| .. |
|
conky
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
|
koreader
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
|
mimeo
|
programs: mimeo: dont sandbox
|
2024-02-14 01:51:26 +00:00 |
|
sway-autoscaler
|
programs (assorted): fix wantedBy = "default.target" to be more specific
|
2024-02-02 14:21:57 +00:00 |
|
waybar
|
programs: waybar: narrow the /run/user paths to just sway-ipc.sock
|
2024-02-15 14:40:01 +00:00 |
|
wob
|
programs: wob: sandbox with bwrap
|
2024-02-14 14:10:20 +00:00 |
|
zsh
|
programs: zsh: fix "switch" function to be friendly to sandboxing
|
2024-02-14 13:45:56 +00:00 |
|
abaddon.nix
|
programs (assorted): fix wantedBy = "default.target" to be more specific
|
2024-02-02 14:21:57 +00:00 |
|
aerc.nix
|
programs: sandboxing: enable net isolation for most sandboxed programs
|
2024-02-08 21:51:32 +00:00 |
|
alacritty.nix
|
alacritty: explicitly disable sandbox
|
2024-01-27 17:20:11 +00:00 |
|
animatch.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
|
assorted.nix
|
programs: binutils-unwrapped -> strings: distribute just the binary i care about
|
2024-02-16 14:57:25 +00:00 |
|
audacity.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
|
bemenu.nix
|
programs: bemenu: fix sandboxing
|
2024-02-15 14:33:20 +00:00 |
|
brave.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
|
bubblewrap.nix
|
bubblewrap: explicitly disable sandboxing
|
2024-01-27 17:20:40 +00:00 |
|
calls.nix
|
programs (assorted): fix wantedBy = "default.target" to be more specific
|
2024-02-02 14:21:57 +00:00 |
|
cantata.nix
|
persistence: move stores behind a byStore attr to support disabling persistence altogether (for e.g. rescue image)
|
2023-11-08 15:33:15 +00:00 |
|
catt.nix
|
programs: enable catt
|
2023-12-14 08:41:16 +00:00 |
|
chatty.nix
|
programs: allow running binaries in a netns-style firejail
|
2024-01-20 11:11:12 +00:00 |
|
cozy.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
|
default.nix
|
programs: binutils-unwrapped -> strings: distribute just the binary i care about
|
2024-02-16 14:57:25 +00:00 |
|
dialect.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
|
dino.nix
|
programs: messengers (fractal, signal, dino, tuba): add media libraries to the sandbox
|
2024-02-15 00:49:24 +00:00 |
|
element-desktop.nix
|
programs: messengers (fractal, signal, dino, tuba): add media libraries to the sandbox
|
2024-02-15 00:49:24 +00:00 |
|
epiphany.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
|
evince.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
|
feedbackd.nix
|
programs: feedbackd: sandbox w/ bwrap
|
2024-02-16 03:49:59 +00:00 |
|
firefox.nix
|
programs: firefox/fractal: document portal filechooser limitations
|
2024-02-16 05:49:56 +00:00 |
|
flare-signal.nix
|
programs: allow running binaries in a netns-style firejail
|
2024-01-20 11:11:12 +00:00 |
|
fontconfig.nix
|
programs: fontconfig: sandbox
|
2024-02-15 18:26:45 +00:00 |
|
fractal.nix
|
programs: firefox/fractal: document portal filechooser limitations
|
2024-02-16 05:49:56 +00:00 |
|
frozen-bubble.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
|
fwupd.nix
|
fwupd: define as a sane.program
|
2023-08-04 07:35:13 +00:00 |
|
g4music.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
|
gajim.nix
|
persistence: move stores behind a byStore attr to support disabling persistence altogether (for e.g. rescue image)
|
2023-11-08 15:33:15 +00:00 |
|
geary.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
|
git.nix
|
programs: git: fix failing sandbox build
|
2024-02-16 03:16:46 +00:00 |
|
gnome-feeds.nix
|
programs: remove wantedBy from the fs, and make it implicit
|
2023-05-08 21:41:02 +00:00 |
|
gnome-keyring.nix
|
docs: gnome-keyring: point out that system gnome-keyring doesn't inherit my sandboxing
|
2024-01-23 01:00:06 +00:00 |
|
gnome-weather.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
|
go2tv.nix
|
programs: assorted: convert /mnt/servo "extraPaths" into "extraHomePaths" where possible
|
2024-02-12 12:54:16 +00:00 |
|
gpodder.nix
|
programs: gpodder: fix to work in sandbox (add dbus)
|
2024-02-16 06:07:46 +00:00 |
|
gthumb.nix
|
programs: allow running binaries in a netns-style firejail
|
2024-01-20 11:11:12 +00:00 |
|
gtkcord4.nix
|
programs: messengers (fractal, signal, dino, tuba): add media libraries to the sandbox
|
2024-02-15 00:49:24 +00:00 |
|
handbrake.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
|
helix.nix
|
persistence: move stores behind a byStore attr to support disabling persistence altogether (for e.g. rescue image)
|
2023-11-08 15:33:15 +00:00 |
|
imagemagick.nix
|
programs: vim, imagemagick: fix sandboxing to consider uncreated files
|
2024-02-03 14:07:53 +00:00 |
|
jellyfin-media-player.nix
|
programs: allow running binaries in a netns-style firejail
|
2024-01-20 11:11:12 +00:00 |
|
kdenlive.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
|
komikku.nix
|
programs: komikku: add dbus to the sandbox to fix it
|
2024-02-15 11:58:08 +00:00 |
|
lemoa.nix
|
programs: lemoa: sandbox
|
2024-02-16 05:32:22 +00:00 |
|
libreoffice.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
|
loupe.nix
|
programs: loupe: remove the dbus services to make it work with Firefox
|
2024-02-15 11:36:24 +00:00 |
|
mako.nix
|
programs (assorted): fix wantedBy = "default.target" to be more specific
|
2024-02-02 14:21:57 +00:00 |
|
mepo.nix
|
persistence: move stores behind a byStore attr to support disabling persistence altogether (for e.g. rescue image)
|
2023-11-08 15:33:15 +00:00 |
|
mopidy.nix
|
programs: allow running binaries in a netns-style firejail
|
2024-01-20 11:11:12 +00:00 |
|
mpv.nix
|
programs: mpv: explicitly add Videos/servo, Books/servo to sandbox
|
2024-02-13 15:38:57 +00:00 |
|
msmtp.nix
|
programs: ship msmtp sendmail implementation
|
2023-07-01 00:28:59 +00:00 |
|
nautilus.nix
|
programs: waybar: fix battery indicator within sandbox
|
2024-02-15 10:35:24 +00:00 |
|
neovim.nix
|
programs: vim: support system copy/paste inside of sandbox
|
2024-02-14 09:11:31 +00:00 |
|
newsflash.nix
|
newsflash: enable podcasts/videos; document
|
2023-12-13 03:45:07 +00:00 |
|
nheko.nix
|
persistence: move stores behind a byStore attr to support disabling persistence altogether (for e.g. rescue image)
|
2023-11-08 15:33:15 +00:00 |
|
nicotine-plus.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
|
nix-index.nix
|
programs: nix-index: sandbox
|
2024-02-16 11:39:05 +00:00 |
|
notejot.nix
|
notejot: fix store typo
|
2023-12-12 07:55:18 +00:00 |
|
ntfy-sh.nix
|
modules/programs: enforce that user services don't accidentally override PATH
|
2024-02-12 08:44:55 +00:00 |
|
obsidian.nix
|
mime: support multiple implementors of the same association, with different priorities
|
2023-07-15 10:11:31 +00:00 |
|
offlineimap.nix
|
secrets: rename "universal" -> "common" to match the language of hosts/
|
2023-05-14 08:52:43 +00:00 |
|
open-in-mpv.nix
|
programs: open-in-mpv: document that upstream merged my PR
|
2024-02-15 11:38:37 +00:00 |
|
planify.nix
|
gui: add planify app
|
2023-12-19 22:31:14 +00:00 |
|
playerctl.nix
|
programs: don't include dbus in the sandbox by default
|
2024-02-13 11:58:33 +00:00 |
|
rhythmbox.nix
|
persistence: move stores behind a byStore attr to support disabling persistence altogether (for e.g. rescue image)
|
2023-11-08 15:33:15 +00:00 |
|
ripgrep.nix
|
ripgrep: move options out of assorted.nix into its own file
|
2024-01-29 12:57:56 +00:00 |
|
sfeed.nix
|
persistence: move stores behind a byStore attr to support disabling persistence altogether (for e.g. rescue image)
|
2023-11-08 15:33:15 +00:00 |
|
signal-desktop.nix
|
programs: messengers (fractal, signal, dino, tuba): add media libraries to the sandbox
|
2024-02-15 00:49:24 +00:00 |
|
splatmoji.nix
|
programs: splatmoji: document the sandboxing approach
|
2024-02-16 03:46:48 +00:00 |
|
spot.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
|
spotify.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
|
steam.nix
|
steam: use wrapped package as system steam
|
2024-01-23 00:59:23 +00:00 |
|
stepmania.nix
|
rearrange /mnt structure for host-based subdirs
|
2024-02-06 05:48:11 +00:00 |
|
strings.nix
|
programs: binutils-unwrapped -> strings: distribute just the binary i care about
|
2024-02-16 14:57:25 +00:00 |
|
sublime-music.nix
|
programs: allow running binaries in a netns-style firejail
|
2024-01-20 11:11:12 +00:00 |
|
supertuxkart.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
|
swaylock.nix
|
sway: define without using nixos "programs.sway"
|
2024-02-15 14:25:27 +00:00 |
|
swaynotificationcenter.nix
|
programs: swaync: sandbox
|
2024-02-15 16:38:38 +00:00 |
|
tangram.nix
|
programs: allow running binaries in a netns-style firejail
|
2024-01-20 11:11:12 +00:00 |
|
tor-browser.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
|
tuba.nix
|
programs: messengers (fractal, signal, dino, tuba): add media libraries to the sandbox
|
2024-02-15 00:49:24 +00:00 |
|
vlc.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
|
waylock.nix
|
programs: sandbox {s,}waylock lockscreen
|
2024-02-14 08:48:03 +00:00 |
|
wike.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
|
wine.nix
|
remove samba from closure
|
2024-02-01 15:28:40 +00:00 |
|
wireshark.nix
|
programs: sandboxing: only permit wayland socket access to those specific apps which require it
|
2024-02-14 01:49:49 +00:00 |
|
xarchiver.nix
|
programs: allow running binaries in a netns-style firejail
|
2024-01-20 11:11:12 +00:00 |
|
xdg-desktop-portal.nix
|
xdg-desktop-portal: disable sandbox
|
2024-02-15 18:23:40 +00:00 |
|
xdg-utils.nix
|
xdg-utils: re-add mimetype package
|
2024-02-13 12:31:04 +00:00 |
|
zeal.nix
|
programs: zeal: disable sandboxing
|
2024-02-16 10:32:49 +00:00 |
|
zecwallet-lite.nix
|
programs: zecwallet-lite: move to own file
|
2024-01-01 15:17:51 +00:00 |
