colin
/
nix-files
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
6,209 Commits 119 Branches 0 Tags 14 MiB
Commit Graph

1247 Commits

Author SHA1 Message Date
Colin 057b9e3fed replace links/references to ~/private/FOO with just ~/FOO 2024-02-23 07:06:29 +00:00
Colin 170eeeacc4 programs: dereference not just the leaf, but any part of the path, when determining a program's sandbox closure 2024-02-23 07:06:29 +00:00
Colin a402822084 move "private" store to /mnt/persist/private instead of ~/private 
this will allow me to add all of ~ to a sandbox without giving all of ~/private
 2024-02-23 07:06:29 +00:00
Colin 80ecdcc4f9 persist: plaintext: consider "/mnt/persist/plaintext" as the logical root, and abstract away "/nix/persist" 2024-02-23 07:06:29 +00:00
Colin 0864790bb7 docs: modules/persist: document the "origin" store parameter 2024-02-23 07:06:29 +00:00
Colin 478747a96e modules/persist: change default mounting method to symlink 
this changes the plaintext and cryptClearOnBoot stores: private was already symlink-based.
this isn't strictly necessary: the rationale is:
1. `mount` syscall *requires* CAP_SYS_ADMIN (i.e. superuser/suid).
   that's causing problems with sandboxing, particularly ~/private.
   that doesn't affect other stores *yet*, but it may in the future.
2. visibility. i.e. it makes *clear* where anything is persisted.
   if `realpath` doesn't evaluate to `/nix/persist`, then it's not
   persisted.
 2024-02-23 07:06:29 +00:00
Colin 2a528a5d8e sane-sandboxed: leave a note about future mount work 2024-02-21 16:08:42 +00:00
Colin c6470918de types.string -> types.str 2024-02-21 00:25:44 +00:00
Colin bb569b1668 sane-vpn: port away from systemd so that i can use it as an ordinary user (no sudo) 2024-02-20 22:21:02 +00:00
Colin 34524ea3e4 modules/vpn: fix the vpn-* systemd services 2024-02-20 20:40:46 +00:00
Colin d7be5da483 warnings.nix: port to a proper module 2024-02-20 11:19:12 +00:00
Colin 34dedcff57 modules/programs: sane-sandboxed: fix normPath handling of paths containing special characters like [ 2024-02-19 15:32:23 +00:00
Colin 95cb5624ca modules/programs: sane-sandboxed: fix but that --sane-sandbox-path / wasnt being canonicalized 2024-02-18 13:53:53 +00:00
Colin 600f6eb56c modules/programs: sane-sandboxed: remove all remaining forks/subshells 
launchtime for firefox in bwrap is about 65ms; 35ms for --sane-sandbox-method none
 2024-02-18 13:15:04 +00:00
Colin fd6f8493a7 modules/programs: sane-sandboxed: remove all forking from normPath 
reduces time for librewolf benchmark from 90ms -> 65ms. there's still _some_ forking in this script, but it's constant now.
 2024-02-18 12:25:03 +00:00
Colin f10f1ee7b1 modules/programs: sane-sandboxed: optimize "normPath" to not invoke subshells 
each subshell causes like 5ms just on my laptop, which really adds up.
this implementation still forks internally, but doesn't exec.
runtime decreases from 150ms -> 90ms for
`time librewolf --sane-sandbox-replace-cli true`
 2024-02-18 12:08:23 +00:00
Colin cef2591425 modules/programs: sane-sandboxed: capshonly/landlock: don't request capabilities we know won't be granted 2024-02-17 16:30:18 +00:00
Colin 4ced02b0b2 modules/programs: make-sandboxed: fix incorrect "priority" attribute 2024-02-17 03:32:49 +00:00
Colin 029ba43bd6 modules/programs: sane-sandboxed: invoke "capsh" with the --no-new-privs argument 2024-02-16 05:48:50 +00:00
Colin 8c9c6ec979 modules/programs: make-sandboxed: support /libexec binaries 2024-02-16 03:15:45 +00:00
Colin 1edb1fc8b6 modules/programs: sane-sandboxed: avoid adding the sandbox implementation to $PATH 2024-02-15 17:58:22 +00:00
Colin 8d20dcadd1 modules/programs: sane-sandboxed: add --sane-sandbox-keep-pidspace flag 2024-02-15 15:05:28 +00:00
Colin c943442c94 modules/programs: sane-sandboxed: add --sane-sandbox-method none for benchmarking 2024-02-15 13:13:39 +00:00
Colin 02dd629616 modules/programs: sane-sandboxed: rework so portal env vars arent set when sandbox is disabled 
and by setting them only at launch time we aid introspectability/debugging
 2024-02-15 11:57:36 +00:00
Colin 5f1036118f modules/programs: sandboxing: add a "whitelistX" option 2024-02-15 00:09:16 +00:00
Colin 22ca253ae0 modules/programs: better document the `env` option 2024-02-14 11:08:43 +00:00
Colin 8b32f2f231 modules/programs: add support for 'autodetectCliPaths = parent' 2024-02-14 04:31:59 +00:00
Colin 080bd856ec programs: sandboxing: only permit wayland socket access to those specific apps which require it 2024-02-14 01:49:49 +00:00
Colin 548a95a7e1 modules/programs: sandboxing: unshare ipc/cgroup/uts by default 2024-02-14 01:48:59 +00:00
Colin 34b148f6cc modules/programs: allow specifying perlPackages members as programs, as i do with python3Packages, etc 2024-02-13 12:31:04 +00:00
Colin 1a18ed533b programs: don't include dbus in the sandbox by default 2024-02-13 11:58:33 +00:00
Colin 6eaaeeb91a programs: remove audio from the sandbox by default 2024-02-13 11:14:38 +00:00
Colin bb68506839 modules/programs: add separate "user" v.s. "system" options for whitelistDbus 2024-02-13 10:55:10 +00:00
Colin 126f3e4922 programs: sandboxing: restrict /run/user dir to just dbus/pipewire/pulse/wayland, by default 2024-02-13 10:28:30 +00:00
Colin 73afceb8c6 modules/programs: sandbox: add `whitelistWayland` option 2024-02-13 10:24:35 +00:00
Colin 27fd81ad80 modules/programs: add new options for whitelisting audio/dbus 2024-02-12 15:23:35 +00:00
Colin d82b4b0f62 modules/programs: sane-sandboxed: reorder the --sane-sandbox-profile-dir arg so it takes precedence 2024-02-12 14:56:48 +00:00
Colin 7b28023e08 modules/programs: re-introduce the "withEmbeddedSandboxer" passthru attr 2024-02-12 14:27:48 +00:00
Colin 2b9db897a1 implement `sane.defaultUser` attr 2024-02-12 14:27:32 +00:00
Colin 6124cb9b36 modules/programs: sane-sandboxed: search for profiles in XDG_DATA_DIRS, not NIX_PROFILES 2024-02-12 13:16:48 +00:00
Colin b0394d877d modules/programs: rename allowedRootPaths -> allowedPaths 
now that allowedHomePaths doesn't exist
 2024-02-12 13:00:10 +00:00
Colin 14d8230821 modules/programs: sane-sandboxed: remove --sane-sandbox-home-path argument and plumbing 
no longer needed, and mixing this with root paths is liable to cause troubles at this point, around symlink dereferencing/canonicalization/etc
 2024-02-12 12:57:54 +00:00
Colin a90b5b53db modules/programs: sandboxing: dereference symlinks and also include those in the sandbox 2024-02-12 12:48:02 +00:00
Colin eee3e138ff modules/programs: sandboxing: allow specifying individual /run/user/$uid paths to expose to the sandbox 2024-02-12 12:18:59 +00:00
Colin f61cd17e99 modules/programs: sandboxing: specialize profiles per-user by expanding $HOME 2024-02-12 12:08:58 +00:00
Colin 3e0b0a0f02 modules/programs: make-sandboxed: lift profile creation logic out to the toplevel 2024-02-12 11:52:33 +00:00
Colin 2ee34e9af3 modules/profiles: remove sandbox.embedProfile option 
with upcoming refactors, this setting would force a different package to be installed per user, which doesn't mesh with the existing sane.programs infra
 2024-02-12 11:35:59 +00:00
Colin 7c05d221d6 modules/programs: split "make-sandbox-profile" out of "make-sandboxed" 2024-02-12 11:20:40 +00:00
Colin 93012664e5 modules/programs: simplify how sandbox profiles make it into system packages 2024-02-12 10:52:44 +00:00
Colin c424f7ac3b sane-sandboxed: load all profiles, not just the first one we find 
this allows some amount of overriding, or splitting profiles between system and user dirs
 2024-02-12 10:40:15 +00:00
Colin 088b6f1b9a sane-sandboxed: load profiles via $NIX_PROFILES env var 2024-02-12 10:37:26 +00:00
Colin 96575acf3a programs: sane-sandboxed: move parseArgsExtra to outer scope; improve docs 2024-02-12 10:28:14 +00:00
Colin e81df0ac86 modules/programs: enforce that user services don't accidentally override PATH 2024-02-12 08:44:55 +00:00
Colin 87050a0500 feeds: add "FullTimeNix" podcast :) 2024-02-12 00:09:49 +00:00
Colin 0861edd7f9 modules/programs: remove ~/.config/mimeo from sandbox defaults 2024-02-11 23:35:27 +00:00
Colin b6bf8720c9 modules/programs: implement --sane-sandbox-portal flag for apps which want to use the portal to open other apps 2024-02-11 23:32:24 +00:00
Colin 0d3adcdc5c modules: users: have user services inherit PATH from environment rather than forcibly overwriting it 2024-02-09 09:50:26 +00:00
Colin 9ac0e0e4fc modules/programs: put things in a pid namespace by default 2024-02-08 23:36:59 +00:00
Colin c9af5bf9b4 programs: sandboxing: enable net isolation for most sandboxed programs 2024-02-08 21:51:32 +00:00
Colin bc85169e3d programs: sandboxer: allow disable net access 2024-02-08 21:07:34 +00:00
Colin 0c050d1953 programs: fuzzel: fix overly-aggressive sandboxing 2024-02-06 20:10:29 +00:00
Colin 2fc1fe7510 modules/programs: make-sandboxed: fix that /share/* was being linked into top-level /; better way to enforce sandboxing of /share entries 2024-02-06 19:55:55 +00:00
Colin 5f8699fcef rearrange /mnt structure for host-based subdirs 
e.g. /mnt/servo/media, /mnt/desko/home, etc
 2024-02-06 05:48:11 +00:00
Colin d7612d5034 modules/programs: make-sandboxed: avoid deep-copying all of /share when sandboxing 
saves like 1 GiB of closure. but i haven't thoroughly tested this
 2024-02-06 05:02:02 +00:00
Colin ed3935318d feeds: subscribe to non-paywalled Matt Levine 2024-02-05 16:41:38 +00:00
Colin 413903d03c make-sandboxed: also embed profiles for the withEmbeddedSandboxer passthru pkg 2024-02-05 08:26:40 +00:00
Colin 4d51c34ad2 programs: allow `sane.strictSandboxing = "warn"` 2024-02-05 05:28:02 +00:00
Colin 3439ca34b8 sane-sandboxed: add more autodetect options, and a "withEmbeddedSandboxer" package output (for dev) 2024-02-03 00:17:24 +00:00
Colin 0ee9f2026c sane-sandboxed: hopefully fix a problem with path normalization for paths with spaces 2024-02-02 22:56:43 +00:00
Colin 5e3c2636db programs: make-sandboxed: handle packages which use relative links in bin (like spotify) 2024-02-02 22:38:36 +00:00
Colin 2bb9115f35 modules/programs: sandboxing: add "whitelistDri" option for gfx-intensive apps 2024-02-02 17:18:51 +00:00
Colin 065d045640 fix so sway inherits program env vars 2024-02-02 15:36:06 +00:00
Colin 567c7993b6 modules/programs: sandbox: allow mimeo config in any sandbox 2024-02-02 12:52:36 +00:00
Colin 00f995aec9 fixup landlock-sandboxer to work well for all systems 
downgrade lappy/desko/servo back to default linux; zfs doesn't support latest

build landlock-sandboxer against the specific kernel being deployed; it's less noisy that way
 2024-01-31 21:19:10 +00:00
Colin 881d2f79ed modules/programs: add "unchecked" passthru to aid debugging 2024-01-29 13:36:01 +00:00
Colin 47abdfb831 modules/programs: patch dbus-1 files to use sandboxed binaries 2024-01-29 13:09:43 +00:00
Colin 3831c6f087 TODO: fold 2024-01-29 13:07:44 +00:00
Colin 4f8d476ebf modules/programs: patch old /nix/store paths in .desktop files 2024-01-29 12:56:08 +00:00
Colin 7af970f38c modules/programs: extend wrapperType="wrappedDerivation" to handle common share/ items 2024-01-29 11:59:38 +00:00
Colin 32824cfade modules/programs: sandbox in a manner that's more compatible with link-heavy apps like busybox, git, etc 2024-01-29 09:56:30 +00:00
Colin 51fc61b211 sane-sandboxed: cleanup 2024-01-29 09:14:43 +00:00
Colin 7b9795ea3d modules/programs: implement `embedWrapper` option 2024-01-29 09:13:49 +00:00
Colin 5f3e481fe4 sane-sandboxed: refactor and avoid passing duplicate/subpaths into the sandbox 2024-01-29 07:15:02 +00:00
Colin 86219d7006 sane-sandboxed: simplify: consolidate homePaths and rootPaths into just "paths" 2024-01-29 05:43:10 +00:00
Colin 24c70c3683 feeds: switch acoup.blog to the database type feed 
at some point my feed script became capable of understanding his RSS :)
 2024-01-28 12:37:38 +00:00
Colin 294f167df0 sane-sandboxed: fix CLI escaping with capsh 2024-01-28 11:11:07 +00:00
Colin f100595257 modules/programs: properly forward autodetectCliPaths to the sandboxer 2024-01-28 10:31:07 +00:00
Colin e84da827c2 sane-sandboxed: fix typo in add-pwd flag 2024-01-28 09:17:12 +00:00
Colin 42f9fa029d modules/programs: fix that whitelistPwd wasnt passed into the sandbox profile 2024-01-28 09:04:27 +00:00
Colin 40fee97b06 modules/programs: make-sandboxed: disallowReferences to the fake sane-sandboxed used during checkPhase 2024-01-28 08:58:13 +00:00
Colin 3cc8292d8b modules/programs: make-sandboxed: support packages with checkPhase by bypassing the sandbox 2024-01-28 07:45:08 +00:00
Colin 9261d30a34 modules/programs: reformatting 2024-01-28 05:58:08 +00:00
Colin 3eb3a8db5a modules/programs: add a `whitelistPwd` option to grant the program access to the directory it was called from 2024-01-28 05:57:30 +00:00
Colin 97129268f0 modules/programs: sandbox: add "capshonly" as a valid sandbox.method 2024-01-28 05:57:11 +00:00
Colin 4d7414c941 programs: introduce and use "autodetectCliPaths" nix config 2024-01-27 17:19:48 +00:00
Colin a7d081bfcb modules/programs: add a sane.strictSandboxing option 2024-01-27 17:11:07 +00:00
Colin 5ca208d07f modules/programs: sandbox: add enable flag and capabilities structured config 2024-01-27 17:08:27 +00:00
Colin 26b978dcf2 modules/programs: sandbox: fix "inline" -> "inplace" typo 2024-01-27 14:42:25 +00:00
Colin d8b6d419b6 modules/programs: sandboxing: add `wrapperType = "wrappedDerivation"` to wrap without rebuilding the whole package 2024-01-27 14:26:41 +00:00
Colin a06c81643c sane-sandboxed: don't error if ~ files aren't available to be bound 2024-01-27 12:48:58 +00:00
Colin 15fd7bf4a5 sane-sandboxed: implement a "capshonly" backend 2024-01-27 12:39:36 +00:00
Colin a6b824d3c4 modules/programs/sandbox: add an "embedProfile" option to source sandbox settings from the package instead of the system 2024-01-27 12:23:25 +00:00
Colin 3b4884fcf1 sane-sandbox: fix secret binding 2024-01-27 11:26:10 +00:00
Colin 4319dc58eb programs: landlock: restrict the capabilities of sandboxed processes 2024-01-27 09:49:51 +00:00
Colin 3122434908 programs: add an option to configure extra home paths to make accessible in the sandbox 2024-01-27 09:11:32 +00:00
Colin d54f8b1e93 programs: fix so environment variables make it onto user sessions 2024-01-27 09:02:55 +00:00
Colin b417f60769 sane-sandboxed: try binding /proc/self in landlock. still doesnt work well 2024-01-27 05:59:40 +00:00
Colin df2d5b6d01 sane-sandboxed: fixup /dev/std* for wireshark 2024-01-27 05:12:43 +00:00
Colin a66b257644 sane-sandboxed: better support for landlock and SANE_SANDBOX_PREPEND/APPEND 2024-01-27 04:43:42 +00:00
Colin ef66d2ec72 sane-sandboxed: add support for landlock backend 2024-01-27 03:39:26 +00:00
Colin 64878bee67 sane-sandboxed: add SANE_SANDBOX_PREPEND, SANE_SANDBOX_APPEND env vars 2024-01-26 09:14:18 +00:00
Colin c4874c85b1 bubblewrap: debugging 2024-01-26 09:13:00 +00:00
Colin 7f002b8718 programs: sane-sandboxed: implement --sane-sandbox-cap for capabilities setting 2024-01-24 06:34:11 +00:00
Colin 824630f7d1 programs: sandboxing: document /dev/dri a bit more 2024-01-24 05:28:27 +00:00
Colin 57105c6861 sane-sandboxed: autodetect: handle file:/// URIs 2024-01-24 05:00:08 +00:00
Colin 3758044e7b sane-sandboxed: better handle "--" 2024-01-24 04:59:24 +00:00
Colin bfaf098c31 sane-sandboxed: fix handling of `--` (which previously smushed arguments) 2024-01-24 02:52:01 +00:00
Colin 089f86d5e4 programs: make /usr/bin/env available in the sandbox 
enables KOReader to run
 2024-01-24 01:48:02 +00:00
Colin bdd70f8fa2 sane-sandboxed: ignore the executable path when autodetecting media 2024-01-23 16:32:06 +00:00
Colin bfd5630e21 programs: sandbox: omit media dirs by default, and implement --sane-sandbox-autodetect for programs which are liable to load data from paths 2024-01-23 15:48:12 +00:00
Colin 576d2c32f0 programs: support secrets even when sandboxed 2024-01-23 14:57:33 +00:00
Colin 25739ec2ba programs: sane-sandboxed: avoid reading firejail profiles when the backend isnt firejail 
this should provide a marginal perf gain
 2024-01-23 14:57:33 +00:00
Colin f148334b58 programs: port extraFirejailConfig to extraConfig 2024-01-23 14:57:33 +00:00
Colin 3a6ee8708e programs: sane-sandboxed: dont error if network mountpoints are offline 2024-01-23 13:13:31 +00:00
Colin 983bf93d8f programs: sane-sandboxed: make the profile handle arguments with spaces 2024-01-23 12:47:25 +00:00
Colin 40cc8f5d1c programs: sane-sandboxed: make more debuggable 2024-01-23 12:27:23 +00:00
Colin cce03a5dc8 programs: sandbox: use --dev-bind-try for root paths; fixes mpv on moby 2024-01-23 12:18:32 +00:00
Colin 98dfc3aa5a programs: sandbox: allow all programs to access media 
hopefully this is just a stopgap
 2024-01-23 11:36:58 +00:00
Colin 27b56b1a12 programs: sane-sandbox: implement a cleaner debugshell and test API 2024-01-23 11:19:52 +00:00
Colin 6e9220d2bb programs: allow programs to specify "sandbox.method = "bwrap"" for bubblewrap sandboxing 2024-01-23 10:44:13 +00:00
Colin 0ddcfcaa23 sane-sandboxed: retrieve profiles from /share/sane-sandboxed/profiles so they can be customized without mass rebuilds 2024-01-23 08:01:23 +00:00
Colin a4cb6645b4 programs: indirect firejail access through sane-sandboxed 2024-01-23 04:02:31 +00:00
Colin 2492ed2ca7 programs: introduce a sane-sandboxed helper 
not yet used, but will be soon
 2024-01-23 02:29:33 +00:00
Colin f49d2a1e0e programs: split "makeSandboxed" into its own file 2024-01-23 01:23:14 +00:00
Colin 0dc3f4f7f2 modules/programs: move to subdir 
this will help me factor out helpers
 2024-01-23 01:02:04 +00:00
Colin d5901afb8e programs: firejail: specify profile via : (clarifies to firejail that its an identifier and not a path); invoke firejail via name instead of absolute path 2024-01-22 23:58:54 +00:00
Colin 8bf41ea858 programs: fix missing newline in firejail config concatenation 2024-01-22 13:11:47 +00:00
Colin df861a3ef0 programs: firejail: inject custom firejail config through /etc/firejail 
this improves rebuild times, and makes it easier for packages to inject their own free-form config
 2024-01-22 11:12:18 +00:00
Colin 60547204a8 sane.programs: firejail: support wrapping "runCommand" packages 2024-01-22 09:16:25 +00:00
Colin dd35136ac0 firejail: fix so /run/wrappers are available inside a jail 2024-01-22 07:18:50 +00:00
Colin 0f3f0933b1 mpv: sandbox with firejail 2024-01-22 03:50:28 +00:00
Colin 9ecd0adcbe firefox: sandbox with firejail 
TODO: get it so open-in-mpv launches an mpv that has access to ~/.config/mpv

i guess this is the 'firejail url problem'
 2024-01-21 23:59:15 +00:00
Colin ad92a2e158 programs: abort when no firejail profile is found for a program. 
in the future, i can whitelist specific binaries to omit their firejail
profiles.
 2024-01-21 04:32:49 +00:00
Colin 5f5891d241 programs: apply firejail profile to programs which are net isolated 2024-01-21 04:28:48 +00:00
Colin 992194a1f0 programs: achieve network sandboxing without "sane-vpn do" 2024-01-21 03:51:12 +00:00
Colin bad6a7bfee programs: implement "default vpn" with native nix code instead of sane-vpn 2024-01-21 01:04:31 +00:00
Colin 66d5e204be vpn: enforce "id" restrictions 2024-01-21 00:57:46 +00:00
Colin ce35330923 vpn.nix: factor into a proper module 
this will allow for better integration with 'sane.programs'
 2024-01-21 00:49:34 +00:00
Colin 59187a0ec0 programs: allow running binaries in a netns-style firejail 2024-01-20 11:11:12 +00:00
Colin fd0723169f nix-serve: fix coredump loop 2024-01-19 21:34:45 +00:00
Colin 43a8ca90a7 feeds: add Cat and Girl 2024-01-16 19:12:25 +00:00
Colin a5c6e41622 feeds: subscribe to POD OF JAKE 2024-01-14 05:20:28 +00:00
Colin 812a02bc6b feeds: add The Dollop podcast 2024-01-14 00:49:29 +00:00
Colin 70f059eaac feeds: subscribe to Jack Stauber 2024-01-13 16:43:41 +00:00
Colin e2a43ddfa0 servo: clightning: allow group members to run lightning-cli 2024-01-11 15:59:32 +00:00
Colin cecb114810 clightning: harden 2024-01-04 18:47:40 +00:00
Colin 7378d6c5b2 bitcoind: host behind tor 2024-01-04 16:25:49 +00:00
Colin 43498c62f9 clightning: integrate with tor 2024-01-03 18:29:16 +00:00
Colin 41ae86f40f servo: enable clightning 2024-01-03 13:56:42 +00:00
Colin 3e52956a3a servo: clightning: integrate, but do not enable 2024-01-02 18:32:34 +00:00
Colin 28d0a72c62 define (but dont activate) a clighting bitcoin service 2024-01-02 14:29:52 +00:00
Colin 822653ec10 feeds: vitalik.ca -> vitalik.eth.limo 2024-01-01 03:48:06 +00:00
Colin 68502ca944 feeds: add webcurious.co.uk link aggregator 2024-01-01 03:46:52 +00:00
Colin d18e94ea87 feeds: subscribe to linmob.net 2023-12-14 22:20:30 +00:00
Colin 3467a5df48 feeds: subscribe Origin Stories 2023-12-13 22:31:58 +00:00
Colin 694dd59e27 feeds: subscribe bitsaboutmoney 2023-12-13 22:29:22 +00:00
Colin 69bc219efa ports: fix systemd RandomizedDelaySec typo 2023-12-12 02:14:27 +00:00
Colin 4c5fb74c7d feeds: subscribe to kosmosghost 2023-12-11 04:55:47 +00:00
Colin 008a6192d4 mpv: associate with https://youtube.com/... 2023-12-11 04:52:49 +00:00
Colin f7a318c937 modules/users: fix services to specify PATH with correct precedence 2023-12-10 15:18:26 +00:00
Colin 01de6f84cf feeds: subscribe to Louis Rossmann 2023-12-09 08:14:16 +00:00
Colin 2d06401f3c feeds: subscribe to Tom Scott 2023-12-06 16:19:37 +00:00
Colin 2db56f2499 feeds: subscribe to TheB1M 2023-12-06 16:18:03 +00:00
Colin 63ea6d7002 feeds: subscribe to Exurb1a 2023-12-06 16:16:29 +00:00
Colin 3e2523cc2c feeds: subscribe to Cold Fusion 2023-12-06 16:15:25 +00:00
Colin ad3f5e305e feeds: subscribe to Vox 
don't @ me
 2023-12-06 16:13:08 +00:00
Colin aa5b9e3db3 user services: wrap with user PATH 
notably, this alllows Fractal to open links with the preferred browser
 2023-12-06 16:09:07 +00:00
Colin 46123719e9 feeds: subscribe to Vihart 2023-12-06 16:09:07 +00:00
Colin 16bce990c6 feeds: subscribe to PolyMatter 2023-12-06 16:09:07 +00:00
Colin d55e387187 feeds: subscribe to Vsauce 2023-12-06 16:09:06 +00:00
Colin e75c3375dc feeds: subscribe to Channel5 News 2023-12-06 16:08:50 +00:00
Colin b1c7cb367a feeds: subcsribe to hbomberguy 2023-12-06 15:47:39 +00:00
Colin d63d660ec2 feeds: subscribe to ContraPoints 2023-12-06 15:45:43 +00:00
Colin 9704dcc997 feeds: add support for video; subscribe to videos in gpodder 2023-12-06 15:36:05 +00:00
Colin 80875d6312 feeds: subscribe to Technology Connections 2023-12-06 15:35:38 +00:00
Colin 4cc5eed884 feeds: subscribe to srslywrong.com 2023-12-05 04:25:25 +00:00
Colin 8f9c9efca1 feeds: econlib: update feed URL 2023-11-26 02:17:36 +00:00
Colin 1cb83032a1 feeds: postmarketOS: update feed url 2023-11-26 02:17:23 +00:00
Colin 121e86013e feeds: add Hard Fork podcast 2023-11-23 05:57:23 +00:00
Colin e0a1dcd51f refactor: remove modules/data/keys.nix 2023-11-23 03:56:00 +00:00
Colin 758281f772 modules/feeds: remove unused parameter 2023-11-23 03:37:18 +00:00
Colin 23f4b2e2e4 nixserve: dependency-inject the pubkey 
this is in modules/ dir; shouldn't have that kind of data in it
 2023-11-23 02:14:18 +00:00
Colin 2d65282643 nixremote: define the user as part of the nixserve module 2023-11-23 02:08:45 +00:00
Colin 77a0a36bb8 enable remote-building for lappy/moby 2023-11-23 01:59:37 +00:00
Colin 3ff9c0ad0c add a "nixremote" user for remote bulding (experimental; builds arent actually enabled yet) 2023-11-23 01:27:28 +00:00
Colin 52b59bcde8 feeds: add Mic92 (nix dev) 2023-11-19 10:55:51 +00:00
Colin 91c2f6fc95 implement sane.programs.slowToBuild and {moby,desko,lappy}-light targets 
i'm not sure this is the exact right abstraction, but it's a starting point
 2023-11-18 22:06:42 +00:00
Colin ad495301c0 feeds: add Jeff Geerling 2023-11-18 00:23:58 +00:00
Colin cd79be5414 feeds: remove unused fields 2023-11-10 17:27:51 +00:00
Colin 6acd363f55 sane.persist.root-on-tmpfs -> sane.root-on-tmpfs 2023-11-09 00:15:04 +00:00