|
c7eb4b66a5
|
polyunfill: remove unused su and sg security wrappers
|
2024-05-31 14:59:23 +00:00 |
|
|
452543e6f3
|
fix rescue host build
|
2024-05-31 10:37:03 +00:00 |
|
|
07aec3ca3c
|
apps: explain why i ship both engrampa and xarchiver archive managers
|
2024-05-31 08:39:23 +00:00 |
|
|
c7fd3d2217
|
nixpkgs: 2024-05-26 -> 2024-05-31, nixpkgs-wayland -> 2024-05-31
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/2baa940f86e1fc54757fd7d1ed551c0a38904bf2' (2024-05-26)
→ 'github:nixos/nixpkgs/d3d81af60c22e9e93a3930a9630b210362341ab9' (2024-05-31)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/7780e5160e011b39019797a4c4b1a4babc80d1bf' (2024-05-26)
→ 'github:nixos/nixpkgs/4e60a4d94bdc1abafeefc1928aa3cda6ce6c4210' (2024-05-31)
• Updated input 'nixpkgs-wayland':
'github:nix-community/nixpkgs-wayland/397c85d463aef789a8dd24c4db467e9ad787907b' (2024-05-26)
→ 'github:nix-community/nixpkgs-wayland/1db9b79a45c8e346e03480767e6d9749fabfaf10' (2024-05-31)
```
|
2024-05-31 06:09:03 +00:00 |
|
|
0fcc3f8d5d
|
ModemManager: make the sandbox more strict
|
2024-05-30 21:32:35 +00:00 |
|
|
0bb887158b
|
implement a dropbear SSH module
|
2024-05-30 20:58:01 +00:00 |
|
|
6570c5ed84
|
modemmanager: sandbox with bwrap instead of landlock
|
2024-05-30 18:47:09 +00:00 |
|
|
820fdecfd5
|
modemmanager: minimal (working) sandbox
|
2024-05-30 18:27:34 +00:00 |
|
|
8d43565f31
|
sane-theme: disable sandbox
|
2024-05-30 16:54:10 +00:00 |
|
|
18364761dd
|
wireplumber: undo the enableSystemd=false patch
|
2024-05-30 16:50:53 +00:00 |
|
|
d3937487e6
|
moby: cleanup bonsai <-> sway circular dependency (slightly)
|
2024-05-30 12:43:09 +00:00 |
|
|
3fdeacc336
|
sane-input-handler: add a --help command
|
2024-05-30 12:30:41 +00:00 |
|
|
84f2006115
|
servo: fix gitea
|
2024-05-30 12:12:06 +00:00 |
|
|
7f5e12da8d
|
dbus: dont consider the service "up" until the unix pipe actually appears
|
2024-05-30 11:04:02 +00:00 |
|
|
afa8a3c52e
|
activationScripts.notifyActive: future-proof for if ever DBUS_SESSION_BUS_ADDRESS changes
|
2024-05-30 11:03:35 +00:00 |
|
|
bfbcb4789b
|
activationScripts.notifyActive: fix forrenamed XDG_RUNTIME_DIR
|
2024-05-30 10:56:17 +00:00 |
|
|
2531cc1cf6
|
bonsai: place the socket in a subdirectory to improve sandboxing
|
2024-05-30 09:54:28 +00:00 |
|
|
e55b75c333
|
wireplumber: build without systemd
|
2024-05-30 09:46:29 +00:00 |
|
|
adb54657d4
|
sway: fix bonsai to be visible in the sandbox
|
2024-05-30 09:46:04 +00:00 |
|
|
6eefb9ce20
|
wireplumber: build against the same pipewire i deploy
|
2024-05-30 09:06:41 +00:00 |
|
|
274a7821a7
|
wireplumber: remove no-longer-needed /run/systemd directory
not necessary when using seatd/when a member of the 'audio' group
|
2024-05-30 08:54:41 +00:00 |
|
|
175acf6442
|
pipewire: build without systemd
|
2024-05-30 08:44:11 +00:00 |
|
|
0761b6135a
|
users/colin: add myself to "audio" group so that wireplumber can access audio devices w/o systemd/logind
|
2024-05-30 08:44:11 +00:00 |
|
|
66c899d099
|
callaudiod: fix to not start before dbus/pipewire are up (avoids coredump on boot)
|
2024-05-30 06:07:08 +00:00 |
|
|
4aeb3360d3
|
cleanup: programs: dont assume sway is always the wayland/x11 provider
|
2024-05-30 06:00:32 +00:00 |
|
|
0c456d11d8
|
programs: ensure things which depend on sound or wayland are ordered after it
|
2024-05-30 04:55:05 +00:00 |
|
|
f1d397940f
|
seatd: patch sandboxing for desko
|
2024-05-29 19:42:45 +00:00 |
|
|
fa94fa8e6c
|
seatd: sandbox with bwrap
it always surprises my that you can sandbox something with cap_sys_admin like this...
i think this works *only* because the user is root
|
2024-05-29 19:09:57 +00:00 |
|
|
4b9c125c8c
|
seatd: sandbox
|
2024-05-29 18:58:38 +00:00 |
|
|
0f7d25d8a5
|
doc: sway: say why i wrapperType = "inplace"
|
2024-05-29 18:58:05 +00:00 |
|
|
140641729e
|
gvfs: disable (it was broken)
|
2024-05-29 18:39:31 +00:00 |
|
|
32124d76bf
|
cups: disable (not currently used, and not sandboxed)
|
2024-05-29 18:33:17 +00:00 |
|
|
c5c174f988
|
sway: patch to use a narrower sandbox
|
2024-05-29 18:24:59 +00:00 |
|
|
29bc1608aa
|
sway: remove sandbox input which are no longer necessary
|
2024-05-29 17:07:18 +00:00 |
|
|
635ca1e5d8
|
seatd: pull the service definition into my own repo
this will allow me to configure the package
|
2024-05-29 16:34:32 +00:00 |
|
|
2789868703
|
seatd: split out of sway conf
|
2024-05-29 16:22:52 +00:00 |
|
|
c40ec1990a
|
sshd: disable systemd integration
|
2024-05-29 15:57:19 +00:00 |
|
|
d4dfcd6510
|
login : remove systemd pam integration (so it doesnt try, and fail, to start the user manager)
|
2024-05-29 15:42:39 +00:00 |
|
|
d865be952a
|
refactor: sandboxing: replace manual --sanebox-keep-namespace pid config with isolatePids = false
|
2024-05-29 12:56:46 +00:00 |
|
|
7c8a18ecbd
|
systemd: remove no-longer-used user@1000 override
|
2024-05-29 12:56:19 +00:00 |
|
|
35ff7de06e
|
dbus: manage it ourselves instead of having systemd do it
|
2024-05-29 12:55:51 +00:00 |
|
|
c570b7bf5d
|
dbus: manage it ourselves instead of having systemd do it
|
2024-05-29 11:30:33 +00:00 |
|
|
770fc2e574
|
systemd: fix typod IgnoreOnIsolate option
|
2024-05-29 11:30:33 +00:00 |
|
|
0ed7eb24fb
|
programs: assorted: remove legacy programs.feedback setting
|
2024-05-29 11:30:33 +00:00 |
|
|
ad8e75b6a3
|
programs: assorted: remove /var/lib/alsa persistence; doesnt seem to be needed
|
2024-05-29 11:30:33 +00:00 |
|
|
e8dbe0750d
|
networkmanager: fix sandbox to actually work with systemd-resolved
|
2024-05-29 10:34:24 +00:00 |
|
|
4309d887da
|
wpa_supplicant: remove unused services
|
2024-05-29 09:33:25 +00:00 |
|
|
1ee21c4795
|
NetworkManager: run as user instead of root
|
2024-05-29 09:16:30 +00:00 |
|
|
fb7bcbb5f5
|
NetworkManager-wait-online: fix missing sanebox path
|
2024-05-29 01:37:15 +00:00 |
|
|
0013e8305e
|
networkmanager: cleanup
|
2024-05-29 01:35:38 +00:00 |
|
|
7dedfcebb9
|
networkmanager: sandbox
|
2024-05-29 01:33:15 +00:00 |
|
|
247fc1f887
|
hosts/modules/gui: fold into hosts/common/programs
|
2024-05-28 16:51:02 +00:00 |
|
|
3c2ca46ef9
|
hosts/modules/gui/gtk: hoist to sane.programs.sane-theme
|
2024-05-28 16:44:27 +00:00 |
|
|
95dc395925
|
hosts/modules/gui/theme: lift my sway background up into its own package
|
2024-05-28 15:48:37 +00:00 |
|
|
cefd6c0534
|
documentation improvements
|
2024-05-28 13:36:01 +00:00 |
|
|
e8846b2d6b
|
wpa_supplicant: sandbox
|
2024-05-28 13:36:01 +00:00 |
|
|
7d242ab02c
|
sane-battery-estimate: sandbox
|
2024-05-28 09:41:04 +00:00 |
|
|
47611eaa26
|
sane-weather: sandbox
|
2024-05-28 09:38:04 +00:00 |
|
|
9719f0f785
|
mpv: relax sandboxing for the sake of subtitle downloading
|
2024-05-28 09:37:57 +00:00 |
|
|
8042ea76e6
|
assorted programs: specify sandbox.autodetectCliPaths variant more precisely than just true
|
2024-05-28 07:14:27 +00:00 |
|
|
c59236509b
|
sane-cast: sandbox
|
2024-05-28 07:07:11 +00:00 |
|
|
4ba0343315
|
networkmanager: hoist some lib.mkIf s up a few levels
would you believe one of these attributes was being set without a mkIf cfg.enabled guard :)
|
2024-05-28 05:27:23 +00:00 |
|
|
cbe6072c03
|
polyunfill: remove policykit suid wrappers
|
2024-05-28 05:24:37 +00:00 |
|
|
bea1fd95e5
|
polyunfill: disable dbus-daemon-launch-helper suid wrapper
|
2024-05-28 05:14:06 +00:00 |
|
|
ae544c0649
|
polyunfill: disable mount/umount suid wrappers
|
2024-05-28 05:02:26 +00:00 |
|
|
b571f70988
|
polyunfill: remove fusermount suid wrapper
|
2024-05-28 04:56:14 +00:00 |
|
|
e6498ad152
|
notejot: fix sandboxing
|
2024-05-28 03:59:31 +00:00 |
|
|
976b8ae45e
|
rofi-snippets: make the filtering case insensitive, and improve ellipsis placement come 1.7.6
|
2024-05-28 03:38:36 +00:00 |
|
|
ab7c4d7410
|
rofi-snippets: remove the subshell and just use a pipe
i expect that this is faster, particularly because bash should stand up each section of the pipeline in parallel, right?
|
2024-05-28 03:23:04 +00:00 |
|
|
d2c3bec98e
|
rofi-snippets: remove an extraneous layer of sandbox
|
2024-05-28 03:04:57 +00:00 |
|
|
3c5e5632ee
|
wtype: sandbox
|
2024-05-28 03:04:26 +00:00 |
|
|
dcedb8d3f0
|
sanebox: handle --flag=path style of autodetected paths
|
2024-05-28 03:04:02 +00:00 |
|
|
f38d2d52d2
|
alsa-ucm-pinephone-pmos: prefer the earpiece over the "internal speaker"
|
2024-05-27 14:13:56 +00:00 |
|
|
04bbf54385
|
alsa-ucm-conf: switch to postmarketos version
|
2024-05-27 13:41:03 +00:00 |
|
|
f2271180dd
|
alsa-ucm-conf: split the patched alsa confs out into their own package
|
2024-05-27 12:53:33 +00:00 |
|
|
60b1ab1429
|
conky: split sane-battery-estimate out into its own program
|
2024-05-27 11:33:40 +00:00 |
|
|
a024f685c3
|
firefox: replace i-still-dont-care-about-cookies extension with a uBlock filter list
simpler that way; fewer extensions to trust
|
2024-05-27 07:43:55 +00:00 |
|
|
9c20cef6ea
|
firefox: ublacklist: disable (i wasnt using any rules; it wasnt blocking anything from google search results)
|
2024-05-27 07:22:47 +00:00 |
|
|
f6f1a6e136
|
firefox: uBlock Origin: ship filter lists statically
|
2024-05-27 06:54:52 +00:00 |
|
|
7941a8b1ed
|
refactor: firefox: fix uBlock json indentation
|
2024-05-27 04:46:38 +00:00 |
|
|
063b0be5b6
|
hosts/modules/gui/greetd: remove
|
2024-05-27 00:44:01 +00:00 |
|
|
7e490f5c07
|
remove lingering references to sxmo
|
2024-05-27 00:38:30 +00:00 |
|
|
d46fa8a242
|
swaync-fbcli: sandbox (experimental)
|
2024-05-27 00:11:20 +00:00 |
|
|
62b2eb874c
|
swaync-service-dispatcher: sandbox
|
2024-05-27 00:07:30 +00:00 |
|
|
133c1b3699
|
swaync: remove unused systemd integrations
it's all s6 now
|
2024-05-27 00:06:03 +00:00 |
|
|
1b4300dbeb
|
swaync: remove unused vpn button
|
2024-05-27 00:00:44 +00:00 |
|
|
b1c7061b21
|
vpn: fix typos from previous 2 commits
|
2024-05-26 14:26:47 +00:00 |
|
|
002639cc76
|
ovpn: use a single key per-device
this should fix the traffic collisions i'm seeing with the existing setup
|
2024-05-26 14:04:52 +00:00 |
|
|
45967fde7b
|
brave: fix sandboxing under pasta/netns
|
2024-05-26 13:05:44 +00:00 |
|
|
3a045f4d88
|
doc: polyunfill: point to https://github.com/NixOS/nixpkgs/pull/314791
|
2024-05-26 08:00:18 +00:00 |
|
|
57d6a9a4c3
|
polyunfill: simplify pam hacks
|
2024-05-26 07:04:12 +00:00 |
|
|
2ee39ca0cc
|
poly_unfill: remove /run/wrappers/bin/unix_chkpwd
non-privileged users don't need to check passwords
well, maybe they do (for desktop unlockers), but i've already solved that :)
|
2024-05-26 06:37:59 +00:00 |
|
|
9d9211c5fa
|
polyunfill: distribute /run/wrappers/bin/unix_chkpwd without suid bit
|
2024-05-26 01:18:30 +00:00 |
|
|
9ce7dcd57a
|
/run/wrappers: remove unused newgidmap,newuidmap,newgrp binaries
|
2024-05-26 01:18:30 +00:00 |
|
|
efa1ee6c69
|
iproute2: disable sandbox and fix ip commands
|
2024-05-26 01:18:30 +00:00 |
|
|
6a15434cc6
|
net/vpn: remove the bridge devices from my VPN setup
|
2024-05-26 01:18:30 +00:00 |
|
|
8cb73687ce
|
unl0kr: don't add extra deps to user's PATH
|
2024-05-26 01:17:42 +00:00 |
|
|
73f5c9608e
|
sanebox: tighter dependency handling, to not rely on @BACKEND_FALLBACK@
|
2024-05-25 10:26:36 +00:00 |
|
|
b035d312aa
|
firejail: purge
|
2024-05-25 10:21:31 +00:00 |
|
|
a5e1a804c9
|
sane-vpn: port to sanebox/pasta (no more firejail)
|
2024-05-25 10:09:10 +00:00 |
|
|
7b1bc210fd
|
sanebox: integrate with pasta (passt) for better net sandboxing
|
2024-05-25 09:39:18 +00:00 |
|
|
842651efd5
|
mpv: tune webm.conf
|
2024-05-25 02:05:18 +00:00 |
|
|
27b4d4da16
|
mpv: ship a music visualizer
note that it doesnt show in `webm` exports
|
2024-05-25 02:05:09 +00:00 |
|
|
e407467e55
|
mpv: ship mpv-webm tool for clipping videos
|
2024-05-25 00:55:40 +00:00 |
|
|
30c677fafc
|
feeds: subscribe to weekinethereumnews.com
|
2024-05-25 00:52:39 +00:00 |
|
|
49b48b24fc
|
ship linux/posix manpages
|
2024-05-24 06:57:20 +00:00 |
|
|
844a128d60
|
iproute2: fix sandboxing (hopefully)
|
2024-05-24 06:41:12 +00:00 |
|
|
309797fe23
|
sane-input-handler: fix unrecoverable terminal state
bonsai is prone to miss inputs during high CPU load.
|
2024-05-24 04:29:34 +00:00 |
|
|
a6b10244eb
|
sane-input-handler: set vim filetype hint
|
2024-05-24 04:06:53 +00:00 |
|
|
2ccb4d94c5
|
nixpkgs: 2024-05-16 -> 2024-05-23, nixpkgs-wayland, sops-nix, uninsane-dot-org
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/1887e39d7e68bb191eb804c0f976ad25b3980595' (2024-05-16)
→ 'github:nixos/nixpkgs/?' (2024-05-23)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/977a49df312d89b7dfbb3579bf13b7dfe23e7878' (2024-05-16)
→ 'github:nixos/nixpkgs/?' (2024-05-23)
• Updated input 'nixpkgs-wayland':
'github:nix-community/nixpkgs-wayland/5e2c5345f3204c867c9d4183cbb68069d0f7a951' (2024-05-16)
→ 'github:nix-community/nixpkgs-wayland/?' (2024-05-23)
• Updated input 'nixpkgs-wayland/lib-aggregate':
'github:nix-community/lib-aggregate/09883ca828e8cfaacdb09e29190a7b84ad1d9925' (2024-05-12)
→ 'github:nix-community/lib-aggregate/5fa64b174daa22fe0d20ebbcc0ec2c7905b503f1' (2024-05-19)
• Updated input 'nixpkgs-wayland/lib-aggregate/nixpkgs-lib':
'github:nix-community/nixpkgs.lib/58e03b95f65dfdca21979a081aa62db0eed6b1d8' (2024-05-12)
→ 'github:nix-community/nixpkgs.lib/0df131b5ee4d928a4b664b6d0cd99cf134d6ab6b' (2024-05-19)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/b6cb5de2ce57acb10ecdaaf9bbd62a5ff24fa02e' (2024-05-12)
→ 'github:Mic92/sops-nix/b549832718b8946e875c016a4785d204fcfc2e53' (2024-05-22)
• Updated input 'sops-nix/nixpkgs-stable':
'github:NixOS/nixpkgs/8e47858badee5594292921c2668c11004c3b0142' (2024-05-11)
→ 'github:NixOS/nixpkgs/e7cc61784ddf51c81487637b3031a6dd2d6673a2' (2024-05-18)
• Updated input 'uninsane-dot-org':
'git+https://git.uninsane.org/colin/uninsane?ref=refs/heads/master&rev=af8420d1c256d990b5e24de14ad8592a5d85bf77' (2024-04-15)
→ 'git+https://git.uninsane.org/colin/uninsane?ref=refs/heads/master&rev=e6f88f563bdd1700c04018951de4f69862646dd1' (2024-05-16)
```
|
2024-05-24 02:57:53 +00:00 |
|
|
ca57fd692f
|
sane-input-handler: simplify the volume button controls; reduce vol-hold repeat count to 3
|
2024-05-23 02:50:38 +00:00 |
|
|
e6a8f5bae8
|
eg25-control: fix --enable-gps and --ensure-agps commands
these were failing due to pathing changes from systemd -> s6
|
2024-05-23 02:50:38 +00:00 |
|
|
c5e7ef7b0c
|
polyunfill: don't ship x86-only kernel modules to moby's initrd
notably, this relaxes some constraints on the kernel so that e.g.
postmarketOS kernel actually passes eval checks (and boots to ssh!
no graphics yet)
|
2024-05-21 22:47:12 +00:00 |
|
|
d0734947bf
|
polyunfill: disable swraid
|
2024-05-21 22:47:12 +00:00 |
|
|
2e07797065
|
megapixels: document how to debug
|
2024-05-21 10:12:20 +00:00 |
|
|
3d295e8757
|
gst-device-monitor: bundle more gstreamer plugins to improve node detection
|
2024-05-20 09:59:08 +00:00 |
|
|
e3a20477f7
|
gst-device-monitor: wrap with required gst-plugins-base runtime dependency
|
2024-05-20 06:17:11 +00:00 |
|
|
cfedcc91bd
|
gst-device-monitor: fix so manpages are bundled
|
2024-05-20 03:00:23 +00:00 |
|
|
f20a0ac409
|
fractal-latest: purge (unused package)
|
2024-05-19 21:16:06 +00:00 |
|
|
87c84f0e2e
|
ship libcamera, snapshot
note that properly packaging these is still a WIP
|
2024-05-19 10:41:09 +00:00 |
|
|
c0a6313023
|
home/mime: micro-opt: use toString instead of string coercion
|
2024-05-19 10:40:15 +00:00 |
|
|
5619bb3334
|
pkgs: ship gst-device-monitor binary
|
2024-05-19 10:40:15 +00:00 |
|
|
0fc4f83fc9
|
sane-input-handler: bump volume hold time from 600ms -> 750ms
hopefully this decreases the number of volup inputs which are misread as volup-hold (which happens a lot when the screen is off...?)
|
2024-05-19 00:34:23 +00:00 |
|
|
1b24bd50f9
|
errno: ship
|
2024-05-19 00:21:30 +00:00 |
|
|
58ef2cf863
|
calls/callaudiod: update documentation
|
2024-05-18 20:55:16 +00:00 |
|
|
41bc4ac7b4
|
callaudiod: fix repo URL
|
2024-05-18 08:10:34 +00:00 |
|
|
3361f2bbe7
|
zsh: port to sane.programs
|
2024-05-18 08:10:34 +00:00 |
|
|
c987f13ef0
|
calls: split callaudiod out and run it manually
|
2024-05-18 07:14:42 +00:00 |
|
|
ee36f2f052
|
sway: fix display names
|
2024-05-18 06:57:24 +00:00 |
|
|
09457bee5a
|
sway: position gnome-calls on workspace 1
|
2024-05-18 06:55:39 +00:00 |
|
|
278631b59e
|
calls: sandbox
|
2024-05-18 06:52:53 +00:00 |
|
|
4d09cce1aa
|
calls: fix latency so moby doesnt underrun
|
2024-05-18 06:47:26 +00:00 |
|
|
b2f2f88dc6
|
calls: exit on UI close
|
2024-05-18 06:32:23 +00:00 |
|
|
9c27b8e864
|
swaync: sort icons
|
2024-05-17 08:42:35 +00:00 |
|
|
af34d395fc
|
swaync: fix Discord icon
|
2024-05-17 07:18:23 +00:00 |
|
|
008b659a10
|
swaync: reorder icons
|
2024-05-17 05:49:28 +00:00 |
|
|
1ce2839df9
|
swaync: clean up icons a bit more
|
2024-05-17 05:45:15 +00:00 |
|
|
022d15c2c7
|
swaync: increase font size of service icons
|
2024-05-17 03:42:32 +00:00 |
|
|
908a2ca6c3
|
swaync: fix a bug that i couldnt see all icons on the same row
|
2024-05-17 03:21:41 +00:00 |
|
|
42fb79b025
|
swaync: improve gnome-calls icon
|
2024-05-17 00:49:40 +00:00 |
|
|
4265ea9b99
|
calls: auto-start
|
2024-05-17 00:41:32 +00:00 |
|
|
a7d376778e
|
gnome-calls: re-enable
|
2024-05-17 00:36:56 +00:00 |
|
|
157af52112
|
feeds: add Grumpy.website
|
2024-05-16 19:25:22 +00:00 |
|
|
3bb5546aaf
|
systemd-logind: fix to not sleep when i close the lid (again)
|
2024-05-16 02:13:02 +00:00 |
|
|
b4229ecb1e
|
sanebox: load the link cache from a static /etc path instead of via CLI args
|
2024-05-15 23:55:15 +00:00 |
|
|
17eaa7446a
|
sanebox: remove all profile-related features except for direct, path-based profile loading
|
2024-05-15 09:13:20 +00:00 |
|
|
ee43fcdb89
|
rename LG TV -> Cuddlevision
|
2024-05-15 07:50:38 +00:00 |
|
|
bc73a16475
|
networkmanager: fix to be compatible when systemd-resolved is enabled
|
2024-05-15 02:57:40 +00:00 |
|
|
adfaa7f9c1
|
sane-sandboxed -> sanebox
|
2024-05-15 01:41:40 +00:00 |
|
|
f9a6873ee9
|
signal-desktop: remove NIXOS_OZONE_WL=1 hack (no longer required)
|
2024-05-15 00:10:00 +00:00 |
|