eadf85f66d
sane-open: associate as the default launcher for .desktop files
2024-05-12 17:41:00 +00:00
32e06ce998
programs: gnome-disk-utility: grant sandbox access to ~/tmp
2024-05-06 05:15:28 +00:00
b7dd40e558
sane-open-desktop -> sane-open and have it auto-open/close the keyboard based on what an app wants
2024-04-30 19:22:37 +00:00
46d1a49f0f
servo: enable sane-cast
program
2024-04-29 21:50:03 +00:00
ae418fb2d1
valgrind: mark as not sandboxable
2024-04-23 09:08:05 +00:00
152a5d4c92
sane-cast: integrate with mpv
2024-04-23 07:52:48 +00:00
a000a722ba
mpv: fix so sane-sysvol doesnt hang exit
2024-04-21 10:08:46 +00:00
4dfee58d09
sops: fix sandbox path
2024-04-20 21:43:13 +00:00
a59a7b5346
feeds: podcasts: add Tech Tales
2024-04-19 21:46:03 +00:00
de2c3a30ff
programs: ship lftp ftp client
2024-04-18 04:17:10 +00:00
c08280589d
lsof: fix sandboxing
2024-04-17 23:43:42 +00:00
62f5b9276f
pwvucontrol: whitelist DRI inside the sandbox, for better perf
2024-04-16 20:49:33 +00:00
2587c27f89
font-manager: fix sandboxing
2024-04-14 21:55:52 +00:00
0a888e205e
programs: ship objdump
2024-04-13 20:29:24 +00:00
4b22fd95bf
introduce 'moby-min' host variant for the quickest deployment (no webkitgtk)
2024-04-13 20:29:24 +00:00
907933612d
htop: statically populate config
2024-04-06 23:41:59 +00:00
b4877a488e
discord: add media into sandbox
2024-04-06 09:36:55 +00:00
1c2a375b6d
common/fs: split curlftpfs into sane.programs
...
this makes it easier to build outside of /etc/fstab context, and opens a future path to sandboxing
2024-04-01 00:50:14 +00:00
fb79ca4c8e
programs: iproute: use a less restrictive sandbox
2024-03-26 10:54:29 +00:00
f680a4a25c
engrampa: patch the package via sane.programs, not nixpkgs overlay
2024-03-24 07:44:30 +00:00
5b83d4d944
s6-rc: patch to use /run/user/$id/s6 as the default live dir
2024-03-23 20:52:42 +00:00
5205251f6f
programs: xwayland: sandbox it without exposing net access
2024-03-23 15:33:23 +00:00
6c6e10e470
s6: install manpages
2024-03-21 17:16:11 +00:00
2336767059
port service manager to s6
...
still a lot of cleanup to do (e.g. support dbus service types), but it boots to a usable desktop
2024-03-21 17:16:11 +00:00
6595d177be
gimp: fix sandboxing
2024-03-13 11:36:57 +00:00
f8797a77ff
blast: ship it!
...
TODO: integrate into mpv :)
2024-03-10 04:09:34 +00:00
ed87792f9b
sed: sandbox
2024-03-03 07:06:00 +00:00
8821b3ca7d
procps: sandbox
2024-03-03 06:55:17 +00:00
3b603519ff
fuzzel: sandbox (well, i probably dont even have it on my system anymore :P)
2024-03-02 07:43:42 +00:00
28cb705bd4
grim: sandbox
2024-03-02 07:11:45 +00:00
7fa1dbc5d5
slurp: sandbox
2024-03-02 07:11:45 +00:00
8b7575c205
swappy: sandbox
2024-03-02 07:11:45 +00:00
a7bd831ad8
sane-screenshot: port to sane.programs
2024-03-02 06:14:05 +00:00
2324d75165
switch psmisc -> killall
...
otherwise a really shitty `pstree` makes its way onto my PATH
2024-03-01 18:50:20 +00:00
daab5939e7
rofi: split sane-open-desktop
out as a helper
2024-03-01 04:19:19 +00:00
083f743c1f
remove nixpkgs less
defaults and manage PAGER myself
...
this lets me avoid the lesspipe cross failures, notably
2024-02-29 15:18:51 +00:00
6253d1799a
port sxmo_hook_inputhandler.sh -> sane-input-handler
...
this one can run outside the SXMO environment.
major thing missing at the moment is that rofi doesn't get volume
control inputs because bonsai out-competes it for exclusive control.
2024-02-29 01:26:38 +00:00
d8a8038cae
xdg-terminal-exec: define a .desktop file
2024-02-29 00:17:26 +00:00
40e30cf2f8
programs: make sandbox.wrapperType default to "wrappedDerivation" and remove everywhere i manually set that
2024-02-28 17:39:00 +00:00
812c0c8029
packages: reduce the number of packages which are using inplace sandbox wrapping
2024-02-28 17:35:40 +00:00
b302113fc0
modules/programs: require manual definition; don't auto-populate attrset
...
this greatly decreases nix eval time
2024-02-28 13:35:09 +00:00
8f424dcd5a
programs: sandboxing: link /etc into sandboxed programs
...
this is crucial for e.g. swaync, to find its resource files.
maybe a good idea to link *every* package directory which i also link
into /run/current-system.
2024-02-27 22:25:17 +00:00
67536e3c1f
programs: assorted: correct sandbox paths now that Pictures/Videos/Books are categorized
...
i don't like this Pictures/ approach though. i may reconsolidate some of those
2024-02-27 21:37:20 +00:00
5c7eceeb55
grimshot: move to own file
2024-02-27 14:54:53 +00:00
f2e1bb6b86
programs: python3-repl: sandbox
2024-02-25 18:52:55 +00:00
ca36fe1b96
programs: gnome.seahorse: sandbox
2024-02-25 12:03:42 +00:00
d2df668c9e
modules/programs: sane-sandboxed: replace --sane-sandbox-keep-pidspace with --sane-sandbox-keep-namespace <pid|cgroup|ipc|uts>
2024-02-25 12:00:00 +00:00
b7921ac41b
refactor: programs: sort
2024-02-25 11:53:49 +00:00
0745e9fc06
refactor: programs: split gnome-maps into own file
2024-02-25 09:06:32 +00:00
f714bd8281
programs: jq: sandbox
2024-02-25 01:59:01 +00:00