colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

todo.md: remove s6 and sops items (no longer relevant)

Browse Source
This commit is contained in:
Colin
2024-10-02 13:49:51 +00:00
parent 0b70948d08
commit fa4ff32ba7
1 changed files with 1 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
TODO.md
View File

@@ -28,8 +28,6 @@
- moby: bpf is effectively disabled? - moby: bpf is effectively disabled?
- `dmesg | grep 'systemd[1]: bpf-lsm: Failed to load BPF object: No such process'` - `dmesg | grep 'systemd[1]: bpf-lsm: Failed to load BPF object: No such process'`
- `dmesg | grep 'hid_bpf: error while preloading HID BPF dispatcher: -22'` - `dmesg | grep 'hid_bpf: error while preloading HID BPF dispatcher: -22'`
- `s6` is not re-entrant
- so if the desktop crashes, the login process from `unl0kr` fails to re-launch the GUI
- newflash on moby can't play videos - newflash on moby can't play videos
- "open in browser" works though -- in mpv - "open in browser" works though -- in mpv
- gnome-maps can't use geoclue *and* openstreetmap at the same time - gnome-maps can't use geoclue *and* openstreetmap at the same time
@@ -48,8 +46,6 @@
- don't hardcode IP addresses so much in servo - don't hardcode IP addresses so much in servo
### sops/secrets ### sops/secrets
- rework secrets to leverage `sane.fs`
- remove sops activation script as it's covered by my systemd sane.fs impl
- user secrets could just use `gocryptfs`, like with ~/private? - user secrets could just use `gocryptfs`, like with ~/private?
- can gocryptfs support nested filesystems, each with different perms (for desko, moby, etc)? - can gocryptfs support nested filesystems, each with different perms (for desko, moby, etc)?
@@ -91,6 +87,7 @@
- lock down dbus calls within the sandbox - lock down dbus calls within the sandbox
- otherwise anyone can `systemd-run --user ...` to potentially escape a sandbox - otherwise anyone can `systemd-run --user ...` to potentially escape a sandbox
- <https://github.com/flatpak/xdg-dbus-proxy> - <https://github.com/flatpak/xdg-dbus-proxy>
- maybe if i connect everything to the _system_ bus i can gate interactions via polkit?
- make dconf stuff less monolithic - make dconf stuff less monolithic
- i.e. per-app dconf profiles for those which need it. possible static config. - i.e. per-app dconf profiles for those which need it. possible static config.
- flatpak/spectrum has some stuff to proxy dconf per-app - flatpak/spectrum has some stuff to proxy dconf per-app