colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
6,477 Commits 125 Branches 1 Tag 13 MiB
83404f6769
Commit Graph

182 Commits

Author SHA1 Message Date
Colin
e4bcbab224 hosts: networking: switch to using nixos NetworkManager/ModemManager/etc, just patched for hardening 2024-06-02 11:22:03 +00:00
Colin
8657cf1fcf ship ausyscall binary 2024-06-01 12:17:08 +00:00
Colin
05986d363d brightnessctl: fix udev rules so i can run it again 2024-06-01 12:02:24 +00:00
Colin
539d9e45a2 networkmanager/modemmanager: ship separate packages for the daemon and CLI tools 
they require fundamentally different sandboxing approaches. the daemon *can't* always use bwrap if it wants to run as non-root. meanwhile the CLI tools would mostly *prefer* to run under bwrap.

in the long term i'll maybe upstream the systemd sandboxing into nixpkgs, where there looks to be desire for it
 2024-05-31 23:26:16 +00:00
Colin
2789868703 seatd: split out of sway conf 2024-05-29 16:22:52 +00:00
Colin
c570b7bf5d dbus: manage it ourselves instead of having systemd do it 2024-05-29 11:30:33 +00:00
Colin
95dc395925 hosts/modules/gui/theme: lift my sway background up into its own package 2024-05-28 15:48:37 +00:00
Colin
2ee39ca0cc poly_unfill: remove /run/wrappers/bin/unix_chkpwd 
non-privileged users don't need to check passwords

well, maybe they do (for desktop unlockers), but i've already solved that :)
 2024-05-26 06:37:59 +00:00
Colin
b035d312aa firejail: purge 2024-05-25 10:21:31 +00:00
Colin
5619bb3334 pkgs: ship gst-device-monitor binary 2024-05-19 10:40:15 +00:00
Colin
1b24bd50f9 errno: ship 2024-05-19 00:21:30 +00:00
Colin
c987f13ef0 calls: split callaudiod out and run it manually 2024-05-18 07:14:42 +00:00
Colin
adfaa7f9c1 sane-sandboxed -> sanebox 2024-05-15 01:41:40 +00:00
Colin
3557994cbb gnome-clocks: fix sound an sandboxing artifacts 2024-05-14 01:21:37 +00:00
Colin
eadf85f66d sane-open: associate as the default launcher for .desktop files 2024-05-12 17:41:00 +00:00
Colin
a1625ea41d programs: ship zulip 2024-05-04 08:28:48 +00:00
Colin
4ce951bbed wpa_supplicant: re-enable 2024-04-27 10:34:25 +00:00
Colin
f784550b9b networkmanager: migrate from nixpkgs service to my own 2024-04-27 09:51:55 +00:00
Colin
1f2bbd4aec refactor: split modemmanager stuff into own file 2024-04-27 08:32:15 +00:00
Colin
19115dfb65 eg25-control: port to s6 (hopefully) 2024-04-26 21:44:13 +00:00
Colin
9481131daf pipewire: sandbox with landlock (so that rtkit integration works) and split rtkit into own file 2024-04-23 09:08:05 +00:00
Colin
a59a7b5346 feeds: podcasts: add Tech Tales 2024-04-19 21:46:03 +00:00
Colin
de2c3a30ff programs: ship lftp ftp client 2024-04-18 04:17:10 +00:00
Colin
0385c09f23 sane-sandboxed: split out into an actual package 2024-04-15 18:57:22 +00:00
Colin
feb36d19ac programs: ship cups 2024-04-14 03:33:55 +00:00
Colin
dd58ba8b00 gvfs: enable as part of nautilus, not sway 2024-04-13 20:29:24 +00:00
Colin
0a888e205e programs: ship objdump 2024-04-13 20:29:24 +00:00
Colin
907933612d htop: statically populate config 2024-04-06 23:41:59 +00:00
Colin
1c2a375b6d common/fs: split curlftpfs into sane.programs 
this makes it easier to build outside of /etc/fstab context, and opens a future path to sandboxing
 2024-04-01 00:50:14 +00:00
Colin
f680a4a25c engrampa: patch the package via sane.programs, not nixpkgs overlay 2024-03-24 07:44:30 +00:00
Colin
5b83d4d944 s6-rc: patch to use /run/user/$id/s6 as the default live dir 2024-03-23 20:52:42 +00:00
Colin
d199e9df99 programs: wob (and wob-audio): remove 
i don't use it, and its service file was no longer compatible with s6 (it used 'environment')
 2024-03-21 17:16:11 +00:00
Colin
0a6b0cbec7 gtkcord4: rename to dissent 2024-03-21 17:16:01 +00:00
Colin
23b87a283a swaync: move to own directory 2024-03-13 08:17:14 +00:00
Colin
bf953fbdb5 mpv: move to own dir 2024-03-12 03:27:20 +00:00
Colin
c1edf96ce0 blast-ugjka: introduce a helper blast-to-default program 2024-03-11 11:43:29 +00:00
Colin
9f8e42ef92 fcitx5: enable 2024-03-11 07:44:21 +00:00
Colin
180a217744 cleanup: remove unnecessary config = { ... } scope 2024-03-11 04:31:11 +00:00
Colin
f8797a77ff blast: ship it! 
TODO: integrate into mpv :)
 2024-03-10 04:09:34 +00:00
Colin
df98ef30e0 sysvol: integrate as a service (sane.programs) 2024-03-08 11:53:13 +00:00
Colin
7281b94e23 deadd-notification-center: add to sane.programs 
this is the bare, nearly-default config. i may come back to this,
or explore fixing swaync up into shape. deadd looks possibly a bit more
limited; needs much more effort to style.
 2024-03-08 04:06:18 +00:00
Colin
1d0458ab10 schlock: ship as sane.programs 2024-03-07 10:10:39 +00:00
Colin
bd27f3a015 swayidle: enable; pair with swaylock 2024-03-06 20:55:01 +00:00
Colin
a7567dfbe6 ship celeste64 2024-03-06 04:56:39 +00:00
Colin
bc0660b623 PDF viewer: evince -> zathura 2024-03-06 04:51:01 +00:00
Colin
d43cc6c61c alsa-ucm-conf: fold the Pinephone patches into sane.programs.alsa-ucm-conf & distribute to all hosts 2024-03-05 00:28:07 +00:00
Colin
6b45589e54 wireplumber: ensure ALSA_UCM_CONF2 env var is on PATH 
this is critical for pipewire/wireplumber to work on moby
 2024-03-03 04:43:11 +00:00
Colin
a7bd831ad8 sane-screenshot: port to sane.programs 2024-03-02 06:14:05 +00:00
Colin
083f743c1f remove nixpkgs less defaults and manage PAGER myself 
this lets me avoid the lesspipe cross failures, notably
 2024-02-29 15:18:51 +00:00
Colin
6253d1799a port sxmo_hook_inputhandler.sh -> sane-input-handler 
this one can run outside the SXMO environment.
major thing missing at the moment is that rofi doesn't get volume
control inputs because bonsai out-competes it for exclusive control.
 2024-02-29 01:26:38 +00:00