colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
5,189 Commits 125 Branches 1 Tag 12 MiB
7e343bfc05
Commit Graph

5189 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Colin
7e343bfc05 sway: fix race condition around dbus/systemd environment importing 2024-02-19 10:52:51 +00:00
Colin
f72bdb6f3a activationScripts: notify on deploy: fix to work with new SWAYSOCK name 2024-02-19 08:21:23 +00:00
Colin
5666a05ef0 strip out a bunch of unused nixpkgs defaults 2024-02-19 06:20:13 +00:00
Colin
05daf738fc nixpkgs: 2024-02-17 -> 2024-02-18 
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/6caa6affcc4774c81467ed08fa3ec35da40fd1d9' (2024-02-17)
  → 'github:nixos/nixpkgs/d076cde70cbceca9315a11bdc609ddfcec9dfbca' (2024-02-18)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/28d6a724f54085377102db7c3278ba82a0a5255f' (2024-02-17)
  → 'github:nixos/nixpkgs/9511a7b219df1f8d8f5c2a58c4870fde169fe397' (2024-02-18)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/48afd3264ec52bee85231a7122612e2c5202fa74' (2024-02-13)
  → 'github:Mic92/sops-nix/ffed177a9d2c685901781c3c6c9024ae0ffc252b' (2024-02-18)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/d8cd80616c8800feec0cab64331d7c3d5a1a6d98' (2024-02-10)
  → 'github:NixOS/nixpkgs/69405156cffbdf2be50153f13cbdf9a0bea38e49' (2024-02-17)
```
 2024-02-18 19:05:04 +00:00
Colin
35b4cc779f megapixels: switch to bwrap, to support Loupe image viewer 2024-02-18 18:46:37 +00:00
Colin
c7d111a318 megapixels: 1.7.0 -> 1.8.0 2024-02-18 18:27:47 +00:00
Colin
7e5eb6324d megapixels: sandbox 
it's iffy... 1.8.0 is released, which can be sandboxed w/o sys/dev/char or ~/.local/share/applications, but seems to be even flakier
 2024-02-18 17:44:49 +00:00
Colin
95cb5624ca modules/programs: sane-sandboxed: fix but that --sane-sandbox-path / wasnt being canonicalized 2024-02-18 13:53:53 +00:00
Colin
55c305812d WIP: megapixels: sandbox 2024-02-18 13:53:18 +00:00
Colin
600f6eb56c modules/programs: sane-sandboxed: remove all remaining forks/subshells 
launchtime for firefox in bwrap is about 65ms; 35ms for --sane-sandbox-method none
 2024-02-18 13:15:04 +00:00
Colin
fd6f8493a7 modules/programs: sane-sandboxed: remove all forking from normPath 
reduces time for librewolf benchmark from 90ms -> 65ms. there's still _some_ forking in this script, but it's constant now.
 2024-02-18 12:25:03 +00:00
Colin
f10f1ee7b1 modules/programs: sane-sandboxed: optimize "normPath" to not invoke subshells 
each subshell causes like 5ms just on my laptop, which really adds up.
this implementation still forks internally, but doesn't exec.
runtime decreases from 150ms -> 90ms for
`time librewolf --sane-sandbox-replace-cli true`
 2024-02-18 12:08:23 +00:00
Colin
67395bdcd3 programs: ship forkstat 2024-02-18 11:58:30 +00:00
Colin
90ceeede74 programs: flare-signal: disable (unused) 2024-02-18 07:07:29 +00:00
Colin
32a704b1b8 moby: disable unused "calls" program 
i may have future use for it, but as-is currently it's not worth the difficulty of sandboxing
 2024-02-18 07:07:29 +00:00
Colin
a591be98d4 programs: portfolio-filemanager: sandbox 2024-02-18 07:07:29 +00:00
Colin
82e028e37d programs: nautilus: assign a mime priority 2024-02-18 07:07:29 +00:00
Colin
a531676d0d mime: include an error message when two file associations have identical mime priority 2024-02-18 07:07:29 +00:00
Colin
7f7543ee78 programs: planify: sandbox 2024-02-18 07:07:29 +00:00
Colin
8d0e3e0db3 programs: notejot: sandbox 2024-02-18 07:07:29 +00:00
Colin
bf352d184c programs: tangram: sandbox 2024-02-18 07:07:29 +00:00
Colin
81a6600f54 programs: xarchiver: sandbox 2024-02-18 07:07:29 +00:00
Colin
9fde167e71 firefox-extensions.open-in-mpv: build from source 
this ensures that the extension and the native component stay in sync
 2024-02-18 06:14:49 +00:00
Colin
4e180e11df open-in-mpv: update the non-browser component to 2.2.0 
i _suppose_ i should keep these in sync... hmm
 2024-02-18 06:02:00 +00:00
Colin
902166e45a sxmo-utils: 2024-01-01 -> 2024-02-05 2024-02-18 04:57:20 +00:00
Colin
797bc4e188 delfin: 0.3.0 -> 0.4.0 
i can't upstream this until i figure out why both versions fail to open media for me (portal stuff?)
 2024-02-18 04:54:35 +00:00
Colin
536f0aedc3 open-in-mpv: remove my patch which has been upstreamed, previously required to use xdg-open 2024-02-18 04:52:27 +00:00
Colin
b855df902f firefox-extensions: metamask,open-in-mpv,sponsorblock,ublacklist: update to latest 2024-02-18 04:50:03 +00:00
Colin
80ce49c579 firefox-extensions.bypass-paywalls-clean: 3.5.3.0 -> 3.5.5.0 2024-02-18 04:49:18 +00:00
Colin
408059420d snippets: prefer the repology link which specifically shows my outdated packages 2024-02-18 04:15:05 +00:00
Colin
a3102c9395 pkgs overlay: prefer my own packages, if theyre newer than whats in nixpkgs 
this gives me an easier way to test updates for the packages i maintain than a workflow based on patching nixpkgs
 2024-02-18 04:07:23 +00:00
Colin
6760fcf1f4 snippets: remove home-manager; add repology 2024-02-18 03:43:32 +00:00
Colin
a90898491e flake: fix "preDeploy" action mishandling null 2024-02-18 01:24:05 +00:00
Colin
059940d8e7 nixpkgs: 2024-02-16 -> 2024-02-17 
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/0ec5bef772dc12003df7a55f7be1f7b8809f8b48' (2024-02-16)
  → 'github:nixos/nixpkgs/6caa6affcc4774c81467ed08fa3ec35da40fd1d9' (2024-02-17)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/1225df86908f6f5b23553e9d77da4df4bfdd58ef' (2024-02-16)
  → 'github:nixos/nixpkgs/28d6a724f54085377102db7c3278ba82a0a5255f' (2024-02-17)
```
 2024-02-17 17:18:38 +00:00
Colin
98aafead94 programs: wob: add missing "coreutils" dep 
it *should* be acquired via user's PATH, but wob-pulse can start before sway imports PATH to systemd
 2024-02-17 16:38:22 +00:00
Colin
cef2591425 modules/programs: sane-sandboxed: capshonly/landlock: don't request capabilities we know won't be granted 2024-02-17 16:30:18 +00:00
Colin
f8663cd827 programs: monero-gui: sandbox 2024-02-17 16:06:58 +00:00
Colin
af1ee1734d programs: wireguard-tools: sandbox 2024-02-17 15:54:16 +00:00
Colin
5375cab716 programs: ntfy-sh: sandbox 2024-02-17 15:47:47 +00:00
Colin
162b3f5674 imagemagick: don't add 'ghostscript' package to path 2024-02-17 15:45:50 +00:00
Colin
a729f91d21 programs: jq: add working sandbox criteria, but don't enable yet 
i need to handle the extremely common `cat foo | jq .` without adding
`.` to the sandbox
 2024-02-17 15:36:41 +00:00
Colin
a273b559e2 programs: gnome-disk-utility: sandbox 2024-02-17 15:36:28 +00:00
Colin
785b375671 programs: smartmontools (smartctl): sandbox 2024-02-17 15:36:13 +00:00
Colin
24cba0c856 programs: xq: remove 2024-02-17 15:30:23 +00:00
Colin
df1db5d01c programs: sox: sandbox 2024-02-17 15:27:22 +00:00
Colin
6749b64bca programs: nautilus: add mounted media to the sandbox 2024-02-17 15:26:49 +00:00
Colin
d3e4bdfcd5 programs: gdisk: fix sandboxing 2024-02-17 15:26:16 +00:00
Colin
799cd4373f programs: socat: disable 2024-02-17 15:11:12 +00:00
Colin
2efa6d1e27 programs: mepo: sandbox 2024-02-17 15:08:21 +00:00
Colin
a1470956a5 programs: gdisk: sandbox 2024-02-17 14:57:33 +00:00