1a972927b6
programs: sandbox nethogs, nmon, nixpkgs-review
2024-02-16 05:27:50 +00:00
5f3ec42f57
programs: sandbox lsof with capsh only
...
can't get it to sandbox any more aggressively with either landlock or
bwrap
2024-02-16 04:55:18 +00:00
28aaeb051f
programs: disable sandboxing for strace and screen
2024-02-16 04:51:52 +00:00
9d252d095e
programs: htop/iotop/iftop: sandbox
2024-02-16 04:51:18 +00:00
4e5e4219ec
programs: usbutils: sandbox
2024-02-16 04:03:47 +00:00
824dd7c1f5
programs: endless-sky: sandbox with bwrap
2024-02-16 04:00:27 +00:00
b840a0d61c
programs: space-cadet-pinball: sandbox w/ bwrap
2024-02-16 03:58:09 +00:00
36bcecfd68
programs: sort
2024-02-16 03:53:53 +00:00
c3a5fb9394
programs: wdisplays: sandbox with bwrap
2024-02-16 03:53:27 +00:00
30507c3564
programs: soundconverter: sandbox with bwrap
2024-02-16 03:51:23 +00:00
48d96c1f36
programs: hase: sandbox with bwrap
...
couldn't test the net feature, because hase servers have since gone
offline :((
2024-02-16 03:48:59 +00:00
511752fab5
programs: xdg-desktop-portal{-gtk,-wlr}: enable sandbox
2024-02-16 03:17:19 +00:00
5e7f914354
programs: superTux: fix failing sandbox build
2024-02-16 03:16:28 +00:00
7eaffc9fa0
programs: w3m: enable sandbox
2024-02-15 18:25:48 +00:00
b7c1a6331d
programs: mate.engrampa: enable sandbox
2024-02-15 18:24:27 +00:00
52d768a162
programs: xterm: mark as not needing a sandbox
2024-02-15 17:26:55 +00:00
7a685d8de9
programs: inkscape: sandbox with bwrap
2024-02-15 17:26:37 +00:00
5090c4e88c
sway: define without using nixos "programs.sway"
...
motivation was to leverage 'sane.programs.sway.env' to statically configure SWAYSOCK. i think that's still the right way: we'll see
2024-02-15 14:25:27 +00:00
dcc2eb265d
programs: re-enable sandbox for tumiki-fighters and losslesscut (X applications)
2024-02-15 00:09:40 +00:00
518c3afd07
programs: sandbox: disable losslesscut/tumiki-fighters sandbox until i can figure out Xwayland
2024-02-14 14:37:59 +00:00
90dee85664
programs: sort alphabetically
2024-02-14 14:28:22 +00:00
26fc283fd9
programs: losslesscut: sandbox
2024-02-14 14:26:56 +00:00
d0430ce1e9
programs: pavucontrol/pwvucontrol: enable audio devices inside the sandbox
2024-02-14 14:26:56 +00:00
368a52b91e
programs: speedtest-cli: sandbox with bwrap
2024-02-14 14:26:56 +00:00
d90dacee1f
programs: grimshot: sandbox with bwrap
2024-02-14 14:17:41 +00:00
a6e2b3bc5c
programs: xdg-terminal-exec: disable sandbox
2024-02-14 14:11:35 +00:00
e5e79a6b60
programs: FileMimeInfo: disable sandbox
2024-02-14 13:54:21 +00:00
95f7eeeb5c
programs: libnotify: sandbox with bwrap
2024-02-14 13:49:48 +00:00
29d638c68b
programs: dig: sandbox with bwrap
2024-02-14 13:47:44 +00:00
677e6e679b
programs: sandbox {s,}waylock lockscreen
2024-02-14 08:48:03 +00:00
3eb47a9a8d
programs: swaylock: *partially* sandbox with capsh
2024-02-14 05:46:36 +00:00
f12b7afa1e
programs: mimeo: dont sandbox
2024-02-14 01:51:26 +00:00
080bd856ec
programs: sandboxing: only permit wayland socket access to those specific apps which require it
2024-02-14 01:49:49 +00:00
1a18ed533b
programs: don't include dbus in the sandbox by default
2024-02-13 11:58:33 +00:00
18eec98cae
programs: brightnessctl: switch to landlock
2024-02-13 11:58:33 +00:00
6eaaeeb91a
programs: remove audio from the sandbox by default
2024-02-13 11:14:38 +00:00
b4a20da78a
programs: brightnessctl: sandbox
2024-02-13 10:55:44 +00:00
77e2af0ed9
programs: krita: enable sandbox
2024-02-13 10:36:42 +00:00
354ce378f6
programs: assorted: convert /mnt/servo "extraPaths" into "extraHomePaths" where possible
2024-02-12 12:54:16 +00:00
bcbc57f5ef
programs: get xdg-open to work from within sandboxes
...
note that implementation may have a quirk that applications launched via the portal cannot themselves "xdg-open" through the portal, because of the environment variable manipulation.
not sure how best to address that.
2024-02-09 10:27:30 +00:00
c9af5bf9b4
programs: sandboxing: enable net isolation for most sandboxed programs
2024-02-08 21:51:32 +00:00
0c050d1953
programs: fuzzel: fix overly-aggressive sandboxing
2024-02-06 20:10:29 +00:00
2fc1fe7510
modules/programs: make-sandboxed: fix that /share/* was being linked into top-level /; better way to enforce sandboxing of /share entries
2024-02-06 19:55:55 +00:00
5f8699fcef
rearrange /mnt structure for host-based subdirs
...
e.g. /mnt/servo/media, /mnt/desko/home, etc
2024-02-06 05:48:11 +00:00
5ff7bf0c69
programs: fuzzel: sandbox
2024-02-06 02:34:46 +00:00
2495200b67
tidy: programs: wget: remove warning about the sandbox being untested
2024-02-06 01:34:40 +00:00
4c499629f5
programs: vvvvvv: sandbox with bwrap
2024-02-06 01:34:04 +00:00
7b9f54dd54
programs: superTux: sandbox with bwrap
2024-02-06 01:16:36 +00:00
1c4e2f97fe
swaylock: mark sandboxing as unsupported
2024-02-05 23:36:35 +00:00
ddc41bc9d8
programs: pavucontrol/pwvucontrol: sandbox with bwrap
2024-02-05 22:15:48 +00:00
bfc0eadfaa
programs: hitori: sandbox with bwrap
2024-02-05 21:52:57 +00:00
ff1cbcc16b
programs: gnome-clocks,gnome-calendar: sandbox with bwrap
2024-02-05 21:46:27 +00:00
cd1d22e7b9
programs: gnome-calculator: sandbox with bwrap
2024-02-05 20:58:38 +00:00
2c0e93826d
programs: gimp: sandbox with bwrap
2024-02-05 20:53:05 +00:00
cab346f3ad
programs: delfin: sandbox with bwrap
2024-02-05 20:44:47 +00:00
12846732b9
programs: blanket: sandbox with bwrap
2024-02-05 18:26:21 +00:00
6d1eae2200
programs: gnome-2048: sandbox with bwrap
2024-02-05 08:26:06 +00:00
42523b75a8
programs: gdb: disable sandboxing
2024-02-03 23:53:34 +00:00
2f9fad503c
programs: fix sandboxing errors for programs which create files (notably: ffmpeg)
2024-02-03 00:17:54 +00:00
6e24a1ff28
programs: re-enable sops
2024-01-31 15:30:15 +00:00
0009e5ca4c
programs: sandboxing: use wrapperType="wrappedDerivation" where applicable
2024-01-29 15:21:16 +00:00
d3f7a036ce
ripgrep: move options out of assorted.nix into its own file
2024-01-29 12:57:56 +00:00
bfec531fa2
sandbox a bunch more apps
2024-01-28 11:43:05 +00:00
de11edffa5
programs/assorted: remove more unused programs
2024-01-28 11:34:33 +00:00
e536e3c718
programs/assorted.nix: remove unused tree-sitter package
2024-01-28 11:03:09 +00:00
17d14dbac2
programs/assorted.nix: uninstall some programs i don't frequently use
2024-01-28 10:40:57 +00:00
8ecb17ed3e
programs: enable libcap_ng/netcap
2024-01-26 09:13:20 +00:00
ab4bbc2224
programs: remove explicit firejail installation; let sane.programs decide when to install it sys-wide
2024-01-23 14:57:33 +00:00
59187a0ec0
programs: allow running binaries in a netns-style firejail
2024-01-20 11:11:12 +00:00
f43d6bff92
route VPN traffic such that i can configure any app to selectively use the VPN
...
e.g. firejail --net=br-ovpnd-us-mi --noprofile --dns=46.227.67.134 getent ahostsv4 uninsane.org
2024-01-19 09:54:01 +00:00
ca3f97ec51
docs: go2tv: elaborate seeking limitations
2024-01-04 16:25:49 +00:00
6471524f4a
programs: zecwallet-lite: move to own file
2024-01-01 15:17:51 +00:00
a933f8b512
delfin: persist server settings
2023-12-15 08:17:07 +00:00
f763448d6f
go2tv: docs: firewall
2023-12-14 10:56:07 +00:00
deb828e98a
programs: enable go2tv
2023-12-14 10:39:33 +00:00
cb0d9e077b
programs: enable catt
2023-12-14 08:41:16 +00:00
008a6192d4
mpv: associate with https://youtube.com/ ...
2023-12-11 04:52:49 +00:00
9e51d7f150
sane-wipe-*: consolidate into one sane-wipe binary
2023-12-03 14:25:35 +00:00
8772aaec65
zfs: dont ship on moby
2023-12-03 00:58:49 +00:00
a9f932408c
servo: add zfs dataset
2023-12-02 17:38:00 +00:00
936118b8cb
sane-tag-music: init
2023-11-29 12:29:58 +00:00
8eb83bb283
sane-ssl-dump: remove
...
i never used it
2023-11-28 09:12:39 +00:00
9ccbfd8bf0
sane-clone: init
...
script to "git clone" a nix packages source code
2023-11-24 21:29:15 +00:00
f8899aada0
sane.programs.animatch: move to own file
2023-11-19 23:58:00 +00:00
1f8886684f
ship abaddon discord client
2023-11-19 02:37:51 +00:00
0893c90c51
refactor how i decide which programs go on which machine (leverage "roles" like pc and handheld)
2023-11-18 22:56:53 +00:00
2f320db5e2
gtkcord4: add swaync icon and user service
2023-11-17 09:18:14 +00:00
caf95675d6
packages: persist data for unofficial discord clients
2023-11-17 08:26:36 +00:00
d85dbf1d33
animatch: correctly persist progress (?)
2023-11-17 01:24:04 +00:00
93ea668db3
install more desktop games
2023-11-17 00:13:34 +00:00
5f426b3efd
ship vvvvvv game
2023-11-16 20:50:40 +00:00
13dda2e533
programs: ship animatch
2023-11-16 00:36:31 +00:00
bb810ac75a
signal-desktop: fix directory persistence
2023-11-15 23:07:25 +00:00
dfe724ff52
shattered-pixel-dungeon: persist save file
2023-11-15 05:53:14 +00:00
1da78d093f
ship gnome-2048 game
2023-11-14 03:36:15 +00:00
48b6045ba3
gui: ship superTux, superTuxKart
2023-11-14 00:39:24 +00:00
1f0f84f2f0
programs: add dialect, spot, wike, xq
2023-11-10 19:29:43 +00:00
28d4a4b065
persistence: move stores behind a byStore attr to support disabling persistence altogether (for e.g. rescue image)
2023-11-08 15:33:15 +00:00
7c5f5bd604
programs: add nvme, e2fsprogs to sysadminTools
2023-11-08 14:36:27 +00:00
18a7598f62
programs: xdg-terminal-exec: move to gui programs
2023-11-08 11:31:49 +00:00
e1a8c94ab9
programs: ship ddrescue
2023-11-06 23:57:48 +00:00
f6eadd3696
devPkgs: add requests to python
2023-11-05 20:02:40 +00:00
713bbffd7d
new script: sane-wipe-flare
2023-10-31 06:54:53 +00:00
501e79006c
new script: sane-wipe-fractal
2023-10-24 00:41:05 +00:00
5607bae49b
devPkgs: add lua
2023-10-20 23:07:02 +00:00
8859b4cf8a
programs: persist data better for spotify, brave, tor
2023-10-16 19:18:47 +00:00
aaf9dbac1e
ship gdb, mercurial
2023-10-12 01:59:28 +00:00
8dc1cbbbd2
programs: ship binutils-unwrapped instead of binutils
...
it has better cross compilation properties
2023-10-11 22:15:28 +00:00
9a69d8bd0d
ship eza (ls substitute)
2023-10-10 22:08:58 +00:00
290d6a8da5
gnome-maps: ship on lappy/desko/moby
2023-10-02 04:07:21 +00:00
b9f31c6f4b
devPkgs: add cargo, rustc
2023-10-01 03:47:45 +00:00
cb3cf57465
cargo: when enabled, persist ~/.cargo
2023-09-30 02:57:30 +00:00
b98934693c
programs: ship binutils (for "strings")
2023-09-20 06:42:23 +00:00
3a30b891be
sane-vpn-{up,down}: consolidate
2023-09-19 15:41:54 +00:00
072506c5d9
ship ethtool
2023-09-19 10:09:24 +00:00
0342594728
programs: ship iw
2023-09-19 10:09:24 +00:00
a79d021123
font-manager: build without webkit
2023-09-16 12:44:09 +00:00
9d71a08841
kitty: remove configs (unused)
...
i use alacritty now
2023-09-16 08:26:39 +00:00
c55ea59c4f
ship unzip, for when dtrx fails
2023-09-11 22:31:54 +00:00
b26f7a5d2b
sysadminUtils: ship dtc (device tree de/compiler)
2023-09-10 09:49:31 +00:00
559c551752
re-enable dino XMPP client
2023-08-28 08:48:35 +00:00
1b5c870798
sane-scripts.sync-music: add to a package set (sane-scripts.sys-utils)
2023-08-15 01:47:45 +00:00
b9868512d6
switch TERMINAL from kitty -> alacritty
2023-08-15 01:46:57 +00:00
22ffcb1b55
remove fwupd to reduce cross-compilation patches
2023-08-04 07:47:00 +00:00
76abbac6f6
fwupd: define as a sane.program
2023-08-04 07:35:13 +00:00
dcf97b70e1
programs: use the declPackageSet helper
2023-08-02 21:20:50 +00:00
44059b34c7
don't ship unused sane-scripts
2023-08-02 21:09:16 +00:00
8a126d0a64
programs: explicitly declare dependencies on gnome-keyring
2023-08-02 07:40:57 +00:00
ae9a81919f
replace unar with dtrx
...
the former is costly to (cross-)compile
2023-07-31 01:13:15 +00:00
5cd05d8762
programs: split consoleUtils into separate normal/desktop sets
2023-07-30 11:59:38 +00:00
9adaece9d6
sane.programs.nheko: split to own file
2023-07-30 01:44:08 +00:00
d39b698066
sane.programs.fractal: split to separate file
2023-07-30 01:42:58 +00:00
7391ce0b05
programs: move the guiApps category up to hosts/modules/gui
2023-07-15 01:02:41 +00:00
2822dd6137
programs: update tor-browser bug info
2023-07-15 00:44:24 +00:00
4cc4c3293b
programs: don't ship ncdu
2023-07-11 21:12:25 +00:00
70fcf179d5
programs: ship ncdu
2023-07-11 08:11:10 +00:00
db93bd42ed
moby: ship megapixels camera app
2023-07-10 01:18:40 +00:00
3c309b65af
programs: ship tangram to gui platforms
2023-07-09 11:17:54 +00:00
e57efbcb21
zsh: fix history file persistence
2023-07-08 02:22:29 +00:00
38411617ef
fontconfig: only ship on GUI systems
2023-07-07 23:44:45 +00:00
2131e638aa
desko: enable some dev-related packages
...
useful as i hack on Helix
2023-07-04 10:27:59 +00:00
61cbdc2c85
add helix text editor
2023-07-04 03:28:54 +00:00
32e20cdda0
programs: enable epiphany web browser for all gui platforms
2023-07-03 08:16:40 +00:00
8600934755
programs: more cleanup
2023-07-03 08:03:55 +00:00
787b58b284
programs: reorder package groups
2023-07-03 07:58:02 +00:00
9340d5f391
programs: remove explicit default definitions
2023-07-03 07:49:44 +00:00
262592b26a
programs: better way to ship jellyfin-media-player only on desktops
2023-07-02 23:12:12 +00:00
7b0e4caa16
programs: ship blanket ambient noise generator
2023-07-02 23:10:05 +00:00
7c5ab7d253
ship lemoa on gui hosts
2023-07-02 01:40:36 +00:00
b2e70c0210
programs: ship msmtp sendmail implementation
2023-07-01 00:28:59 +00:00
