foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-01-31 16:57:55 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
2,920 Commits 2 Branches 1 Tag 10 MiB
18e30ed70c
Commit Graph

30 Commits

Author SHA1 Message Date
Gabriel Arazas
c52c7f49f6
wrapper-manager/sandboxing: update modules 2024-09-04 14:28:53 +08:00
Gabriel Arazas
8cdb1921ce
wrapper-manager/sandboxing/bubblewrap: update launcher and add changelog to subproject 2024-09-04 14:28:04 +08:00
Gabriel Arazas
5ffcfc2070
wrapper-manager/sandboxing/bubblewrap: add dbus-proxy-specific bwrap arguments to the launcher 2024-08-15 12:15:57 +08:00
Gabriel Arazas
11e7d52350
wrapper-manager/sandboxing/bubblewrap: fix escaping arguments and launcher 
The makeWrapper arguments are not escaped anymore for the binary wrapper
that automatically does this anyways.
 2024-08-12 15:34:23 +08:00
Gabriel Arazas
20b483fda4
wrapper-manager/sandboxing/bubblewrap: fix options 2024-08-10 21:28:01 +08:00
Gabriel Arazas
456c5e771c
wrapper-manager/sandboxing/bubblewrap: add sysfs ro-binds as part of launcher optimizations 2024-08-10 21:27:29 +08:00
Gabriel Arazas
7d0ee596f2
wrapper-manager/sandboxing/bubblewrap: update launcher script 2024-08-06 11:17:56 +08:00
Gabriel Arazas
99b13543ae
wrapper-manager/sandboxing/bubblewrap: update default values 2024-08-06 11:17:22 +08:00
Gabriel Arazas
7524d87b49
wrapper-manager/sandboxing/bubblewrap: update closure path mount binds 
It could be done by removing the string context but it is more tedious
to maintain in the long run so it would be best to have them separate.
 2024-08-06 11:06:28 +08:00
Gabriel Arazas
c127b79eb1
wrapper-manager/sandboxing/bubblewrap: add destination to filesystem submodule 2024-08-06 11:04:34 +08:00
Gabriel Arazas
f58675d0f9
wrapper-manager/sandboxing/bubblewrap: enable sharing of entire Nix store by default 2024-08-06 11:02:42 +08:00
Gabriel Arazas
5773481ce0
wrapper-manager/sandboxing/bubblewrap: add option to bundle certificates from nixpkgs 2024-08-06 11:00:00 +08:00
Gabriel Arazas
a6c8213d57
wrapper-manager/sandboxing/bubblewrap: fix setting of global-wide config values for individual wrappers 
May cause subtle bugs especially with compound value types such as
`attrsOf` and `listOf`.
 2024-08-05 19:32:46 +08:00
Gabriel Arazas
73a6dba219
wrapper-manager/sandboxing/bubblewrap: fix filesystem path types 
To enable arguments containing environment variables but at the cost of
lack of validation. I'm fine with this.
 2024-08-05 19:07:29 +08:00
Gabriel Arazas
3a4833d46d
wrapper-manager/sandboxing/bubblewrap: init launcher submodule 
At the end of the day, I decided to make it in nixpkgs' runtime shell
(GNU Bash) instead of Rust because it'll be a pain in the ass.
 2024-08-05 18:42:12 +08:00
Gabriel Arazas
3c56efb777
wrapper-manager/sandboxing: change to arg0 for wraparound for consistency 2024-08-01 12:10:19 +08:00
Gabriel Arazas
9428bc0472
wrapper-manager/sandboxing: update comments and description 2024-08-01 09:01:05 +08:00
Gabriel Arazas
456ca00636
modules: update comments and description 2024-07-31 13:29:51 +08:00
Gabriel Arazas
55eb5fd831
wrapper-manager/sandboxing: fix options to be applied correctly 
Especially for composite values like in lists or attrsets.
 2024-07-30 11:52:31 +08:00
Gabriel Arazas
0d32b27571
wrapper-manager/sandboxing/bubblewrap: refactor and update 2024-07-29 19:04:45 +08:00
Gabriel Arazas
7ba31a2e75
wrapper-manager/sandboxing: add wraparound under namespace 
Each wrapper represents one... wrapper anyways so it is fine to have
this. If nothing else applies, you could still make the specific
sandboxing module to have its own wraparound option namespace. That
practice should be discouraged though.
 2024-07-29 16:39:59 +08:00
Gabriel Arazas
4262ccfa89
wrapper-manager: make modules and library set up-to-date 2024-07-27 21:22:55 +08:00
Gabriel Arazas
99e272efa9
wrapper-manager/sandboxing/bubblewrap: fix dbus submodule 
We really have to have some testing infrastructure in this project. :(
 2024-07-27 20:03:32 +08:00
Gabriel Arazas
193d587d07
wrapper-manager/sandboxing/bubblewrap: move sharing Nix store to filesystem submodule and add option for binding certain Nix store paths 2024-07-27 20:02:50 +08:00
Gabriel Arazas
971d786b81
wrapper-manager/sandboxing/bubblewrap: add option for ensuring dying with parent 2024-07-27 11:46:51 +08:00
Gabriel Arazas
34f086a6a5
wrapper-manager/sandboxing/bubblewrap: revise filesystem submodule 2024-07-27 11:46:15 +08:00
Gabriel Arazas
50e7d29620
wrapper-manager/sandboxing/bubblewrap: fix config 2024-07-27 11:44:44 +08:00
Gabriel Arazas
bf51e0dcde
wrapper-manager/sandboxing/bubblewrap: add filesystem integration 
Also untested.
 2024-07-26 16:12:57 +08:00
Gabriel Arazas
22ecf7726e
wrapper-manager/sandboxing/bubblewrap: add D-Bus integration 
With xdg-dbus-proxy for filtering.

Also, as of writing, we have no internet so there's basically no testing
done here :)
 2024-07-26 15:56:16 +08:00
Gabriel Arazas
d633fc2b38
wrapper-manager/sandboxing/bubblewrap: init prototype 
Not complete, just its options for now. We might even go into the
direction of NixPak and nix-bubblewrap creating our own specialized
launcher.
 2024-07-26 15:41:49 +08:00