6595d177be
gimp: fix sandboxing
2024-03-13 11:36:57 +00:00
f8797a77ff
blast: ship it!
...
TODO: integrate into mpv :)
2024-03-10 04:09:34 +00:00
ed87792f9b
sed: sandbox
2024-03-03 07:06:00 +00:00
8821b3ca7d
procps: sandbox
2024-03-03 06:55:17 +00:00
3b603519ff
fuzzel: sandbox (well, i probably dont even have it on my system anymore :P)
2024-03-02 07:43:42 +00:00
28cb705bd4
grim: sandbox
2024-03-02 07:11:45 +00:00
7fa1dbc5d5
slurp: sandbox
2024-03-02 07:11:45 +00:00
8b7575c205
swappy: sandbox
2024-03-02 07:11:45 +00:00
a7bd831ad8
sane-screenshot: port to sane.programs
2024-03-02 06:14:05 +00:00
2324d75165
switch psmisc -> killall
...
otherwise a really shitty `pstree` makes its way onto my PATH
2024-03-01 18:50:20 +00:00
daab5939e7
rofi: split sane-open-desktop
out as a helper
2024-03-01 04:19:19 +00:00
083f743c1f
remove nixpkgs less
defaults and manage PAGER myself
...
this lets me avoid the lesspipe cross failures, notably
2024-02-29 15:18:51 +00:00
6253d1799a
port sxmo_hook_inputhandler.sh -> sane-input-handler
...
this one can run outside the SXMO environment.
major thing missing at the moment is that rofi doesn't get volume
control inputs because bonsai out-competes it for exclusive control.
2024-02-29 01:26:38 +00:00
d8a8038cae
xdg-terminal-exec: define a .desktop file
2024-02-29 00:17:26 +00:00
40e30cf2f8
programs: make sandbox.wrapperType default to "wrappedDerivation" and remove everywhere i manually set that
2024-02-28 17:39:00 +00:00
812c0c8029
packages: reduce the number of packages which are using inplace sandbox wrapping
2024-02-28 17:35:40 +00:00
b302113fc0
modules/programs: require manual definition; don't auto-populate attrset
...
this greatly decreases nix eval time
2024-02-28 13:35:09 +00:00
8f424dcd5a
programs: sandboxing: link /etc into sandboxed programs
...
this is crucial for e.g. swaync, to find its resource files.
maybe a good idea to link *every* package directory which i also link
into /run/current-system.
2024-02-27 22:25:17 +00:00
67536e3c1f
programs: assorted: correct sandbox paths now that Pictures/Videos/Books are categorized
...
i don't like this Pictures/ approach though. i may reconsolidate some of those
2024-02-27 21:37:20 +00:00
5c7eceeb55
grimshot: move to own file
2024-02-27 14:54:53 +00:00
f2e1bb6b86
programs: python3-repl: sandbox
2024-02-25 18:52:55 +00:00
ca36fe1b96
programs: gnome.seahorse: sandbox
2024-02-25 12:03:42 +00:00
d2df668c9e
modules/programs: sane-sandboxed: replace --sane-sandbox-keep-pidspace with --sane-sandbox-keep-namespace <pid|cgroup|ipc|uts>
2024-02-25 12:00:00 +00:00
b7921ac41b
refactor: programs: sort
2024-02-25 11:53:49 +00:00
0745e9fc06
refactor: programs: split gnome-maps into own file
2024-02-25 09:06:32 +00:00
f714bd8281
programs: jq: sandbox
2024-02-25 01:59:01 +00:00
73b2594d9b
programs: sandboxing: distinguish between "existingFileOrParent" and "existingOrParent"
2024-02-25 01:59:01 +00:00
aa0991bd6c
persistence: cleanup so it all works well with symlink-based stores
2024-02-23 13:09:44 +00:00
24d1d13d0a
programs: simplify sandboxing of file browsers/etc now that private data lives on a different mount
2024-02-23 07:06:29 +00:00
af03b3f6e8
xwayland: sandbox
2024-02-23 01:05:24 +00:00
5819f07181
programs: xwayland: sandbox
2024-02-22 22:12:03 +00:00
b8f090be93
programs: delfin: add required mpris permissions
2024-02-21 13:27:19 +00:00
5a0760a571
programs: sandbox oathtools
2024-02-21 00:03:48 +00:00
81148b7b42
programs: explicitly depend on dconf instead of manually persisting dconf's dirs
2024-02-20 23:39:27 +00:00
6cf1bc5a28
programs: grep: sandbox
2024-02-20 23:32:28 +00:00
768b340c93
findutils: sandbox
...
use bwrap instead of landlock for the dumb preference that i can disable
net
2024-02-20 23:31:58 +00:00
a624571b22
move glib program recommendation into programs/assorted.nix
2024-02-20 12:11:26 +00:00
c7f4661c1c
programs: htop: persist config
2024-02-20 05:38:45 +00:00
e8306831c5
programs: qemu: mark as slowToBuild
2024-02-20 05:34:47 +00:00
2d17826731
programs: eza: sandbox with bwrap instead of landlock
2024-02-19 15:32:40 +00:00
de297f22be
programs: split sane-scripts out of assorted.nix
2024-02-19 14:19:10 +00:00
3effd59c9b
xdg-desktop-portal-{gtk,wlr}: start via service manager, with ordered deps, instead of letting dbus activate it for us
...
that gets more reliable environment importing, etc
2024-02-19 13:44:23 +00:00
44647e0d36
programs: forkstat: sandbox
2024-02-19 13:15:15 +00:00
67395bdcd3
programs: ship forkstat
2024-02-18 11:58:30 +00:00
f8663cd827
programs: monero-gui: sandbox
2024-02-17 16:06:58 +00:00
af1ee1734d
programs: wireguard-tools: sandbox
2024-02-17 15:54:16 +00:00
a729f91d21
programs: jq: add working sandbox criteria, but don't enable yet
...
i need to handle the extremely common `cat foo | jq .` without adding
`.` to the sandbox
2024-02-17 15:36:41 +00:00
a273b559e2
programs: gnome-disk-utility: sandbox
2024-02-17 15:36:28 +00:00
785b375671
programs: smartmontools (smartctl): sandbox
2024-02-17 15:36:13 +00:00
24cba0c856
programs: xq: remove
2024-02-17 15:30:23 +00:00