.. |
conky
|
assorted static-nix-shell packages: use srcRoot
|
2024-02-25 17:37:38 +00:00 |
gnome-keyring
|
programs: gnome-keyring: sandbox
|
2024-02-23 09:49:35 +00:00 |
koreader
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
mimeo
|
assorted static-nix-shell packages: use srcRoot
|
2024-02-25 17:37:38 +00:00 |
rofi
|
rofi: place druncache into rofi cache dir
|
2024-02-27 01:21:27 +00:00 |
sway
|
plumb my configured sway through to everywhere that wants pkgs.sway .
|
2024-02-27 16:11:10 +00:00 |
sway-autoscaler
|
assorted static-nix-shell packages: use srcRoot
|
2024-02-25 17:37:38 +00:00 |
unl0kr
|
assorted static-nix-shell packages: use srcRoot
|
2024-02-25 17:37:38 +00:00 |
waybar
|
cross compilation: remove unused patches; note upstreaming status
|
2024-02-27 14:53:26 +00:00 |
wob
|
assorted static-nix-shell packages: use srcRoot
|
2024-02-25 17:37:38 +00:00 |
zsh
|
programs: simplify sandboxing of file browsers/etc now that private data lives on a different mount
|
2024-02-23 07:06:29 +00:00 |
abaddon.nix
|
programs (assorted): fix wantedBy = "default.target" to be more specific
|
2024-02-02 14:21:57 +00:00 |
aerc.nix
|
programs: sandboxing: enable net isolation for most sandboxed programs
|
2024-02-08 21:51:32 +00:00 |
alacritty.nix
|
alacritty: explicitly disable sandbox
|
2024-01-27 17:20:11 +00:00 |
animatch.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
assorted.nix
|
grimshot: move to own file
|
2024-02-27 14:54:53 +00:00 |
audacity.nix
|
persistence: cleanup so it all works well with symlink-based stores
|
2024-02-23 13:09:44 +00:00 |
bemenu.nix
|
programs: bemenu: fix sandboxing
|
2024-02-15 14:33:20 +00:00 |
bonsai.nix
|
programs: bonsai: fix eval error
|
2024-02-23 16:00:32 +00:00 |
brave.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
bubblewrap.nix
|
bubblewrap: explicitly disable sandboxing
|
2024-01-27 17:20:40 +00:00 |
calls.nix
|
programs (assorted): fix wantedBy = "default.target" to be more specific
|
2024-02-02 14:21:57 +00:00 |
cantata.nix
|
persistence: move stores behind a byStore attr to support disabling persistence altogether (for e.g. rescue image)
|
2023-11-08 15:33:15 +00:00 |
catt.nix
|
programs: enable catt
|
2023-12-14 08:41:16 +00:00 |
chatty.nix
|
programs: allow running binaries in a netns-style firejail
|
2024-01-20 11:11:12 +00:00 |
cozy.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
dconf.nix
|
programs: dconf: sandbox
|
2024-02-20 23:43:25 +00:00 |
default.nix
|
grimshot: move to own file
|
2024-02-27 14:54:53 +00:00 |
dialect.nix
|
programs: explicitly depend on dconf instead of manually persisting dconf's dirs
|
2024-02-20 23:39:27 +00:00 |
dino.nix
|
programs: configure auto-launching programs to only start *after* graphical-session.target
|
2024-02-19 12:58:08 +00:00 |
element-desktop.nix
|
sway: port xwayland use to sane.programs API
|
2024-02-21 23:32:10 +00:00 |
epiphany.nix
|
programs: explicitly depend on dconf instead of manually persisting dconf's dirs
|
2024-02-20 23:39:27 +00:00 |
evince.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
feedbackd.nix
|
programs: feedbackd: sandbox w/ bwrap
|
2024-02-16 03:49:59 +00:00 |
firefox.nix
|
firefox: integrate the "persist" config into "sane.programs"
|
2024-02-23 11:23:41 +00:00 |
flare-signal.nix
|
programs: allow running binaries in a netns-style firejail
|
2024-01-20 11:11:12 +00:00 |
fontconfig.nix
|
programs: sandboxing: distinguish between "existingFileOrParent" and "existingOrParent"
|
2024-02-25 01:59:01 +00:00 |
fractal.nix
|
programs: configure auto-launching programs to only start *after* graphical-session.target
|
2024-02-19 12:58:08 +00:00 |
frozen-bubble.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
fwupd.nix
|
fwupd: define as a sane.program
|
2023-08-04 07:35:13 +00:00 |
g4music.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
gajim.nix
|
persistence: move stores behind a byStore attr to support disabling persistence altogether (for e.g. rescue image)
|
2023-11-08 15:33:15 +00:00 |
geary.nix
|
programs: configure auto-launching programs to only start *after* graphical-session.target
|
2024-02-19 12:58:08 +00:00 |
git.nix
|
programs: simplify sandboxing of file browsers/etc now that private data lives on a different mount
|
2024-02-23 07:06:29 +00:00 |
gnome-feeds.nix
|
programs: remove wantedBy from the fs, and make it implicit
|
2023-05-08 21:41:02 +00:00 |
gnome-maps.nix
|
programs: gnome-maps: sandbox
|
2024-02-25 11:51:50 +00:00 |
gnome-weather.nix
|
programs: explicitly depend on dconf instead of manually persisting dconf's dirs
|
2024-02-20 23:39:27 +00:00 |
go2tv.nix
|
programs: assorted: convert /mnt/servo "extraPaths" into "extraHomePaths" where possible
|
2024-02-12 12:54:16 +00:00 |
gpodder.nix
|
programs: gpodder: fix to work in sandbox (add dbus)
|
2024-02-16 06:07:46 +00:00 |
grimshot.nix
|
plumb my configured sway through to everywhere that wants pkgs.sway .
|
2024-02-27 16:11:10 +00:00 |
gthumb.nix
|
programs: allow running binaries in a netns-style firejail
|
2024-01-20 11:11:12 +00:00 |
gtkcord4.nix
|
programs: configure auto-launching programs to only start *after* graphical-session.target
|
2024-02-19 12:58:08 +00:00 |
handbrake.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
helix.nix
|
persistence: move stores behind a byStore attr to support disabling persistence altogether (for e.g. rescue image)
|
2023-11-08 15:33:15 +00:00 |
imagemagick.nix
|
programs: sandboxing: distinguish between "existingFileOrParent" and "existingOrParent"
|
2024-02-25 01:59:01 +00:00 |
jellyfin-media-player.nix
|
programs: allow running binaries in a netns-style firejail
|
2024-01-20 11:11:12 +00:00 |
kdenlive.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
komikku.nix
|
GSK_RENDERER: don't set globally, but just for the apps which _actually_ require it
|
2024-02-21 16:56:56 +00:00 |
lemoa.nix
|
programs: lemoa: sandbox
|
2024-02-16 05:32:22 +00:00 |
libreoffice.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
loupe.nix
|
GSK_RENDERER: don't set globally, but just for the apps which _actually_ require it
|
2024-02-21 16:56:56 +00:00 |
mako.nix
|
programs: configure auto-launching programs to only start *after* graphical-session.target
|
2024-02-19 12:58:08 +00:00 |
megapixels.nix
|
programs: explicitly depend on dconf instead of manually persisting dconf's dirs
|
2024-02-20 23:39:27 +00:00 |
mepo.nix
|
programs: mepo: sandbox
|
2024-02-17 15:08:21 +00:00 |
mopidy.nix
|
programs: allow running binaries in a netns-style firejail
|
2024-01-20 11:11:12 +00:00 |
mpv.nix
|
persistence: cleanup so it all works well with symlink-based stores
|
2024-02-23 13:09:44 +00:00 |
msmtp.nix
|
programs: ship msmtp sendmail implementation
|
2023-07-01 00:28:59 +00:00 |
nautilus.nix
|
programs: simplify sandboxing of file browsers/etc now that private data lives on a different mount
|
2024-02-23 07:06:29 +00:00 |
neovim.nix
|
programs: sandboxing: distinguish between "existingFileOrParent" and "existingOrParent"
|
2024-02-25 01:59:01 +00:00 |
newsflash.nix
|
newsflash: enable podcasts/videos; document
|
2023-12-13 03:45:07 +00:00 |
nheko.nix
|
persistence: move stores behind a byStore attr to support disabling persistence altogether (for e.g. rescue image)
|
2023-11-08 15:33:15 +00:00 |
nicotine-plus.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
nix-index.nix
|
programs: nix-index: sandbox
|
2024-02-16 11:39:05 +00:00 |
notejot.nix
|
programs: explicitly depend on dconf instead of manually persisting dconf's dirs
|
2024-02-20 23:39:27 +00:00 |
ntfy-sh.nix
|
programs: ntfy-sh: sandbox
|
2024-02-17 15:47:47 +00:00 |
obsidian.nix
|
mime: support multiple implementors of the same association, with different priorities
|
2023-07-15 10:11:31 +00:00 |
offlineimap.nix
|
secrets: rename "universal" -> "common" to match the language of hosts/
|
2023-05-14 08:52:43 +00:00 |
open-in-mpv.nix
|
open-in-mpv: remove my patch which has been upstreamed, previously required to use xdg-open
|
2024-02-18 04:52:27 +00:00 |
pipewire.nix
|
programs: pipewire: port sandbox to bwrap and restrict further
|
2024-02-25 15:19:57 +00:00 |
planify.nix
|
programs: planify: sandbox
|
2024-02-18 07:07:29 +00:00 |
playerctl.nix
|
programs: don't include dbus in the sandbox by default
|
2024-02-13 11:58:33 +00:00 |
portfolio-filemanager.nix
|
programs: simplify sandboxing of file browsers/etc now that private data lives on a different mount
|
2024-02-23 07:06:29 +00:00 |
rhythmbox.nix
|
persistence: move stores behind a byStore attr to support disabling persistence altogether (for e.g. rescue image)
|
2023-11-08 15:33:15 +00:00 |
ripgrep.nix
|
programs: simplify sandboxing of file browsers/etc now that private data lives on a different mount
|
2024-02-23 07:06:29 +00:00 |
sane-scripts.nix
|
programs: sane-private-init: sandbox
|
2024-02-25 16:46:10 +00:00 |
sfeed.nix
|
programs: sfeed: sandbox
|
2024-02-19 14:14:59 +00:00 |
signal-desktop.nix
|
programs: configure auto-launching programs to only start *after* graphical-session.target
|
2024-02-19 12:58:08 +00:00 |
splatmoji.nix
|
programs: splatmoji: document the sandboxing approach
|
2024-02-16 03:46:48 +00:00 |
spot.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
spotify.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
steam.nix
|
steam: use wrapped package as system steam
|
2024-01-23 00:59:23 +00:00 |
stepmania.nix
|
programs: stepmania: sandbox
|
2024-02-25 18:26:32 +00:00 |
strings.nix
|
programs: strings: fix sandboxing
|
2024-02-16 15:32:41 +00:00 |
sublime-music.nix
|
programs: allow running binaries in a netns-style firejail
|
2024-01-20 11:11:12 +00:00 |
supertuxkart.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
swaylock.nix
|
sway: define without using nixos "programs.sway"
|
2024-02-15 14:25:27 +00:00 |
swaynotificationcenter.nix
|
swaynotificationcenter: update config/patches to be compatible with 0.10.0
|
2024-02-27 11:19:29 +00:00 |
tangram.nix
|
replace links/references to ~/private/FOO with just ~/FOO
|
2024-02-23 07:06:29 +00:00 |
tor-browser.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
tuba.nix
|
programs: messengers (fractal, signal, dino, tuba): add media libraries to the sandbox
|
2024-02-15 00:49:24 +00:00 |
vlc.nix
|
persistence: cleanup so it all works well with symlink-based stores
|
2024-02-23 13:09:44 +00:00 |
waylock.nix
|
programs: sandbox {s,}waylock lockscreen
|
2024-02-14 08:48:03 +00:00 |
wike.nix
|
programs: wike: sandbox: enable DRI to fix graphical glitches
|
2024-02-25 08:38:10 +00:00 |
wine.nix
|
remove samba from closure
|
2024-02-01 15:28:40 +00:00 |
wireplumber.nix
|
programs: wireplumber: sandbox
|
2024-02-25 17:11:48 +00:00 |
wireshark.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
xarchiver.nix
|
programs: xarchiver: sandbox
|
2024-02-18 07:07:29 +00:00 |
xdg-desktop-portal-gtk.nix
|
xdg-desktop-portal-{gtk,wlr}: start via service manager, with ordered deps, instead of letting dbus activate it for us
|
2024-02-19 13:44:23 +00:00 |
xdg-desktop-portal-wlr.nix
|
xdg-desktop-portal-{gtk,wlr}: start via service manager, with ordered deps, instead of letting dbus activate it for us
|
2024-02-19 13:44:23 +00:00 |
xdg-desktop-portal.nix
|
xdg-desktop-portal: link applications so that DynamicLauncher portal can work
|
2024-02-26 22:31:48 +00:00 |
xdg-utils.nix
|
xdg-utils: re-add mimetype package
|
2024-02-13 12:31:04 +00:00 |
zeal.nix
|
programs: zeal: disable sandboxing
|
2024-02-16 10:32:49 +00:00 |
zecwallet-lite.nix
|
programs: zecwallet-lite: move to own file
|
2024-01-01 15:17:51 +00:00 |