86adc38537
zsh: fix switch
alias for a post-flake world
2024-06-12 08:29:08 +00:00
63f3b8e89b
handbrake: disable until i fix the build
2024-06-12 07:40:29 +00:00
9fc4119275
mesa-demos: deploy
2024-06-12 07:11:41 +00:00
ec29ec76f0
swayidle: fix that input events werent suppressed during screen-off
2024-06-09 18:36:57 +00:00
0f97e3d7ed
sane-input-handler: fix that input events werent suppressed during screen-off
...
note that this doesn't fix input gating during the
screenoff-after-inactivity case.
2024-06-09 18:28:31 +00:00
b24b68a6bd
mpv: switch to mainline mpv
2024-06-09 06:48:43 +00:00
cb32dc99cd
sysvol: fix background transparency
2024-06-09 01:50:39 +00:00
502c9d1db3
nixpkgs: 24.05-unstable-2024-06-xx -> 24.05-unstable-2024-06-08
2024-06-09 00:48:52 +00:00
6b8371c32b
nixpkgs-wayland: import by fetchFromGitHub instead of via flake
2024-06-07 21:29:45 +00:00
50450fe7fe
brave: fix eval error on armv7l
2024-06-07 07:32:24 +00:00
8807140c83
neovim: fix cross to armv7l
2024-06-07 07:31:44 +00:00
d8fed884d0
programs: steam: move from pcGuiApps -> pcGameApps
2024-06-07 07:30:56 +00:00
7e32fab5d4
refactor: moby: split more stuff out of the toplevel config and hide behind roles/etc
2024-06-04 15:58:51 +00:00
e4bcbab224
hosts: networking: switch to using nixos NetworkManager/ModemManager/etc, just patched for hardening
2024-06-02 11:22:03 +00:00
1b85aa0441
networkmanager/modemmanager: get closer to nixpkgs upstream
...
i've seen enough, that there's a path toward getting nixos proper to sandbox this in a way i'm happy with -- in time
2024-06-02 08:56:38 +00:00
f5e5d1bcc4
networkmanager: fix polkit integrations when running not as root
...
now nmcli/etc work
2024-06-02 05:10:11 +00:00
30d41f82f2
refactor: networkmanager: use substitute
instead of sed
when patching
2024-06-01 22:16:18 +00:00
53bbd611da
nixpkgs-review: persist the ~/.cache/nixpkgs-review directory
2024-06-01 17:15:54 +00:00
6fe3d26b30
modemmanager: fix missing mmcli
binary in service definition
2024-06-01 15:41:14 +00:00
8340cf059f
nixpkgs-review: fix sandboxing
2024-06-01 15:26:23 +00:00
e0da3ece60
errno: simplify
2024-06-01 14:48:55 +00:00
8ea379d53b
errno: ship on all platforms
2024-06-01 14:04:45 +00:00
c7dd49af91
errno: fix cross compilation by not building *all* of moreutils
2024-06-01 14:03:59 +00:00
8657cf1fcf
ship ausyscall
binary
2024-06-01 12:17:08 +00:00
e3e86a43a9
brightnessctl: disable unused dbus access
2024-06-01 12:09:51 +00:00
05986d363d
brightnessctl: fix udev rules so i can run it again
2024-06-01 12:02:24 +00:00
539d9e45a2
networkmanager/modemmanager: ship separate packages for the daemon and CLI tools
...
they require fundamentally different sandboxing approaches. the daemon *can't* always use bwrap if it wants to run as non-root. meanwhile the CLI tools would mostly *prefer* to run under bwrap.
in the long term i'll maybe upstream the systemd sandboxing into nixpkgs, where there looks to be desire for it
2024-05-31 23:26:16 +00:00
326bf045b0
networkmanager/wpa_supplicant: switch user back to "networkmanager"
...
root gives too much power, even with bwrap/namespaces
2024-05-31 23:26:16 +00:00
a1181a10ea
networkmanager: install parallel dbus .conf files to allow the services to be run as *either* networkmanager or root user (hopefully!)
2024-05-31 23:26:16 +00:00
9bb6a903bb
wpa_supplicant: get it to run under bwrap
2024-05-31 23:26:16 +00:00
214f963d89
networkmanager: run all services as root instead of networkmanager user
...
i believe this may allow using bwrap instead of landlock
2024-05-31 23:26:16 +00:00
07aec3ca3c
apps: explain why i ship both engrampa and xarchiver archive managers
2024-05-31 08:39:23 +00:00
c7fd3d2217
nixpkgs: 2024-05-26 -> 2024-05-31, nixpkgs-wayland -> 2024-05-31
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/2baa940f86e1fc54757fd7d1ed551c0a38904bf2' (2024-05-26)
→ 'github:nixos/nixpkgs/d3d81af60c22e9e93a3930a9630b210362341ab9' (2024-05-31)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/7780e5160e011b39019797a4c4b1a4babc80d1bf' (2024-05-26)
→ 'github:nixos/nixpkgs/4e60a4d94bdc1abafeefc1928aa3cda6ce6c4210' (2024-05-31)
• Updated input 'nixpkgs-wayland':
'github:nix-community/nixpkgs-wayland/397c85d463aef789a8dd24c4db467e9ad787907b' (2024-05-26)
→ 'github:nix-community/nixpkgs-wayland/1db9b79a45c8e346e03480767e6d9749fabfaf10' (2024-05-31)
```
2024-05-31 06:09:03 +00:00
0fcc3f8d5d
ModemManager: make the sandbox more strict
2024-05-30 21:32:35 +00:00
6570c5ed84
modemmanager: sandbox with bwrap instead of landlock
2024-05-30 18:47:09 +00:00
820fdecfd5
modemmanager: minimal (working) sandbox
2024-05-30 18:27:34 +00:00
8d43565f31
sane-theme: disable sandbox
2024-05-30 16:54:10 +00:00
18364761dd
wireplumber: undo the enableSystemd=false patch
2024-05-30 16:50:53 +00:00
d3937487e6
moby: cleanup bonsai <-> sway circular dependency (slightly)
2024-05-30 12:43:09 +00:00
3fdeacc336
sane-input-handler: add a --help command
2024-05-30 12:30:41 +00:00
7f5e12da8d
dbus: dont consider the service "up" until the unix pipe actually appears
2024-05-30 11:04:02 +00:00
afa8a3c52e
activationScripts.notifyActive: future-proof for if ever DBUS_SESSION_BUS_ADDRESS changes
2024-05-30 11:03:35 +00:00
bfbcb4789b
activationScripts.notifyActive: fix forrenamed XDG_RUNTIME_DIR
2024-05-30 10:56:17 +00:00
2531cc1cf6
bonsai: place the socket in a subdirectory to improve sandboxing
2024-05-30 09:54:28 +00:00
e55b75c333
wireplumber: build without systemd
2024-05-30 09:46:29 +00:00
adb54657d4
sway: fix bonsai to be visible in the sandbox
2024-05-30 09:46:04 +00:00
6eefb9ce20
wireplumber: build against the same pipewire i deploy
2024-05-30 09:06:41 +00:00
274a7821a7
wireplumber: remove no-longer-needed /run/systemd directory
...
not necessary when using seatd/when a member of the 'audio' group
2024-05-30 08:54:41 +00:00
175acf6442
pipewire: build without systemd
2024-05-30 08:44:11 +00:00
66c899d099
callaudiod: fix to not start before dbus/pipewire are up (avoids coredump on boot)
2024-05-30 06:07:08 +00:00