cd1d22e7b9
programs: gnome-calculator: sandbox with bwrap
2024-02-05 20:58:38 +00:00
2c0e93826d
programs: gimp: sandbox with bwrap
2024-02-05 20:53:05 +00:00
cab346f3ad
programs: delfin: sandbox with bwrap
2024-02-05 20:44:47 +00:00
568a72f6a4
gpodder-configured: remove unused derivation inputs
2024-02-05 20:22:27 +00:00
a2decaff9c
programs: bemenu: sandbox with landlock
2024-02-05 18:41:52 +00:00
23411ed973
todo.md: make dconf stuff less monolithic
2024-02-05 18:33:03 +00:00
8ef9f7a485
epiphany: persist dconf settings; reduce sandboxer errors
2024-02-05 18:31:38 +00:00
12846732b9
programs: blanket: sandbox with bwrap
2024-02-05 18:26:21 +00:00
e84079e84c
programs: firefox: allow sandbox access to ~/dev
2024-02-05 18:17:49 +00:00
45ffd9246d
programs: brave: sandbox with bwrap
2024-02-05 18:17:28 +00:00
ed3935318d
feeds: subscribe to non-paywalled Matt Levine
2024-02-05 16:41:38 +00:00
8052f62796
programs: sane-wipe browser: also clear epiphany artifacts
2024-02-05 16:31:19 +00:00
413903d03c
make-sandboxed: also embed profiles for the withEmbeddedSandboxer passthru pkg
2024-02-05 08:26:40 +00:00
6d1eae2200
programs: gnome-2048: sandbox with bwrap
2024-02-05 08:26:06 +00:00
4d51c34ad2
programs: allow sane.strictSandboxing = "warn"
2024-02-05 05:28:02 +00:00
bc50a8c489
nixpkgs: 2024-02-03 -> 2024-02-04; sops-nix -> 2024-02-04
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/94db8d8c016a54feeaaf2643e2ce42bf4cc29286' (2024-02-03)
→ 'github:nixos/nixpkgs/259981b0af5c285bb3cc7146de1da1b5af92236d' (2024-02-04)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/79a13f1437e149dc7be2d1290c74d378dad60814' (2024-02-03)
→ 'github:nixos/nixpkgs/2be0b5db83fbea4a838f753994e8ebd35af91968' (2024-02-04)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/73bf36912e31a6b21af6e0f39218e067283c67ef' (2024-01-28)
→ 'github:Mic92/sops-nix/23f61b897c00b66855074db471ba016e0cda20dd' (2024-02-04)
```
2024-02-04 22:55:03 +00:00
ee8e33b795
koreader: remove dead patching code
...
it still builds (in 3:00 minutes), huh
2024-02-04 22:08:12 +00:00
8afb6406a1
koreader: remove dead code/build inputs
2024-02-04 22:02:03 +00:00
7ac1ee66ad
koreader: use nixpkgs' luasocket and luasec
2024-02-04 21:30:30 +00:00
8a47eb92ed
koreader: use nixpkgs' lua-rapidjson
2024-02-04 21:30:30 +00:00
b87934d5f8
koreader: use nixpkgs lpeg and remove vendor-external-projects.patch
2024-02-04 20:37:10 +00:00
293eab8225
koreader: use modern openssl
2024-02-04 20:05:02 +00:00
abdbb83e10
koreader: replace vendored dependencies with their nixpkgs equivalents much more effectively
...
the old method was still causing everything to be re-compiled within koreader, rather than linking against the nix store.
decreases build time to about 3m on a desktop
2024-02-04 19:39:32 +00:00
4a96fa233a
koreader: 2023.10 -> 2024.01
2024-02-04 02:51:27 +00:00
4bd73ddca3
koreader-from-src: build even more from source
2024-02-03 23:58:41 +00:00
dc74bca06a
programs: vim: add private/knowledge to sandbox
2024-02-03 23:53:53 +00:00
42523b75a8
programs: gdb: disable sandboxing
2024-02-03 23:53:34 +00:00
79736a4a0a
koreader-from-src: tidy
2024-02-03 16:30:03 +00:00
111946eb1d
programs: vim, imagemagick: fix sandboxing to consider uncreated files
2024-02-03 14:07:53 +00:00
09f3bfc944
flake: make "nix run .#deploy" deploy to all hosts
2024-02-03 02:55:13 +00:00
b8fc75ebd6
nixpkgs: 2024-02-02 -> 2024-02-03
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/1bfd22b6448ac4d407510bd37fe16d87a9dcb41b' (2024-02-02)
→ 'github:nixos/nixpkgs/94db8d8c016a54feeaaf2643e2ce42bf4cc29286' (2024-02-03)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/eef63ea04722d812a09a5974ed18c9761088a6e1' (2024-02-02)
→ 'github:nixos/nixpkgs/79a13f1437e149dc7be2d1290c74d378dad60814' (2024-02-03)
```
2024-02-03 02:15:09 +00:00
8de015f098
flake: preDeploy: fix host/addr mixup
2024-02-03 02:15:05 +00:00
6da85f6d8f
flake: add a preDeploy target
2024-02-03 02:04:41 +00:00
2dc6da476b
flake: deploy app: remove the last call to nixos-rebuild
2024-02-03 01:42:54 +00:00
453f40d0a8
flake: sync photos from moby with "nix run .#sync.moby"
2024-02-03 00:54:04 +00:00
14b20fd9c2
programs: komikku: fix sandboxing
2024-02-03 00:52:17 +00:00
2df1b20f02
programs: epiphany: simplify the sandboxing
2024-02-03 00:44:23 +00:00
56e7e9a7cc
remove unused "default.nix.cmp" file
...
should have never been checked in
2024-02-03 00:18:33 +00:00
2f9fad503c
programs: fix sandboxing errors for programs which create files (notably: ffmpeg)
2024-02-03 00:17:54 +00:00
3439ca34b8
sane-sandboxed: add more autodetect options, and a "withEmbeddedSandboxer" package output (for dev)
2024-02-03 00:17:24 +00:00
24e6e6cacc
firefox-extensions.sidebery: downgrade 5.1.1 -> 5.0.0
...
release format is inconsistent; would need to build from-source to reliably use the latest version(s)
2024-02-02 23:26:14 +00:00
0ee9f2026c
sane-sandboxed: hopefully fix a problem with path normalization for paths with spaces
2024-02-02 22:56:43 +00:00
5e3c2636db
programs: make-sandboxed: handle packages which use relative links in bin (like spotify)
2024-02-02 22:38:36 +00:00
cd0a046776
dovecot: remove dead code
2024-02-02 20:47:55 +00:00
27edee0bbf
dovecot2: fix sieves
2024-02-02 20:47:20 +00:00
56734fe5da
mpv: add /dev/dri to the sandbox
2024-02-02 19:18:30 +00:00
832a572d56
firefox-extensions: bump to latest
2024-02-02 19:17:04 +00:00
3c96f6d418
programs: koreader: enable DRI in the sandbox, and use wrappedDerivation
2024-02-02 17:22:57 +00:00
86b23e8183
programs: fractal: enable DRI in sandbox
2024-02-02 17:19:35 +00:00
2bb9115f35
modules/programs: sandboxing: add "whitelistDri" option for gfx-intensive apps
2024-02-02 17:18:51 +00:00
