Commit Graph

5270 Commits

Author SHA1 Message Date
af03b3f6e8 xwayland: sandbox 2024-02-23 01:05:24 +00:00
5819f07181 programs: xwayland: sandbox 2024-02-22 22:12:03 +00:00
122f3fa5cc sway: remove xwayland-specific placement of Signal
it breaks non-xwayland sway config parsing, and Signal is native Wayland now anyway even with Xwayland running'
2024-02-22 22:01:48 +00:00
ece612ea70 nixpkgs: 2024-02-21 -> 2024-02-22
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/97c19bdc7ecbe44755084a52acf38e17bdf2bc71' (2024-02-21)
  → 'github:nixos/nixpkgs/024149d718e25378f4decfeeb614b88208c2f700' (2024-02-22)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/0e74ca98a74bc7270d28838369593635a5db3260' (2024-02-21)
  → 'github:nixos/nixpkgs/a7fa133a1e973c127e9c83e2c8e3407ae3797099' (2024-02-22)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/acfcce2a36da17ebb724d2e100d47881880c2e48' (2024-02-20)
  → 'github:Mic92/sops-nix/f6b80ab6cd25e57f297fe466ad689d8a77057c11' (2024-02-21)
```
2024-02-22 07:07:29 +00:00
f27f994090 systemd: fix the timeout for the user service manager 2024-02-22 00:24:05 +00:00
473999c001 sway: re-enable networkmanager 2024-02-21 23:46:25 +00:00
d1de9efde1 sway: port xwayland use to sane.programs API 2024-02-21 23:32:10 +00:00
50c3f04714 pipewire: remove dead alsa comments 2024-02-21 23:26:40 +00:00
49bad8f186 sway: split pipewire persisted file into pipewire.nix 2024-02-21 23:26:25 +00:00
fd9f500e97 sway: split pipewire config into separate sane.programs.pipewire 2024-02-21 23:23:52 +00:00
386651044e sway: port to sane.programs API 2024-02-21 23:18:57 +00:00
55a6c828f2 sway: lift portal/menu reset into polyunfill.nix 2024-02-21 22:09:53 +00:00
7ecebd7521 sway: treat fontconfig as an ordinary sane.programs 2024-02-21 22:08:45 +00:00
7b299176e3 sway: simplify the wrapper 2024-02-21 22:06:10 +00:00
4da9cb5ac8 sway: simplify the wrapper... slightly 2024-02-21 21:42:48 +00:00
f068da709f sway: compile with xwayland only if we plan to use it at runtime
else it's just extra weight
2024-02-21 21:05:41 +00:00
5b21257e4f gui: sway: remove useGreeter option (provide a greeter always, via suggestedPrograms) 2024-02-21 20:59:34 +00:00
d77a12ce7b unl0kr: remove the "afterLogin" option and choose automatically which desktop to launch 2024-02-21 20:47:48 +00:00
153d2a1047 GSK_RENDERER: don't set globally, but just for the apps which _actually_ require it
this way i can avoid conflicts around apps which don't expect this to be set (e.g. delfin)
2024-02-21 16:56:56 +00:00
2a528a5d8e sane-sandboxed: leave a note about future mount work 2024-02-21 16:08:42 +00:00
b8f090be93 programs: delfin: add required mpris permissions 2024-02-21 13:27:19 +00:00
b16902bec1 delfin: downgrade 0.4.1 -> 0.4.0
0.4.1 doesn't cross compile because of rust requirement. 0.4.0 does
2024-02-21 13:26:54 +00:00
c919372324 delfin: add option to build in debug mode, and with debug patches 2024-02-21 12:09:48 +00:00
60371585e4 delfin: 0.4.0 -> 0.4.1 2024-02-21 09:04:49 +00:00
20cb850fb5 nixpkgs: 2024-02-18 -> 2024-02-21
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/d076cde70cbceca9315a11bdc609ddfcec9dfbca' (2024-02-18)
  → 'github:nixos/nixpkgs/97c19bdc7ecbe44755084a52acf38e17bdf2bc71' (2024-02-21)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/9511a7b219df1f8d8f5c2a58c4870fde169fe397' (2024-02-18)
  → 'github:nixos/nixpkgs/0e74ca98a74bc7270d28838369593635a5db3260' (2024-02-21)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/ffed177a9d2c685901781c3c6c9024ae0ffc252b' (2024-02-18)
  → 'github:Mic92/sops-nix/acfcce2a36da17ebb724d2e100d47881880c2e48' (2024-02-20)
```
2024-02-21 00:35:14 +00:00
c6470918de types.string -> types.str 2024-02-21 00:25:44 +00:00
c0f374bd80 programs: sane-secrets-dump: don't leak secrets onto proc/cmdline 2024-02-21 00:24:31 +00:00
5a0760a571 programs: sandbox oathtools 2024-02-21 00:03:48 +00:00
757ab79724 programs: dconf: sandbox 2024-02-20 23:43:25 +00:00
81148b7b42 programs: explicitly depend on dconf instead of manually persisting dconf's dirs 2024-02-20 23:39:27 +00:00
429d0c53e7 programs: ripgrep: sandbox with bwrap instead of landlock
this provides network isolation
2024-02-20 23:32:54 +00:00
6cf1bc5a28 programs: grep: sandbox 2024-02-20 23:32:28 +00:00
768b340c93 findutils: sandbox
use bwrap instead of landlock for the dumb preference that i can disable
net
2024-02-20 23:31:58 +00:00
d9901aa161 programs: sane-secrets-*: sandbox 2024-02-20 23:31:39 +00:00
be2098c18a programs: sane-vpn: sandbox 2024-02-20 23:05:24 +00:00
ee7d99289a sane-vpn: allow shorthands like "sane-vpn up us" instead of full ovpnd-us 2024-02-20 23:01:53 +00:00
bb569b1668 sane-vpn: port away from systemd so that i can use it as an ordinary user (no sudo) 2024-02-20 22:21:02 +00:00
34524ea3e4 modules/vpn: fix the vpn-* systemd services 2024-02-20 20:40:46 +00:00
71025329e7 programs: sane-dev-cargo-loop: sandbox 2024-02-20 19:26:38 +00:00
ca4d1e3b9d programs: sane-tag-music: sandbox 2024-02-20 19:26:18 +00:00
284b698015 sane-reclaim-boot-space: fix, and sandbox
well i didn't get to test this thoroughly: might still have problems
2024-02-20 19:16:36 +00:00
bc50daf685 nix.settings: port to structured attrs 2024-02-20 18:35:03 +00:00
47dcfb9cba fix nix.settings.nix-path to actually take effect
now i can `nix-shell` again! nix-path takes precedence over `NIX_PATH`
env var.
2024-02-20 17:54:25 +00:00
2bd99f6e51 remove no-longer-needed nix trusted-users setting
well, it *seems* to work, at least!
2024-02-20 13:43:41 +00:00
8beac8df2f programs: sandbox sane-shutdown, sane-reboot 2024-02-20 13:43:05 +00:00
58db553c84 programs: unl0kr: sandbox 2024-02-20 13:29:56 +00:00
2ea3776d84 programs: sane-sync-from-servo: remove
this was obsoleted by the top-level flake `sync` scripts
2024-02-20 13:16:21 +00:00
d596d005ca systemd: configure a 25s stop timeout for the user manager too (hopefully) 2024-02-20 13:11:47 +00:00
e92db138ef systemd: allow ordinary users to invoke shutdown/reboot 2024-02-20 12:25:04 +00:00
5fed127c23 refactor: split systemd config into own file 2024-02-20 12:18:28 +00:00