ba61429 programs: sandbox more apps with wrapperType=wrappedDerivation 2024-01-29 13:45:57 +00:00
Colin
be06e61bfb programs: geary: fix sandboxing 
this is an UGLY one. geary itself uses bwrap, and that fails if it's sandboxed AT ALL in landlock (i.e. even with just / landlocked as RW).

maybe this has to do with what landlock-sandboxer considers 'read/write' to be, and there's actually more file ops i need to enable on /
 2024-01-27 11:28:08 +00:00
Colin
b03d7f7fb0 geary: test the firejail profile; it's not ready 2024-01-22 10:04:18 +00:00
Colin
4d2fecec13 geary: add my other email account 2023-11-27 07:56:26 +00:00
Colin
91c2f6fc95 implement sane.programs.slowToBuild and {moby,desko,lappy}-light targets 
i'm not sure this is the exact right abstraction, but it's a starting point
 2023-11-18 22:06:42 +00:00
Colin
3855fb5eb6 geary: integrate with swaync and auto-start 2023-11-14 00:39:24 +00:00
Colin
28d4a4b065 persistence: move stores behind a byStore attr to support disabling persistence altogether (for e.g. rescue image) 2023-11-08 15:33:15 +00:00
Colin
30486f4b4e geary: fix a typo 2023-10-24 10:29:40 +00:00
Colin
69ac75131c apps: add geary 2023-10-24 04:50:31 +00:00