2023-05-26 05:58:08 +00:00
|
|
|
## BUGS
|
2024-05-16 04:39:35 +00:00
|
|
|
- moby: megapixels doesn't load in sandbox
|
|
|
|
- when moby wlan is explicitly set down (via ip link set wlan0 down), /var/lib/trust-dns/dhcp-configs doesn't get reset
|
2024-05-18 09:43:53 +00:00
|
|
|
- `ip monitor` can detect those manual link state changes (NM-dispatcher it seems cannot)
|
|
|
|
- or try dnsmasq?
|
2024-05-16 04:39:35 +00:00
|
|
|
- trust-dns: can't recursively resolve api.mangadex.org
|
|
|
|
- and *sometimes* apple.com fails
|
2024-05-20 05:09:59 +00:00
|
|
|
- wg-ovpnd-* interfaces don't work, because i use the same keys across all hosts...
|
|
|
|
- and if i had them differ and simultaneously online, then i'd exceed the OVPN machine count.
|
|
|
|
- i should at least have them be up'd only on-demand.
|
2024-05-17 03:21:11 +00:00
|
|
|
- sandbox: link cache means that if i update ~/.config/... files inline, sandboxed programs still see the old version
|
2024-05-24 06:42:23 +00:00
|
|
|
- mpv: audiocast has mpv sending its output to the builtin speakers unless manually changed
|
2024-04-13 20:30:30 +00:00
|
|
|
- mpv: no way to exit fullscreen video on moby
|
|
|
|
- uosc hides controls on FS, and touch doesn't support unhiding
|
2024-04-07 00:08:45 +00:00
|
|
|
- Signal restart loop drains battery
|
|
|
|
- decrease s6 restart time?
|
2024-04-09 18:38:04 +00:00
|
|
|
- `ssh` access doesn't grant same linux capabilities as login
|
2023-10-24 09:53:09 +00:00
|
|
|
- ringer (i.e. dino incoming call) doesn't prevent moby from sleeping
|
2024-03-30 20:31:02 +00:00
|
|
|
- sway mouse/kb hotplug doesn't work
|
2024-04-21 11:15:22 +00:00
|
|
|
- sysvol (volume overlay): when casting with `blast`, sysvol doesn't react to volume changes
|
2024-05-21 01:11:02 +00:00
|
|
|
- moby: kaslr is effectively disabled
|
|
|
|
- `dmesg | grep "KASLR disabled due to lack of seed"`
|
|
|
|
- fix by adding `kaslrseed` to uboot script before `booti`
|
|
|
|
- <https://github.com/armbian/build/pull/4352>
|
|
|
|
- not sure how that's supposed to work with tow-boot; maybe i should just update tow-boot
|
2024-05-21 10:10:48 +00:00
|
|
|
- moby: bpf is effectively disabled?
|
|
|
|
- `dmesg | grep 'systemd[1]: bpf-lsm: Failed to load BPF object: No such process'`
|
|
|
|
- `dmesg | grep 'hid_bpf: error while preloading HID BPF dispatcher: -22'`
|
2023-05-26 05:58:08 +00:00
|
|
|
|
2023-05-16 11:24:34 +00:00
|
|
|
## REFACTORING:
|
2024-04-09 06:43:55 +00:00
|
|
|
- REMOVE DEPRECATED `crypt` from sftpgo_auth_hook
|
2024-02-06 06:08:06 +00:00
|
|
|
- consolidate ~/dev and ~/ref
|
|
|
|
- ~/dev becomes a link to ~/ref/cat/mine
|
2023-11-23 03:56:00 +00:00
|
|
|
- fold hosts/common/home/ssh.nix -> hosts/common/users/colin.nix
|
2023-11-23 01:27:28 +00:00
|
|
|
|
2023-05-13 10:04:46 +00:00
|
|
|
### sops/secrets
|
2023-05-14 09:58:49 +00:00
|
|
|
- rework secrets to leverage `sane.fs`
|
|
|
|
- remove sops activation script as it's covered by my systemd sane.fs impl
|
2024-03-01 20:31:57 +00:00
|
|
|
- user secrets could just use `gocryptfs`, like with ~/private?
|
|
|
|
- can gocryptfs support nested filesystems, each with different perms (for desko, moby, etc)?
|
2023-05-13 10:04:46 +00:00
|
|
|
|
|
|
|
### roles
|
|
|
|
- allow any host to take the role of `uninsane.org`
|
2023-08-22 06:41:26 +00:00
|
|
|
- will make it easier to test new services?
|
2023-05-13 10:04:46 +00:00
|
|
|
|
2023-05-15 00:42:39 +00:00
|
|
|
### upstreaming
|
|
|
|
- add updateScripts to all my packages in nixpkgs
|
|
|
|
|
2023-08-28 09:36:11 +00:00
|
|
|
#### upstreaming to non-nixpkgs repos
|
|
|
|
- gtk: build schemas even on cross compilation: <https://github.com/NixOS/nixpkgs/pull/247844>
|
|
|
|
|
2023-05-15 00:36:25 +00:00
|
|
|
|
2023-05-16 11:24:34 +00:00
|
|
|
## IMPROVEMENTS:
|
2024-05-16 04:39:35 +00:00
|
|
|
- systemd/journalctl: use a less shit pager
|
|
|
|
- there's an env var for it: SYSTEMD_PAGER? and a flag for journalctl
|
|
|
|
|
2023-05-14 02:08:09 +00:00
|
|
|
### security/resilience
|
|
|
|
- validate duplicity backups!
|
|
|
|
- encrypt more ~ dirs (~/archives, ~/records, ..?)
|
2023-08-22 06:41:26 +00:00
|
|
|
- best to do this after i know for sure i have good backups
|
2024-02-15 10:35:24 +00:00
|
|
|
- /mnt/desko/home, etc, shouldn't include secrets (~/private)
|
|
|
|
- 95% of its use is for remote media access and stuff which isn't in VCS (~/records)
|
2024-01-26 09:13:46 +00:00
|
|
|
- port all sane.programs to be sandboxed
|
2024-01-31 16:28:56 +00:00
|
|
|
- enforce that all `environment.packages` has a sandbox profile (or explicitly opts out)
|
2024-02-16 06:18:11 +00:00
|
|
|
- revisit "non-sandboxable" apps and check that i'm not actually just missing mountpoints
|
|
|
|
- LL_FS_RW=/ isn't enough -- need all mount points like `=/:/proc:/sys:...`.
|
|
|
|
- ensure non-bin package outputs are linked for sandboxed apps
|
|
|
|
- i.e. `outputs.man`, `outputs.debug`, `outputs.doc`, ...
|
2024-01-26 09:13:46 +00:00
|
|
|
- lock down dbus calls within the sandbox
|
|
|
|
- otherwise anyone can `systemd-run --user ...` to potentially escape a sandbox
|
|
|
|
- <https://github.com/flatpak/xdg-dbus-proxy>
|
2024-01-22 02:04:32 +00:00
|
|
|
- remove `.ssh` access from Firefox!
|
2024-02-23 06:07:44 +00:00
|
|
|
- limit access to `~/knowledge/secrets` through an agent that requires GUI approval, so a firefox exploit can't steal all my logins
|
2024-05-15 01:41:40 +00:00
|
|
|
- port sanebox to a compiled language (hare?)
|
2024-02-16 06:18:11 +00:00
|
|
|
- it adds like 50-70ms launch time _on my laptop_. i'd hate to know how much that is on the pinephone.
|
2024-03-01 21:32:01 +00:00
|
|
|
- remove /run/wrappers from the sandbox path
|
|
|
|
- they're mostly useless when using no-new-privs, just an opportunity to forget to specify deps
|
2024-02-05 18:33:03 +00:00
|
|
|
- make dconf stuff less monolithic
|
|
|
|
- i.e. per-app dconf profiles for those which need it. possible static config.
|
2023-05-14 02:08:09 +00:00
|
|
|
- canaries for important services
|
2023-08-22 06:41:26 +00:00
|
|
|
- e.g. daily email checks; daily backup checks
|
|
|
|
- integrate `nix check` into Gitea actions?
|
2023-05-13 10:04:46 +00:00
|
|
|
|
2023-05-15 00:36:25 +00:00
|
|
|
### user experience
|
2024-04-17 02:26:09 +00:00
|
|
|
- rofi: sort items case-insensitively
|
2024-03-06 06:25:14 +00:00
|
|
|
- xdg-desktop-portal shouldn't kill children on exit
|
|
|
|
- *maybe* a job for `setsid -f`?
|
2024-03-01 20:31:57 +00:00
|
|
|
- replace starship prompt with something more efficient
|
|
|
|
- watch `forkstat`: it does way too much
|
|
|
|
- cleanup waybar so that it's not invoking playerctl every 2 seconds
|
2023-09-19 10:10:12 +00:00
|
|
|
- install apps:
|
|
|
|
- display QR codes for WiFi endpoints: <https://linuxphoneapps.org/apps/noappid.wisperwind.wifi2qr/>
|
2023-11-13 23:53:15 +00:00
|
|
|
- shopping list (not in nixpkgs): <https://linuxphoneapps.org/apps/ro.hume.cosmin.shoppinglist/>
|
2023-11-13 00:14:21 +00:00
|
|
|
- offline Wikipedia (or, add to `wike`)
|
|
|
|
- offline docs viewer (gtk): <https://github.com/workbenchdev/Biblioteca>
|
2023-11-13 23:53:15 +00:00
|
|
|
- some type of games manager/launcher
|
|
|
|
- Gnome Highscore (retro games)?: <https://gitlab.gnome.org/World/highscore>
|
|
|
|
- better maps for mobile (Osmin (QtQuick)? Pure Maps (Qt/Kirigami)? Gnome Maps is improved in 45)
|
|
|
|
- note-taking app: <https://linuxphoneapps.org/categories/note-taking/>
|
|
|
|
- OSK overlay specifically for mobile gaming
|
|
|
|
- i.e. mock joysticks, for use with SuperTux and SuperTuxKart
|
|
|
|
- install mobile-friendly games:
|
2023-11-14 03:36:15 +00:00
|
|
|
- Shattered Pixel Dungeon (nixpkgs `shattered-pixel-dungeon`; doesn't cross-compile b/c openjdk/libIDL) <https://github.com/ebolalex/shattered-pixel-dungeon>
|
2023-11-13 23:53:15 +00:00
|
|
|
- UnCiv (Civ V clone; nixpkgs `unciv`; doesn't cross-compile): <https://github.com/yairm210/UnCiv>
|
|
|
|
- Simon Tatham's Puzzle Collection (not in nixpkgs) <https://git.tartarus.org/?p=simon/puzzles.git>
|
|
|
|
- Shootin Stars (Godot; not in nixpkgs) <https://gitlab.com/greenbeast/shootin-stars>
|
2023-12-07 10:38:44 +00:00
|
|
|
- numberlink (generic name for Flow Free). not packaged in Nix
|
|
|
|
- Neverball (https://neverball.org/screenshots.php). nix: as `neverball`
|
2024-02-05 21:46:09 +00:00
|
|
|
- blurble (https://linuxphoneapps.org/games/app.drey.blurble/). nix: not as of 2024-02-05
|
2024-04-13 15:55:06 +00:00
|
|
|
- Trivia Quiz (https://linuxphoneapps.org/games/io.github.nokse22.trivia-quiz/)
|
2024-04-17 02:26:09 +00:00
|
|
|
- sane-sync-music: remove empty dirs
|
2023-11-13 00:14:21 +00:00
|
|
|
|
|
|
|
#### moby
|
|
|
|
- fix cpuidle (gets better power consumption): <https://xnux.eu/log/077.html>
|
2024-03-01 20:31:57 +00:00
|
|
|
- moby: tune keyboard layout
|
2023-09-11 01:30:29 +00:00
|
|
|
- SwayNC:
|
|
|
|
- don't show MPRIS if no players detected
|
|
|
|
- this is a problem of playerctld, i guess
|
|
|
|
- add option to change audio output
|
2023-09-13 10:14:07 +00:00
|
|
|
- fix colors (red alert) to match overall theme
|
2023-08-22 08:53:55 +00:00
|
|
|
- moby: tune GPS
|
|
|
|
- run only geoclue, and not gpsd, to save power?
|
|
|
|
- tune QGPS setting in eg25-control, for less jitter?
|
|
|
|
- direct mepo to prefer gpsd, with fallback to geoclue, for better accuracy?
|
|
|
|
- configure geoclue to do some smoothing?
|
|
|
|
- manually do smoothing, as some layer between mepo and geoclue/gpsd?
|
2023-09-12 00:07:34 +00:00
|
|
|
- moby: show battery state on ssh login
|
2023-05-15 00:36:25 +00:00
|
|
|
- moby: improve gPodder launch time
|
2023-07-02 03:00:46 +00:00
|
|
|
- moby: theme GTK apps (i.e. non-adwaita styles)
|
|
|
|
- especially, make the menubar collapsible
|
2023-07-03 05:08:26 +00:00
|
|
|
- try Gradience tool specifically for theming adwaita? <https://linuxphoneapps.org/apps/com.github.gradienceteam.gradience/>
|
2023-09-11 01:30:29 +00:00
|
|
|
|
|
|
|
#### non-moby
|
2024-05-25 08:03:35 +00:00
|
|
|
- sane-tag-music: integrate `beets`/<https://beets.io/>
|
|
|
|
- this should be able to auto-tag a large part of my library
|
2023-11-10 17:34:15 +00:00
|
|
|
- RSS: integrate a paywall bypass
|
|
|
|
- e.g. self-hosted [ladder](https://github.com/everywall/ladder) (like 12ft.io)
|
2023-09-11 01:30:29 +00:00
|
|
|
- neovim: set up language server (lsp; rnix-lsp; nvim-lspconfig)
|
2024-03-01 20:31:57 +00:00
|
|
|
- neovim: integrate LLMs
|
2023-09-11 01:30:29 +00:00
|
|
|
- Helix: make copy-to-system clipboard be the default
|
|
|
|
- firefox/librewolf: persist history
|
|
|
|
- just not cookies or tabs
|
2023-05-15 00:38:32 +00:00
|
|
|
- package Nix/NixOS docs for Zeal
|
2023-08-22 06:41:26 +00:00
|
|
|
- install [doc-browser](https://github.com/qwfy/doc-browser)
|
|
|
|
- this supports both dash (zeal) *and* the datasets from <https://devdocs.io> (which includes nix!)
|
|
|
|
- install [devhelp](https://wiki.gnome.org/Apps/Devhelp) (gnome)
|
2023-05-17 00:26:18 +00:00
|
|
|
- have xdg-open parse `<repo:...> URIs (or adjust them so that it _can_ parse)
|
2023-06-07 23:57:32 +00:00
|
|
|
- sane-bt-search: show details like 5.1 vs stereo, h264 vs h265
|
2023-09-19 14:23:32 +00:00
|
|
|
- maybe just color these "keywords" in all search results?
|
2023-07-02 02:54:07 +00:00
|
|
|
- uninsane.org: make URLs relative to allow local use (and as offline homepage)
|
2023-07-01 00:57:36 +00:00
|
|
|
- email: fix so that local mail doesn't go to junk
|
|
|
|
- git sendmail flow adds the DKIM signatures, but gets delivered locally w/o having the sig checked, so goes into Junk
|
|
|
|
- could change junk filter from "no DKIM success" to explicit "DKIM failed"
|
2023-05-15 00:36:25 +00:00
|
|
|
|
2023-05-13 12:52:45 +00:00
|
|
|
### perf
|
2024-01-28 05:55:32 +00:00
|
|
|
- debug nixos-rebuild times
|
2023-07-21 09:13:15 +00:00
|
|
|
- add `pkgs.impure-cached.<foo>` package set to build things with ccache enabled
|
2023-08-22 06:41:26 +00:00
|
|
|
- every package here can be auto-generated, and marked with some env var so that it doesn't pollute the pure package set
|
|
|
|
- would be super handy for package prototyping!
|
2023-05-13 10:04:46 +00:00
|
|
|
|
2023-05-16 11:24:34 +00:00
|
|
|
## NEW FEATURES:
|
2023-05-13 10:04:46 +00:00
|
|
|
- migrate MAME cabinet to nix
|
2023-08-22 06:41:26 +00:00
|
|
|
- boot it from PXE from servo?
|
2023-05-17 08:49:06 +00:00
|
|
|
- enable IPv6
|