8052f62796
programs: sane-wipe browser: also clear epiphany artifacts
2024-02-05 16:31:19 +00:00
413903d03c
make-sandboxed: also embed profiles for the withEmbeddedSandboxer passthru pkg
2024-02-05 08:26:40 +00:00
6d1eae2200
programs: gnome-2048: sandbox with bwrap
2024-02-05 08:26:06 +00:00
4d51c34ad2
programs: allow sane.strictSandboxing = "warn"
2024-02-05 05:28:02 +00:00
bc50a8c489
nixpkgs: 2024-02-03 -> 2024-02-04; sops-nix -> 2024-02-04
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/94db8d8c016a54feeaaf2643e2ce42bf4cc29286' (2024-02-03)
→ 'github:nixos/nixpkgs/259981b0af5c285bb3cc7146de1da1b5af92236d' (2024-02-04)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/79a13f1437e149dc7be2d1290c74d378dad60814' (2024-02-03)
→ 'github:nixos/nixpkgs/2be0b5db83fbea4a838f753994e8ebd35af91968' (2024-02-04)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/73bf36912e31a6b21af6e0f39218e067283c67ef' (2024-01-28)
→ 'github:Mic92/sops-nix/23f61b897c00b66855074db471ba016e0cda20dd' (2024-02-04)
```
2024-02-04 22:55:03 +00:00
ee8e33b795
koreader: remove dead patching code
...
it still builds (in 3:00 minutes), huh
2024-02-04 22:08:12 +00:00
8afb6406a1
koreader: remove dead code/build inputs
2024-02-04 22:02:03 +00:00
7ac1ee66ad
koreader: use nixpkgs' luasocket and luasec
2024-02-04 21:30:30 +00:00
8a47eb92ed
koreader: use nixpkgs' lua-rapidjson
2024-02-04 21:30:30 +00:00
b87934d5f8
koreader: use nixpkgs lpeg and remove vendor-external-projects.patch
2024-02-04 20:37:10 +00:00
293eab8225
koreader: use modern openssl
2024-02-04 20:05:02 +00:00
abdbb83e10
koreader: replace vendored dependencies with their nixpkgs equivalents much more effectively
...
the old method was still causing everything to be re-compiled within koreader, rather than linking against the nix store.
decreases build time to about 3m on a desktop
2024-02-04 19:39:32 +00:00
4a96fa233a
koreader: 2023.10 -> 2024.01
2024-02-04 02:51:27 +00:00
4bd73ddca3
koreader-from-src: build even more from source
2024-02-03 23:58:41 +00:00
dc74bca06a
programs: vim: add private/knowledge to sandbox
2024-02-03 23:53:53 +00:00
42523b75a8
programs: gdb: disable sandboxing
2024-02-03 23:53:34 +00:00
79736a4a0a
koreader-from-src: tidy
2024-02-03 16:30:03 +00:00
111946eb1d
programs: vim, imagemagick: fix sandboxing to consider uncreated files
2024-02-03 14:07:53 +00:00
09f3bfc944
flake: make "nix run .#deploy" deploy to all hosts
2024-02-03 02:55:13 +00:00
b8fc75ebd6
nixpkgs: 2024-02-02 -> 2024-02-03
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/1bfd22b6448ac4d407510bd37fe16d87a9dcb41b' (2024-02-02)
→ 'github:nixos/nixpkgs/94db8d8c016a54feeaaf2643e2ce42bf4cc29286' (2024-02-03)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/eef63ea04722d812a09a5974ed18c9761088a6e1' (2024-02-02)
→ 'github:nixos/nixpkgs/79a13f1437e149dc7be2d1290c74d378dad60814' (2024-02-03)
```
2024-02-03 02:15:09 +00:00
8de015f098
flake: preDeploy: fix host/addr mixup
2024-02-03 02:15:05 +00:00
6da85f6d8f
flake: add a preDeploy target
2024-02-03 02:04:41 +00:00
2dc6da476b
flake: deploy app: remove the last call to nixos-rebuild
2024-02-03 01:42:54 +00:00
453f40d0a8
flake: sync photos from moby with "nix run .#sync.moby"
2024-02-03 00:54:04 +00:00
14b20fd9c2
programs: komikku: fix sandboxing
2024-02-03 00:52:17 +00:00
2df1b20f02
programs: epiphany: simplify the sandboxing
2024-02-03 00:44:23 +00:00
56e7e9a7cc
remove unused "default.nix.cmp" file
...
should have never been checked in
2024-02-03 00:18:33 +00:00
2f9fad503c
programs: fix sandboxing errors for programs which create files (notably: ffmpeg)
2024-02-03 00:17:54 +00:00
3439ca34b8
sane-sandboxed: add more autodetect options, and a "withEmbeddedSandboxer" package output (for dev)
2024-02-03 00:17:24 +00:00
24e6e6cacc
firefox-extensions.sidebery: downgrade 5.1.1 -> 5.0.0
...
release format is inconsistent; would need to build from-source to reliably use the latest version(s)
2024-02-02 23:26:14 +00:00
0ee9f2026c
sane-sandboxed: hopefully fix a problem with path normalization for paths with spaces
2024-02-02 22:56:43 +00:00
5e3c2636db
programs: make-sandboxed: handle packages which use relative links in bin (like spotify)
2024-02-02 22:38:36 +00:00
cd0a046776
dovecot: remove dead code
2024-02-02 20:47:55 +00:00
27edee0bbf
dovecot2: fix sieves
2024-02-02 20:47:20 +00:00
56734fe5da
mpv: add /dev/dri to the sandbox
2024-02-02 19:18:30 +00:00
832a572d56
firefox-extensions: bump to latest
2024-02-02 19:17:04 +00:00
3c96f6d418
programs: koreader: enable DRI in the sandbox, and use wrappedDerivation
2024-02-02 17:22:57 +00:00
86b23e8183
programs: fractal: enable DRI in sandbox
2024-02-02 17:19:35 +00:00
2bb9115f35
modules/programs: sandboxing: add "whitelistDri" option for gfx-intensive apps
2024-02-02 17:18:51 +00:00
065d045640
fix so sway inherits program env vars
2024-02-02 15:36:06 +00:00
d3eaa69261
lappy/desko: auto-start signal-desktop
2024-02-02 14:22:08 +00:00
6151eee8d5
programs (assorted): fix wantedBy = "default.target" to be more specific
...
now GUI apps aren't stuck in a restart loop until sway starts
in particular, signal-desktop can actually be autostarted
2024-02-02 14:21:57 +00:00
483a1d1780
sway: signal on launch to systemd that the graphical-session.target is ready
...
this allows auto-launching of other services which require a compositor (i.e. messaging apps)
2024-02-02 14:20:30 +00:00
567c7993b6
modules/programs: sandbox: allow mimeo config in any sandbox
2024-02-02 12:52:36 +00:00
f6eeab5650
nixpkgs: 2024-02-01 -> 2024-02-02
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/06002f375e1d20f1481abcb696a50f232202e7ac' (2024-02-01)
→ 'github:nixos/nixpkgs/1bfd22b6448ac4d407510bd37fe16d87a9dcb41b' (2024-02-02)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/fbba9b8f0b6364928f60ef1b97e686b569cdb64e' (2024-02-01)
→ 'github:nixos/nixpkgs/eef63ea04722d812a09a5974ed18c9761088a6e1' (2024-02-02)
```
2024-02-02 01:07:32 +00:00
2824671bde
tune nix deploy parameters (specifically for moby)
...
this is experimental; hard to understand immediately how significant are the effects
2024-02-02 00:50:25 +00:00
efcaef2c35
lappy/desko/servo: downgrade kernel 6.7 -> 6.6 (latest supported by zfs)
2024-02-01 16:21:46 +00:00
25707eb79e
servo: address deprecation warning: dovecot2.sieveScripts -> sieve.scripts
2024-02-01 15:47:56 +00:00
18679cd8c3
fix deprecation warnings: overrideScope' -> overrideScope
2024-02-01 15:44:46 +00:00
09923b60ea
moby: disable desko as nixcache
2024-02-01 15:41:43 +00:00