|
|
46bf7c5ac9
|
nixpkgs: 2024-07-06 -> 2024-07-07
|
2024-07-08 05:38:44 +00:00 |
|
|
|
6824080f6b
|
avahi: fix broken sandboxing
|
2024-07-06 03:08:36 +00:00 |
|
|
|
3c53bca156
|
vpn: log a message whenever the endpoint is updated
only as i'm actively working in this area. hopefully this log message can be less noisy in the future
|
2024-07-06 03:03:38 +00:00 |
|
|
|
5048bd8d70
|
sanebox: fix that pasta-sandboxed programs would fail compile-time sandboxing test
|
2024-07-05 20:41:28 +00:00 |
|
|
|
a12aa02655
|
sane.programs: provide sandbox.net = "vpn.wg-home" to tunnel through my home ISP
|
2024-07-05 20:18:34 +00:00 |
|
|
|
6d66a5dbf8
|
vpn: add a service to auto-refresh wireguard endpoints
|
2024-07-05 20:06:16 +00:00 |
|
|
|
5d80e298b5
|
wg-home: deploy so as to be compatible with sane-vpn (e.g., route *WAN* traffic through it)
|
2024-07-05 18:45:26 +00:00 |
|
|
|
823f8f2be3
|
feeds: subscribe to FLOSS Weekly
|
2024-07-04 13:34:48 +00:00 |
|
|
|
e72f9be1bf
|
feeds: subscribe to Sharp Tech
|
2024-07-04 13:23:36 +00:00 |
|
|
|
24ed242bac
|
servo: fix warning for getExe and iptables
|
2024-07-04 12:43:02 +00:00 |
|
|
|
e82feb9f71
|
make-sandboxed: migrate to binary wrapper
|
2024-07-03 19:35:56 +00:00 |
|
|
|
4839a40205
|
make-sandboxed: use makeWrapper proper, rather than rolling my own
i can't use the _binary_ wrapper unless i use a fully-qualified path to 'sanebox' or hide it behind something like /usr/bin/env
|
2024-07-03 17:54:38 +00:00 |
|
|
|
e9c51eddb3
|
feeds: subscribe to Matt Stoller
|
2024-07-01 07:33:41 +00:00 |
|
|
|
9b8c461ce9
|
dont treat python packages specially: lift all python packages out of python-packages/ subdir; remove pyPkgs arg from static-nix-shell.mkPython3
|
2024-06-27 11:28:17 +00:00 |
|
|
|
f54f1c57bc
|
avahi: integrate with nss
now i can resolve .local hosts, via glibc, e.g. 'getent hosts <host>.local'
|
2024-06-27 06:18:48 +00:00 |
|
|
|
98d6439f2a
|
modules/warnings: add a way to bypass module-level assertions as well
|
2024-06-27 06:17:53 +00:00 |
|
|
|
5d1c52d0bc
|
feeds: add buttondown.email
|
2024-06-24 17:05:10 +00:00 |
|
|
|
845dba3ca5
|
modules/vpn: fix deprecation warnings
|
2024-06-22 03:35:41 +00:00 |
|
|
|
09a615ee62
|
netns: factor the netns setup/teardown into distinct services, rather than trying to piggyback network-local-commands
idk what network-local-commands is about, nor network-pre.target.
network-pre.target doesn't seem to actually be wanted by anything (?)
|
2024-06-18 10:36:08 +00:00 |
|
|
|
f9091c0b0c
|
netns: ensure that network.target depends on network-pre.target (why doesnt it by default?)
this should fix that servo tries to start wg-ovpns before the netns is configured
|
2024-06-18 09:07:40 +00:00 |
|
|
|
39a39e763d
|
trust-dns: hack to substitute ANATIVE before anything else
|
2024-06-17 22:44:43 +00:00 |
|
|
|
0d99293b2f
|
servo: split the doof/ovpns netns config into its own module
a big thing this gets me is that the attributes (like IP addresses) are now accessible via 'config' an i won't have to hardcode them so much
|
2024-06-17 09:25:10 +00:00 |
|
|
|
b0ee12ba7b
|
modules/users: export HOME in environment.d because some services (nwg-panel) need it
|
2024-06-16 06:01:20 +00:00 |
|
|
|
c50a4d1d71
|
static-nix-shell: fix mkBash scripts to actually be invokable from the CLI
they need the `bash` package! how did this work before?
|
2024-06-15 07:42:04 +00:00 |
|
|
|
330a64d820
|
feeds: add xorvoid.com
|
2024-06-13 04:46:12 +00:00 |
|
|
|
6d1db1ee67
|
feeds: update metadata
|
2024-06-13 03:03:15 +00:00 |
|
|
|
46e9d5f758
|
programs: fix s6 deps when dbus isnt enabled
|
2024-06-12 07:11:41 +00:00 |
|
|
|
11cdac0357
|
mobile-nixos: import by fetchFromGitHub instead of via flake
|
2024-06-07 21:15:54 +00:00 |
|
|
|
1dd10450f2
|
modules/image: remove extraneous sane.image.enable option
|
2024-06-07 07:42:47 +00:00 |
|
|
|
52a0e8cf53
|
modules/hal/samsung: init
this can be used to get baseline support for samsung exynos5 chromebook
i should probably rename it, in time
|
2024-06-07 07:33:46 +00:00 |
|
|
|
d75f59ba06
|
modules/image: increase the default boot partition size from 512 MiB -> 1024 MiB
|
2024-06-07 07:29:50 +00:00 |
|
|
|
aa0a395353
|
nit: fix image output to be a file, not an item inside a folder
|
2024-06-07 07:28:56 +00:00 |
|
|
|
3aa2ece59b
|
modules/programs: convert lib.optionalAttrs to mkIf
this allows stuff to be lazier
|
2024-06-07 07:26:07 +00:00 |
|
|
|
45e121eb1c
|
make-sandboxed: preserve meta.mainProgram
|
2024-06-01 20:01:24 +00:00 |
|
|
|
f0128b9496
|
apply patch for when trust-dns is renamed to hickory-dns
|
2024-06-01 17:07:44 +00:00 |
|
|
|
cb1d5d53c6
|
feeds: add mintcast podcast
|
2024-06-01 16:28:42 +00:00 |
|
|
|
36f4fa3018
|
checkSandboxed: fix so that cross-built scripts can be checked again
how did this work earlier? does lappy have binfmt enabled??
|
2024-06-01 13:24:41 +00:00 |
|
|
|
f875db916d
|
sandboxing: fix checkSandboxed to handle packages with multiple outputs
|
2024-06-01 12:12:46 +00:00 |
|
|
|
f296d8df93
|
make-sandboxed: fix multi-output packages and sandbox *all* their outputs
this mostly applies to the wrapperType = 'inplace' users
|
2024-05-31 23:26:16 +00:00 |
|
|
|
0bb887158b
|
implement a dropbear SSH module
|
2024-05-30 20:58:01 +00:00 |
|
|
|
4c84d1a727
|
doc: modules/users: show what XDG_SESSION_{ID,CLASS,TYPE} could look like if set
|
2024-05-30 08:44:26 +00:00 |
|
|
|
4aeb3360d3
|
cleanup: programs: dont assume sway is always the wayland/x11 provider
|
2024-05-30 06:00:32 +00:00 |
|
|
|
0c456d11d8
|
programs: ensure things which depend on sound or wayland are ordered after it
|
2024-05-30 04:55:05 +00:00 |
|
|
|
3b73773169
|
programs: ensure things which depend on dbus are ordered after it
|
2024-05-30 03:48:45 +00:00 |
|
|
|
9ba8ff738b
|
refactor: sane.programs.$foo.service: specify type concretely
|
2024-05-30 03:39:32 +00:00 |
|
|
|
c5c174f988
|
sway: patch to use a narrower sandbox
|
2024-05-29 18:24:59 +00:00 |
|
|
|
d4dfcd6510
|
login: remove systemd pam integration (so it doesnt try, and fail, to start the user manager)
|
2024-05-29 15:42:39 +00:00 |
|
|
|
d865be952a
|
refactor: sandboxing: replace manual --sanebox-keep-namespace pid config with isolatePids = false
|
2024-05-29 12:56:46 +00:00 |
|
|
|
00d06db66a
|
make-sandboxed: handle more systemd service files
|
2024-05-29 12:54:44 +00:00 |
|
|
|
b88467771e
|
doc: trust-dns: fix wan.txt example path
|
2024-05-29 09:33:59 +00:00 |
|
