|
afa8a3c52e
|
activationScripts.notifyActive: future-proof for if ever DBUS_SESSION_BUS_ADDRESS changes
|
2024-05-30 11:03:35 +00:00 |
|
|
bfbcb4789b
|
activationScripts.notifyActive: fix forrenamed XDG_RUNTIME_DIR
|
2024-05-30 10:56:17 +00:00 |
|
|
2531cc1cf6
|
bonsai: place the socket in a subdirectory to improve sandboxing
|
2024-05-30 09:54:28 +00:00 |
|
|
e55b75c333
|
wireplumber: build without systemd
|
2024-05-30 09:46:29 +00:00 |
|
|
adb54657d4
|
sway: fix bonsai to be visible in the sandbox
|
2024-05-30 09:46:04 +00:00 |
|
|
6eefb9ce20
|
wireplumber: build against the same pipewire i deploy
|
2024-05-30 09:06:41 +00:00 |
|
|
274a7821a7
|
wireplumber: remove no-longer-needed /run/systemd directory
not necessary when using seatd/when a member of the 'audio' group
|
2024-05-30 08:54:41 +00:00 |
|
|
175acf6442
|
pipewire: build without systemd
|
2024-05-30 08:44:11 +00:00 |
|
|
0761b6135a
|
users/colin: add myself to "audio" group so that wireplumber can access audio devices w/o systemd/logind
|
2024-05-30 08:44:11 +00:00 |
|
|
66c899d099
|
callaudiod: fix to not start before dbus/pipewire are up (avoids coredump on boot)
|
2024-05-30 06:07:08 +00:00 |
|
|
4aeb3360d3
|
cleanup: programs: dont assume sway is always the wayland/x11 provider
|
2024-05-30 06:00:32 +00:00 |
|
|
0c456d11d8
|
programs: ensure things which depend on sound or wayland are ordered after it
|
2024-05-30 04:55:05 +00:00 |
|
|
f1d397940f
|
seatd: patch sandboxing for desko
|
2024-05-29 19:42:45 +00:00 |
|
|
fa94fa8e6c
|
seatd: sandbox with bwrap
it always surprises my that you can sandbox something with cap_sys_admin like this...
i think this works *only* because the user is root
|
2024-05-29 19:09:57 +00:00 |
|
|
4b9c125c8c
|
seatd: sandbox
|
2024-05-29 18:58:38 +00:00 |
|
|
0f7d25d8a5
|
doc: sway: say why i wrapperType = "inplace"
|
2024-05-29 18:58:05 +00:00 |
|
|
140641729e
|
gvfs: disable (it was broken)
|
2024-05-29 18:39:31 +00:00 |
|
|
32124d76bf
|
cups: disable (not currently used, and not sandboxed)
|
2024-05-29 18:33:17 +00:00 |
|
|
c5c174f988
|
sway: patch to use a narrower sandbox
|
2024-05-29 18:24:59 +00:00 |
|
|
29bc1608aa
|
sway: remove sandbox input which are no longer necessary
|
2024-05-29 17:07:18 +00:00 |
|
|
635ca1e5d8
|
seatd: pull the service definition into my own repo
this will allow me to configure the package
|
2024-05-29 16:34:32 +00:00 |
|
|
2789868703
|
seatd: split out of sway conf
|
2024-05-29 16:22:52 +00:00 |
|
|
c40ec1990a
|
sshd: disable systemd integration
|
2024-05-29 15:57:19 +00:00 |
|
|
d4dfcd6510
|
login : remove systemd pam integration (so it doesnt try, and fail, to start the user manager)
|
2024-05-29 15:42:39 +00:00 |
|
|
d865be952a
|
refactor: sandboxing: replace manual --sanebox-keep-namespace pid config with isolatePids = false
|
2024-05-29 12:56:46 +00:00 |
|
|
7c8a18ecbd
|
systemd: remove no-longer-used user@1000 override
|
2024-05-29 12:56:19 +00:00 |
|
|
35ff7de06e
|
dbus: manage it ourselves instead of having systemd do it
|
2024-05-29 12:55:51 +00:00 |
|
|
c570b7bf5d
|
dbus: manage it ourselves instead of having systemd do it
|
2024-05-29 11:30:33 +00:00 |
|
|
770fc2e574
|
systemd: fix typod IgnoreOnIsolate option
|
2024-05-29 11:30:33 +00:00 |
|
|
0ed7eb24fb
|
programs: assorted: remove legacy programs.feedback setting
|
2024-05-29 11:30:33 +00:00 |
|
|
ad8e75b6a3
|
programs: assorted: remove /var/lib/alsa persistence; doesnt seem to be needed
|
2024-05-29 11:30:33 +00:00 |
|
|
e8dbe0750d
|
networkmanager: fix sandbox to actually work with systemd-resolved
|
2024-05-29 10:34:24 +00:00 |
|
|
4309d887da
|
wpa_supplicant: remove unused services
|
2024-05-29 09:33:25 +00:00 |
|
|
1ee21c4795
|
NetworkManager: run as user instead of root
|
2024-05-29 09:16:30 +00:00 |
|
|
fb7bcbb5f5
|
NetworkManager-wait-online: fix missing sanebox path
|
2024-05-29 01:37:15 +00:00 |
|
|
0013e8305e
|
networkmanager: cleanup
|
2024-05-29 01:35:38 +00:00 |
|
|
7dedfcebb9
|
networkmanager: sandbox
|
2024-05-29 01:33:15 +00:00 |
|
|
247fc1f887
|
hosts/modules/gui: fold into hosts/common/programs
|
2024-05-28 16:51:02 +00:00 |
|
|
3c2ca46ef9
|
hosts/modules/gui/gtk: hoist to sane.programs.sane-theme
|
2024-05-28 16:44:27 +00:00 |
|
|
95dc395925
|
hosts/modules/gui/theme: lift my sway background up into its own package
|
2024-05-28 15:48:37 +00:00 |
|
|
cefd6c0534
|
documentation improvements
|
2024-05-28 13:36:01 +00:00 |
|
|
e8846b2d6b
|
wpa_supplicant: sandbox
|
2024-05-28 13:36:01 +00:00 |
|
|
7d242ab02c
|
sane-battery-estimate: sandbox
|
2024-05-28 09:41:04 +00:00 |
|
|
47611eaa26
|
sane-weather: sandbox
|
2024-05-28 09:38:04 +00:00 |
|
|
9719f0f785
|
mpv: relax sandboxing for the sake of subtitle downloading
|
2024-05-28 09:37:57 +00:00 |
|
|
8042ea76e6
|
assorted programs: specify sandbox.autodetectCliPaths variant more precisely than just true
|
2024-05-28 07:14:27 +00:00 |
|
|
c59236509b
|
sane-cast: sandbox
|
2024-05-28 07:07:11 +00:00 |
|
|
4ba0343315
|
networkmanager: hoist some lib.mkIf s up a few levels
would you believe one of these attributes was being set without a mkIf cfg.enabled guard :)
|
2024-05-28 05:27:23 +00:00 |
|
|
cbe6072c03
|
polyunfill: remove policykit suid wrappers
|
2024-05-28 05:24:37 +00:00 |
|
|
bea1fd95e5
|
polyunfill: disable dbus-daemon-launch-helper suid wrapper
|
2024-05-28 05:14:06 +00:00 |
|