d0430ce1e9
programs: pavucontrol/pwvucontrol: enable audio devices inside the sandbox
2024-02-14 14:26:56 +00:00
368a52b91e
programs: speedtest-cli: sandbox with bwrap
2024-02-14 14:26:56 +00:00
d90dacee1f
programs: grimshot: sandbox with bwrap
2024-02-14 14:17:41 +00:00
a6e2b3bc5c
programs: xdg-terminal-exec: disable sandbox
2024-02-14 14:11:35 +00:00
8863a3c674
programs: wob: sandbox with bwrap
2024-02-14 14:10:20 +00:00
fa8d6dbb9f
programs: wob: fix config substitution
2024-02-14 14:04:54 +00:00
e5e79a6b60
programs: FileMimeInfo: disable sandbox
2024-02-14 13:54:21 +00:00
95f7eeeb5c
programs: libnotify: sandbox with bwrap
2024-02-14 13:49:48 +00:00
29d638c68b
programs: dig: sandbox with bwrap
2024-02-14 13:47:44 +00:00
7d22a5466f
programs: zsh: fix "switch" function to be friendly to sandboxing
2024-02-14 13:45:56 +00:00
b747742e23
flake: implement "deploy.self" app as replacement for nixos-rebuild switch
2024-02-14 13:45:15 +00:00
5907d9fa42
Revert "xdg-desktop-portal-gtk: build without support for notifications"
...
This reverts commit c9e02bfd8a
2024-02-14 11:09:37 +00:00
67fe8d4666
swaync: propagate GNOTIFICATION_BACKEND = "freedesktop" to all users
2024-02-14 11:09:20 +00:00
22ca253ae0
modules/programs: better document the env option
2024-02-14 11:08:43 +00:00
c9e02bfd8a
xdg-desktop-portal-gtk: build without support for notifications
2024-02-14 10:51:18 +00:00
03b58b3cab
programs: vim: support system copy/paste inside of sandbox
2024-02-14 09:11:31 +00:00
ae01c17c05
programs: splatmoji: fix to work inside a sandbox again
2024-02-14 09:11:12 +00:00
677e6e679b
programs: sandbox {s,}waylock lockscreen
2024-02-14 08:48:03 +00:00
3eb47a9a8d
programs: swaylock: *partially* sandbox with capsh
2024-02-14 05:46:36 +00:00
f11e443678
programs: waylock: *partially* sandbox with capsh
2024-02-14 05:46:28 +00:00
9faf1bb52c
README: document the sandboxing feature of my "programs" module
2024-02-14 05:24:48 +00:00
e599724811
README: use consistent tab width (2 spaces)
2024-02-14 05:18:43 +00:00
c0b03950dc
README: format links to local files in a way that markdown will render them
2024-02-14 05:16:59 +00:00
8f8ec090c4
programs: add "waylock"
2024-02-14 05:01:33 +00:00
e174eaeff0
programs: loupe: fix sandboxing
2024-02-14 04:32:10 +00:00
8b32f2f231
modules/programs: add support for 'autodetectCliPaths = parent'
2024-02-14 04:31:59 +00:00
f12b7afa1e
programs: mimeo: dont sandbox
2024-02-14 01:51:26 +00:00
080bd856ec
programs: sandboxing: only permit wayland socket access to those specific apps which require it
2024-02-14 01:49:49 +00:00
548a95a7e1
modules/programs: sandboxing: unshare ipc/cgroup/uts by default
2024-02-14 01:48:59 +00:00
2d7c5b9fa5
programs: mpv: explicitly add Videos/servo, Books/servo to sandbox
2024-02-13 15:38:57 +00:00
e696cb96b6
nixpkgs: 2024-02-12 -> 2024-02-13
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/f176844192a0b4ab719dffd91fcf356fc24ccbff' (2024-02-12)
→ 'github:nixos/nixpkgs/013603a52da98fe4abf15a5700479a58fa5899a5' (2024-02-13)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/b05b56d24858cfbc2064bda18d00a242bed5ddfb' (2024-02-12)
→ 'github:nixos/nixpkgs/40a7b182e0a00245d69f6b8c1dfd3ea4bfc6257c' (2024-02-13)
```
2024-02-13 12:54:00 +00:00
83cb29aeeb
xdg-utils: re-add mimetype package
2024-02-13 12:31:04 +00:00
34b148f6cc
modules/programs: allow specifying perlPackages members as programs, as i do with python3Packages, etc
2024-02-13 12:31:04 +00:00
44c2f8bcc0
cross: xdg-utils: build xdg-screensaver, and simplify a bit
2024-02-13 12:31:04 +00:00
9c18aa2765
cross: fix xdg-utils
2024-02-13 12:31:04 +00:00
4458a74e4c
nixpkgs: 2024-02-09 -> 2024-02-12; sops-nix -> 2024-02-12
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/b38903da74d4fa07bd7045e89bb31e6d4cc13548' (2024-02-09)
→ 'github:nixos/nixpkgs/f176844192a0b4ab719dffd91fcf356fc24ccbff' (2024-02-12)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/410b90f31644cc71ffc145261d76a351012aac66' (2024-02-09)
→ 'github:nixos/nixpkgs/b05b56d24858cfbc2064bda18d00a242bed5ddfb' (2024-02-12)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/2168851d58595431ee11ebfc3a49d60d318b7312' (2024-02-08)
→ 'github:Mic92/sops-nix/695275c349bb27f91b2b06cb742510899c887b81' (2024-02-12)
• Updated input 'sops-nix/nixpkgs-stable':
'github:NixOS/nixpkgs/bc6cb3d59b7aab88e967264254f8c1aa4c0284e9' (2024-02-08)
→ 'github:NixOS/nixpkgs/d8cd80616c8800feec0cab64331d7c3d5a1a6d98' (2024-02-10)
```
2024-02-13 12:31:04 +00:00
1a18ed533b
programs: don't include dbus in the sandbox by default
2024-02-13 11:58:33 +00:00
18eec98cae
programs: brightnessctl: switch to landlock
2024-02-13 11:58:33 +00:00
82c386a6a4
programs: tor-browser-bundle-bin -> tor-browser
...
they're the same (aliased), only my programs API expects 'tor-browser' specifically
2024-02-13 11:58:33 +00:00
634dc318cd
programs: spotify: remove old/unused firejail config
2024-02-13 11:15:30 +00:00
6eaaeeb91a
programs: remove audio from the sandbox by default
2024-02-13 11:14:38 +00:00
94be4a7551
programs: wob: fix service definition (Exec -> ExecStart)
2024-02-13 11:03:18 +00:00
b4a20da78a
programs: brightnessctl: sandbox
2024-02-13 10:55:44 +00:00
bb68506839
modules/programs: add separate "user" v.s. "system" options for whitelistDbus
2024-02-13 10:55:10 +00:00
77e2af0ed9
programs: krita: enable sandbox
2024-02-13 10:36:42 +00:00
126f3e4922
programs: sandboxing: restrict /run/user dir to just dbus/pipewire/pulse/wayland, by default
2024-02-13 10:28:30 +00:00
73afceb8c6
modules/programs: sandbox: add whitelistWayland option
2024-02-13 10:24:35 +00:00
371af5939e
programs: mpv: tighten the /run/user portion of the sandbox
2024-02-12 15:24:07 +00:00
27fd81ad80
modules/programs: add new options for whitelisting audio/dbus
2024-02-12 15:23:35 +00:00
d82b4b0f62
modules/programs: sane-sandboxed: reorder the --sane-sandbox-profile-dir arg so it takes precedence
2024-02-12 14:56:48 +00:00
