colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
4,979 Commits 125 Branches 1 Tag 12 MiB
d82b4b0f62
Commit Graph

4979 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Colin
d82b4b0f62 modules/programs: sane-sandboxed: reorder the --sane-sandbox-profile-dir arg so it takes precedence 2024-02-12 14:56:48 +00:00
Colin
7b28023e08 modules/programs: re-introduce the "withEmbeddedSandboxer" passthru attr 2024-02-12 14:27:48 +00:00
Colin
2b9db897a1 implement sane.defaultUser attr 2024-02-12 14:27:32 +00:00
Colin
6124cb9b36 modules/programs: sane-sandboxed: search for profiles in XDG_DATA_DIRS, not NIX_PROFILES 2024-02-12 13:16:48 +00:00
Colin
b0394d877d modules/programs: rename allowedRootPaths -> allowedPaths 
now that allowedHomePaths doesn't exist
 2024-02-12 13:00:10 +00:00
Colin
14d8230821 modules/programs: sane-sandboxed: remove --sane-sandbox-home-path argument and plumbing 
no longer needed, and mixing this with root paths is liable to cause troubles at this point, around symlink dereferencing/canonicalization/etc
 2024-02-12 12:57:54 +00:00
Colin
e94e338040 programs: handbrake: remove unneeded Pictures/servo-macros from sandbox 2024-02-12 12:54:41 +00:00
Colin
354ce378f6 programs: assorted: convert /mnt/servo "extraPaths" into "extraHomePaths" where possible 2024-02-12 12:54:16 +00:00
Colin
a90b5b53db modules/programs: sandboxing: dereference symlinks and also include those in the sandbox 2024-02-12 12:48:02 +00:00
Colin
eee3e138ff modules/programs: sandboxing: allow specifying individual /run/user/$uid paths to expose to the sandbox 2024-02-12 12:18:59 +00:00
Colin
f61cd17e99 modules/programs: sandboxing: specialize profiles per-user by expanding $HOME 2024-02-12 12:08:58 +00:00
Colin
3e0b0a0f02 modules/programs: make-sandboxed: lift profile creation logic out to the toplevel 2024-02-12 11:52:33 +00:00
Colin
2ee34e9af3 modules/profiles: remove sandbox.embedProfile option 
with upcoming refactors, this setting would force a different package to be installed per user, which doesn't mesh with the existing sane.programs infra
 2024-02-12 11:35:59 +00:00
Colin
f9a998eb92 programs: koreader: remove "sandbox.embedProfile = true" 
i guess this was set while i was debugging
 2024-02-12 11:33:55 +00:00
Colin
7c05d221d6 modules/programs: split "make-sandbox-profile" out of "make-sandboxed" 2024-02-12 11:20:40 +00:00
Colin
93012664e5 modules/programs: simplify how sandbox profiles make it into system packages 2024-02-12 10:52:44 +00:00
Colin
c424f7ac3b sane-sandboxed: load all profiles, not just the first one we find 
this allows some amount of overriding, or splitting profiles between system and user dirs
 2024-02-12 10:40:15 +00:00
Colin
088b6f1b9a sane-sandboxed: load profiles via $NIX_PROFILES env var 2024-02-12 10:37:26 +00:00
Colin
96575acf3a programs: sane-sandboxed: move parseArgsExtra to outer scope; improve docs 2024-02-12 10:28:14 +00:00
Colin
1e05119adc mpv: fix loading of album art within sandbox 2024-02-12 08:59:46 +00:00
Colin
e81df0ac86 modules/programs: enforce that user services don't accidentally override PATH 2024-02-12 08:44:55 +00:00
Colin
b19492ba23 programs: mpv: add .config/mpv to sandbox paths 2024-02-12 08:26:51 +00:00
Colin
8b26fa1303 programs: wob: split the script into an actual package 2024-02-12 08:26:51 +00:00
Colin
c0883dc777 sway: refactor: store sway-portals.conf in the user dir instead of system-wide 
it's a user service, so prefer to configure it via user/home conf dirs
 2024-02-12 07:13:39 +00:00
Colin
6b3a71aadf programs: xdg-desktop-portal: dont show app chooser for apps which are the default association 2024-02-12 07:12:04 +00:00
Colin
8d0d20757e gui: fold xdg-desktop-portal.nix back into sway config 2024-02-12 01:38:05 +00:00
Colin
66ca822ac1 remove xdg-desktop-portal-gtk service; xdg-desktop-portal knows how to start that itself 2024-02-12 01:33:34 +00:00
Colin
db7a414030 xdg-desktop-portal(s): dont install globally 2024-02-12 01:16:17 +00:00
Colin
87050a0500 feeds: add "FullTimeNix" podcast :) 2024-02-12 00:09:49 +00:00
Colin
bf53e3628a xdg-utils: cleanup 2024-02-11 23:57:50 +00:00
Colin
d35f938806 mime.nix: fix cross build 2024-02-11 23:44:55 +00:00
Colin
d719eb0f11 programs: gPodder: enable Videos/gPodder in sandbox 2024-02-11 23:37:16 +00:00
Colin
0861edd7f9 modules/programs: remove ~/.config/mimeo from sandbox defaults 2024-02-11 23:35:27 +00:00
Colin
b6bf8720c9 modules/programs: implement --sane-sandbox-portal flag for apps which want to use the portal to open other apps 2024-02-11 23:32:24 +00:00
Colin
0fbc10fce3 mime: store mime associations in ~/.local/share/applications instead of /run/current-system/sw/share/applications to facilitate sandboxing 2024-02-11 23:31:43 +00:00
Colin
772f1070e7 xdg-desktop-portal: configure myself, to unblock future portal-related work 2024-02-11 23:29:07 +00:00
Colin
50c6e406bc programs: disable zecwallet-lite 2024-02-09 20:23:56 +00:00
Colin
41020b2c0d nixpkgs: 2024-02-08 -> 2024-02-09 
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/74098fff8838394e2cdf78012bbc7f5bf835197e' (2024-02-08)
  → 'github:nixos/nixpkgs/b38903da74d4fa07bd7045e89bb31e6d4cc13548' (2024-02-09)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/075bf9cffe5b04d39874747239022de9aec5cdcd' (2024-02-08)
  → 'github:nixos/nixpkgs/410b90f31644cc71ffc145261d76a351012aac66' (2024-02-09)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/23f61b897c00b66855074db471ba016e0cda20dd' (2024-02-04)
  → 'github:Mic92/sops-nix/2168851d58595431ee11ebfc3a49d60d318b7312' (2024-02-08)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/9a333eaa80901efe01df07eade2c16d183761fa3' (2024-01-22)
  → 'github:NixOS/nixpkgs/bc6cb3d59b7aab88e967264254f8c1aa4c0284e9' (2024-02-08)
```
 2024-02-09 10:39:27 +00:00
Colin
590a239f7d programs: gpodder: sandbox with bwrap 
which we can do, now that xdg-open works correctly within sandboxes
 2024-02-09 10:31:42 +00:00
Colin
bcbc57f5ef programs: get xdg-open to work from within sandboxes 
note that implementation may have a quirk that applications launched via the portal cannot themselves "xdg-open" through the portal, because of the environment variable manipulation.

not sure how best to address that.
 2024-02-09 10:27:30 +00:00
Colin
0d3adcdc5c modules: users: have user services inherit PATH from environment rather than forcibly overwriting it 2024-02-09 09:50:26 +00:00
Colin
d19907a38d sway: enable OpenURI interface in xdg-desktop-portal 2024-02-09 05:57:02 +00:00
Colin
9ac0e0e4fc modules/programs: put things in a pid namespace by default 2024-02-08 23:36:59 +00:00
Colin
c9af5bf9b4 programs: sandboxing: enable net isolation for most sandboxed programs 2024-02-08 21:51:32 +00:00
Colin
bc85169e3d programs: sandboxer: allow disable net access 2024-02-08 21:07:34 +00:00
Colin
7b9b3344a0 nixpkgs: 2024-02-07 -> 2024-02-08 
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/966fd30804ad0e400fa3502e9f848bfad63b1852' (2024-02-07)
  → 'github:nixos/nixpkgs/74098fff8838394e2cdf78012bbc7f5bf835197e' (2024-02-08)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/be4596f17b30403478c629b27d87fd914a2b9f8a' (2024-02-07)
  → 'github:nixos/nixpkgs/075bf9cffe5b04d39874747239022de9aec5cdcd' (2024-02-08)
```
 2024-02-08 11:09:25 +00:00
Colin
f6ca6210f9 feeds: link to podcastindex.org 2024-02-07 21:47:19 +00:00
Colin
19cfc86d1a nixpkgs: 2024-02-06 -> 2024-02-07 
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/952bd699447d82d69f4b15d994d5dc232e7addfb' (2024-02-06)
  → 'github:nixos/nixpkgs/966fd30804ad0e400fa3502e9f848bfad63b1852' (2024-02-07)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/8ad5408ea36be34ae262b04c8e913a95f8248fc7' (2024-02-06)
  → 'github:nixos/nixpkgs/be4596f17b30403478c629b27d87fd914a2b9f8a' (2024-02-07)
```
 2024-02-07 09:45:02 +00:00
Colin
227d159c66 sway: map Super+Shift+PageUp/Down to next/prev track 2024-02-06 23:52:53 +00:00
Colin
a6becb8c42 sway: add Super+space to toggle media 2024-02-06 23:22:24 +00:00