Colin
057b9e3fed
replace links/references to ~/private/FOO with just ~/FOO
2024-02-23 07:06:29 +00:00
Colin
170eeeacc4
programs: dereference not just the leaf, but any part of the path, when determining a program's sandbox closure
2024-02-23 07:06:29 +00:00
Colin
a402822084
move "private" store to /mnt/persist/private instead of ~/private
...
this will allow me to add all of ~ to a sandbox without giving all of ~/private
2024-02-23 07:06:29 +00:00
Colin
80ecdcc4f9
persist: plaintext: consider "/mnt/persist/plaintext" as the logical root, and abstract away "/nix/persist"
2024-02-23 07:06:29 +00:00
Colin
0864790bb7
docs: modules/persist: document the "origin" store parameter
2024-02-23 07:06:29 +00:00
Colin
478747a96e
modules/persist: change default mounting method to symlink
...
this changes the plaintext and cryptClearOnBoot stores: private was already symlink-based.
this isn't strictly necessary: the rationale is:
1. `mount` syscall *requires* CAP_SYS_ADMIN (i.e. superuser/suid).
that's causing problems with sandboxing, particularly ~/private.
that doesn't affect other stores *yet*, but it may in the future.
2. visibility. i.e. it makes *clear* where anything is persisted.
if `realpath` doesn't evaluate to `/nix/persist`, then it's not
persisted.
2024-02-23 07:06:29 +00:00
Colin
2a528a5d8e
sane-sandboxed: leave a note about future mount work
2024-02-21 16:08:42 +00:00
Colin
c6470918de
types.string -> types.str
2024-02-21 00:25:44 +00:00
Colin
bb569b1668
sane-vpn: port away from systemd so that i can use it as an ordinary user (no sudo)
2024-02-20 22:21:02 +00:00
Colin
34524ea3e4
modules/vpn: fix the vpn-* systemd services
2024-02-20 20:40:46 +00:00
Colin
d7be5da483
warnings.nix: port to a proper module
2024-02-20 11:19:12 +00:00
Colin
34dedcff57
modules/programs: sane-sandboxed: fix normPath handling of paths containing special characters like [
2024-02-19 15:32:23 +00:00
Colin
95cb5624ca
modules/programs: sane-sandboxed: fix but that --sane-sandbox-path / wasnt being canonicalized
2024-02-18 13:53:53 +00:00
Colin
600f6eb56c
modules/programs: sane-sandboxed: remove all remaining forks/subshells
...
launchtime for firefox in bwrap is about 65ms; 35ms for --sane-sandbox-method none
2024-02-18 13:15:04 +00:00
Colin
fd6f8493a7
modules/programs: sane-sandboxed: remove all forking from normPath
...
reduces time for librewolf benchmark from 90ms -> 65ms. there's still _some_ forking in this script, but it's constant now.
2024-02-18 12:25:03 +00:00
Colin
f10f1ee7b1
modules/programs: sane-sandboxed: optimize "normPath" to not invoke subshells
...
each subshell causes like 5ms just on my laptop, which really adds up.
this implementation still forks internally, but doesn't exec.
runtime decreases from 150ms -> 90ms for
`time librewolf --sane-sandbox-replace-cli true`
2024-02-18 12:08:23 +00:00
Colin
cef2591425
modules/programs: sane-sandboxed: capshonly/landlock: don't request capabilities we know won't be granted
2024-02-17 16:30:18 +00:00
Colin
4ced02b0b2
modules/programs: make-sandboxed: fix incorrect "priority" attribute
2024-02-17 03:32:49 +00:00
Colin
029ba43bd6
modules/programs: sane-sandboxed: invoke "capsh" with the --no-new-privs argument
2024-02-16 05:48:50 +00:00
Colin
8c9c6ec979
modules/programs: make-sandboxed: support /libexec binaries
2024-02-16 03:15:45 +00:00
Colin
1edb1fc8b6
modules/programs: sane-sandboxed: avoid adding the sandbox implementation to $PATH
2024-02-15 17:58:22 +00:00
Colin
8d20dcadd1
modules/programs: sane-sandboxed: add --sane-sandbox-keep-pidspace flag
2024-02-15 15:05:28 +00:00
Colin
c943442c94
modules/programs: sane-sandboxed: add --sane-sandbox-method none for benchmarking
2024-02-15 13:13:39 +00:00
Colin
02dd629616
modules/programs: sane-sandboxed: rework so portal env vars arent set when sandbox is disabled
...
and by setting them only at launch time we aid introspectability/debugging
2024-02-15 11:57:36 +00:00
Colin
5f1036118f
modules/programs: sandboxing: add a "whitelistX" option
2024-02-15 00:09:16 +00:00
Colin
22ca253ae0
modules/programs: better document the `env` option
2024-02-14 11:08:43 +00:00
Colin
8b32f2f231
modules/programs: add support for 'autodetectCliPaths = parent'
2024-02-14 04:31:59 +00:00
Colin
080bd856ec
programs: sandboxing: only permit wayland socket access to those specific apps which require it
2024-02-14 01:49:49 +00:00
Colin
548a95a7e1
modules/programs: sandboxing: unshare ipc/cgroup/uts by default
2024-02-14 01:48:59 +00:00
Colin
34b148f6cc
modules/programs: allow specifying perlPackages members as programs, as i do with python3Packages, etc
2024-02-13 12:31:04 +00:00
Colin
1a18ed533b
programs: don't include dbus in the sandbox by default
2024-02-13 11:58:33 +00:00
Colin
6eaaeeb91a
programs: remove audio from the sandbox by default
2024-02-13 11:14:38 +00:00
Colin
bb68506839
modules/programs: add separate "user" v.s. "system" options for whitelistDbus
2024-02-13 10:55:10 +00:00
Colin
126f3e4922
programs: sandboxing: restrict /run/user dir to just dbus/pipewire/pulse/wayland, by default
2024-02-13 10:28:30 +00:00
Colin
73afceb8c6
modules/programs: sandbox: add `whitelistWayland` option
2024-02-13 10:24:35 +00:00
Colin
27fd81ad80
modules/programs: add new options for whitelisting audio/dbus
2024-02-12 15:23:35 +00:00
Colin
d82b4b0f62
modules/programs: sane-sandboxed: reorder the --sane-sandbox-profile-dir arg so it takes precedence
2024-02-12 14:56:48 +00:00
Colin
7b28023e08
modules/programs: re-introduce the "withEmbeddedSandboxer" passthru attr
2024-02-12 14:27:48 +00:00
Colin
2b9db897a1
implement `sane.defaultUser` attr
2024-02-12 14:27:32 +00:00
Colin
6124cb9b36
modules/programs: sane-sandboxed: search for profiles in XDG_DATA_DIRS, not NIX_PROFILES
2024-02-12 13:16:48 +00:00
Colin
b0394d877d
modules/programs: rename allowedRootPaths -> allowedPaths
...
now that allowedHomePaths doesn't exist
2024-02-12 13:00:10 +00:00
Colin
14d8230821
modules/programs: sane-sandboxed: remove --sane-sandbox-home-path argument and plumbing
...
no longer needed, and mixing this with root paths is liable to cause troubles at this point, around symlink dereferencing/canonicalization/etc
2024-02-12 12:57:54 +00:00
Colin
a90b5b53db
modules/programs: sandboxing: dereference symlinks and also include those in the sandbox
2024-02-12 12:48:02 +00:00
Colin
eee3e138ff
modules/programs: sandboxing: allow specifying individual /run/user/$uid paths to expose to the sandbox
2024-02-12 12:18:59 +00:00
Colin
f61cd17e99
modules/programs: sandboxing: specialize profiles per-user by expanding $HOME
2024-02-12 12:08:58 +00:00
Colin
3e0b0a0f02
modules/programs: make-sandboxed: lift profile creation logic out to the toplevel
2024-02-12 11:52:33 +00:00
Colin
2ee34e9af3
modules/profiles: remove sandbox.embedProfile option
...
with upcoming refactors, this setting would force a different package to be installed per user, which doesn't mesh with the existing sane.programs infra
2024-02-12 11:35:59 +00:00
Colin
7c05d221d6
modules/programs: split "make-sandbox-profile" out of "make-sandboxed"
2024-02-12 11:20:40 +00:00
Colin
93012664e5
modules/programs: simplify how sandbox profiles make it into system packages
2024-02-12 10:52:44 +00:00
Colin
c424f7ac3b
sane-sandboxed: load all profiles, not just the first one we find
...
this allows some amount of overriding, or splitting profiles between system and user dirs
2024-02-12 10:40:15 +00:00
Colin
088b6f1b9a
sane-sandboxed: load profiles via $NIX_PROFILES env var
2024-02-12 10:37:26 +00:00
Colin
96575acf3a
programs: sane-sandboxed: move parseArgsExtra to outer scope; improve docs
2024-02-12 10:28:14 +00:00
Colin
e81df0ac86
modules/programs: enforce that user services don't accidentally override PATH
2024-02-12 08:44:55 +00:00
Colin
87050a0500
feeds: add "FullTimeNix" podcast :)
2024-02-12 00:09:49 +00:00
Colin
0861edd7f9
modules/programs: remove ~/.config/mimeo from sandbox defaults
2024-02-11 23:35:27 +00:00
Colin
b6bf8720c9
modules/programs: implement --sane-sandbox-portal flag for apps which want to use the portal to open other apps
2024-02-11 23:32:24 +00:00
Colin
0d3adcdc5c
modules: users: have user services inherit PATH from environment rather than forcibly overwriting it
2024-02-09 09:50:26 +00:00
Colin
9ac0e0e4fc
modules/programs: put things in a pid namespace by default
2024-02-08 23:36:59 +00:00
Colin
c9af5bf9b4
programs: sandboxing: enable net isolation for most sandboxed programs
2024-02-08 21:51:32 +00:00
Colin
bc85169e3d
programs: sandboxer: allow disable net access
2024-02-08 21:07:34 +00:00
Colin
0c050d1953
programs: fuzzel: fix overly-aggressive sandboxing
2024-02-06 20:10:29 +00:00
Colin
2fc1fe7510
modules/programs: make-sandboxed: fix that /share/* was being linked into top-level /; better way to enforce sandboxing of /share entries
2024-02-06 19:55:55 +00:00
Colin
5f8699fcef
rearrange /mnt structure for host-based subdirs
...
e.g. /mnt/servo/media, /mnt/desko/home, etc
2024-02-06 05:48:11 +00:00
Colin
d7612d5034
modules/programs: make-sandboxed: avoid deep-copying all of /share when sandboxing
...
saves like 1 GiB of closure. but i haven't thoroughly tested this
2024-02-06 05:02:02 +00:00
Colin
ed3935318d
feeds: subscribe to non-paywalled Matt Levine
2024-02-05 16:41:38 +00:00
Colin
413903d03c
make-sandboxed: also embed profiles for the withEmbeddedSandboxer passthru pkg
2024-02-05 08:26:40 +00:00
Colin
4d51c34ad2
programs: allow `sane.strictSandboxing = "warn"`
2024-02-05 05:28:02 +00:00
Colin
3439ca34b8
sane-sandboxed: add more autodetect options, and a "withEmbeddedSandboxer" package output (for dev)
2024-02-03 00:17:24 +00:00
Colin
0ee9f2026c
sane-sandboxed: hopefully fix a problem with path normalization for paths with spaces
2024-02-02 22:56:43 +00:00
Colin
5e3c2636db
programs: make-sandboxed: handle packages which use relative links in bin (like spotify)
2024-02-02 22:38:36 +00:00
Colin
2bb9115f35
modules/programs: sandboxing: add "whitelistDri" option for gfx-intensive apps
2024-02-02 17:18:51 +00:00
Colin
065d045640
fix so sway inherits program env vars
2024-02-02 15:36:06 +00:00
Colin
567c7993b6
modules/programs: sandbox: allow mimeo config in any sandbox
2024-02-02 12:52:36 +00:00
Colin
00f995aec9
fixup landlock-sandboxer to work well for all systems
...
downgrade lappy/desko/servo back to default linux; zfs doesn't support latest
build landlock-sandboxer against the specific kernel being deployed; it's less noisy that way
2024-01-31 21:19:10 +00:00
Colin
881d2f79ed
modules/programs: add "unchecked" passthru to aid debugging
2024-01-29 13:36:01 +00:00
Colin
47abdfb831
modules/programs: patch dbus-1 files to use sandboxed binaries
2024-01-29 13:09:43 +00:00
Colin
3831c6f087
TODO: fold
2024-01-29 13:07:44 +00:00
Colin
4f8d476ebf
modules/programs: patch old /nix/store paths in .desktop files
2024-01-29 12:56:08 +00:00
Colin
7af970f38c
modules/programs: extend wrapperType="wrappedDerivation" to handle common share/ items
2024-01-29 11:59:38 +00:00
Colin
32824cfade
modules/programs: sandbox in a manner that's more compatible with link-heavy apps like busybox, git, etc
2024-01-29 09:56:30 +00:00
Colin
51fc61b211
sane-sandboxed: cleanup
2024-01-29 09:14:43 +00:00
Colin
7b9795ea3d
modules/programs: implement `embedWrapper` option
2024-01-29 09:13:49 +00:00
Colin
5f3e481fe4
sane-sandboxed: refactor and avoid passing duplicate/subpaths into the sandbox
2024-01-29 07:15:02 +00:00
Colin
86219d7006
sane-sandboxed: simplify: consolidate homePaths and rootPaths into just "paths"
2024-01-29 05:43:10 +00:00
Colin
24c70c3683
feeds: switch acoup.blog to the database type feed
...
at some point my feed script became capable of understanding his RSS :)
2024-01-28 12:37:38 +00:00
Colin
294f167df0
sane-sandboxed: fix CLI escaping with capsh
2024-01-28 11:11:07 +00:00
Colin
f100595257
modules/programs: properly forward autodetectCliPaths to the sandboxer
2024-01-28 10:31:07 +00:00
Colin
e84da827c2
sane-sandboxed: fix typo in add-pwd flag
2024-01-28 09:17:12 +00:00
Colin
42f9fa029d
modules/programs: fix that whitelistPwd wasnt passed into the sandbox profile
2024-01-28 09:04:27 +00:00
Colin
40fee97b06
modules/programs: make-sandboxed: disallowReferences to the fake sane-sandboxed used during checkPhase
2024-01-28 08:58:13 +00:00
Colin
3cc8292d8b
modules/programs: make-sandboxed: support packages with checkPhase by bypassing the sandbox
2024-01-28 07:45:08 +00:00
Colin
9261d30a34
modules/programs: reformatting
2024-01-28 05:58:08 +00:00
Colin
3eb3a8db5a
modules/programs: add a `whitelistPwd` option to grant the program access to the directory it was called from
2024-01-28 05:57:30 +00:00
Colin
97129268f0
modules/programs: sandbox: add "capshonly" as a valid sandbox.method
2024-01-28 05:57:11 +00:00
Colin
4d7414c941
programs: introduce and use "autodetectCliPaths" nix config
2024-01-27 17:19:48 +00:00
Colin
a7d081bfcb
modules/programs: add a sane.strictSandboxing option
2024-01-27 17:11:07 +00:00
Colin
5ca208d07f
modules/programs: sandbox: add enable flag and capabilities structured config
2024-01-27 17:08:27 +00:00
Colin
26b978dcf2
modules/programs: sandbox: fix "inline" -> "inplace" typo
2024-01-27 14:42:25 +00:00
Colin
d8b6d419b6
modules/programs: sandboxing: add `wrapperType = "wrappedDerivation"` to wrap without rebuilding the whole package
2024-01-27 14:26:41 +00:00
Colin
a06c81643c
sane-sandboxed: don't error if ~ files aren't available to be bound
2024-01-27 12:48:58 +00:00
Colin
15fd7bf4a5
sane-sandboxed: implement a "capshonly" backend
2024-01-27 12:39:36 +00:00
Colin
a6b824d3c4
modules/programs/sandbox: add an "embedProfile" option to source sandbox settings from the package instead of the system
2024-01-27 12:23:25 +00:00
Colin
3b4884fcf1
sane-sandbox: fix secret binding
2024-01-27 11:26:10 +00:00
Colin
4319dc58eb
programs: landlock: restrict the capabilities of sandboxed processes
2024-01-27 09:49:51 +00:00
Colin
3122434908
programs: add an option to configure extra home paths to make accessible in the sandbox
2024-01-27 09:11:32 +00:00
Colin
d54f8b1e93
programs: fix so environment variables make it onto user sessions
2024-01-27 09:02:55 +00:00
Colin
b417f60769
sane-sandboxed: try binding /proc/self in landlock. still doesnt work well
2024-01-27 05:59:40 +00:00
Colin
df2d5b6d01
sane-sandboxed: fixup /dev/std* for wireshark
2024-01-27 05:12:43 +00:00
Colin
a66b257644
sane-sandboxed: better support for landlock and SANE_SANDBOX_PREPEND/APPEND
2024-01-27 04:43:42 +00:00
Colin
ef66d2ec72
sane-sandboxed: add support for landlock backend
2024-01-27 03:39:26 +00:00
Colin
64878bee67
sane-sandboxed: add SANE_SANDBOX_PREPEND, SANE_SANDBOX_APPEND env vars
2024-01-26 09:14:18 +00:00
Colin
c4874c85b1
bubblewrap: debugging
2024-01-26 09:13:00 +00:00
Colin
7f002b8718
programs: sane-sandboxed: implement --sane-sandbox-cap for capabilities setting
2024-01-24 06:34:11 +00:00
Colin
824630f7d1
programs: sandboxing: document /dev/dri a bit more
2024-01-24 05:28:27 +00:00
Colin
57105c6861
sane-sandboxed: autodetect: handle file:/// URIs
2024-01-24 05:00:08 +00:00
Colin
3758044e7b
sane-sandboxed: better handle "--"
2024-01-24 04:59:24 +00:00
Colin
bfaf098c31
sane-sandboxed: fix handling of `--` (which previously smushed arguments)
2024-01-24 02:52:01 +00:00
Colin
089f86d5e4
programs: make /usr/bin/env available in the sandbox
...
enables KOReader to run
2024-01-24 01:48:02 +00:00
Colin
bdd70f8fa2
sane-sandboxed: ignore the executable path when autodetecting media
2024-01-23 16:32:06 +00:00
Colin
bfd5630e21
programs: sandbox: omit media dirs by default, and implement --sane-sandbox-autodetect for programs which are liable to load data from paths
2024-01-23 15:48:12 +00:00
Colin
576d2c32f0
programs: support secrets even when sandboxed
2024-01-23 14:57:33 +00:00
Colin
25739ec2ba
programs: sane-sandboxed: avoid reading firejail profiles when the backend isnt firejail
...
this should provide a marginal perf gain
2024-01-23 14:57:33 +00:00
Colin
f148334b58
programs: port extraFirejailConfig to extraConfig
2024-01-23 14:57:33 +00:00
Colin
3a6ee8708e
programs: sane-sandboxed: dont error if network mountpoints are offline
2024-01-23 13:13:31 +00:00
Colin
983bf93d8f
programs: sane-sandboxed: make the profile handle arguments with spaces
2024-01-23 12:47:25 +00:00
Colin
40cc8f5d1c
programs: sane-sandboxed: make more debuggable
2024-01-23 12:27:23 +00:00
Colin
cce03a5dc8
programs: sandbox: use --dev-bind-try for root paths; fixes mpv on moby
2024-01-23 12:18:32 +00:00
Colin
98dfc3aa5a
programs: sandbox: allow all programs to access media
...
hopefully this is just a stopgap
2024-01-23 11:36:58 +00:00
Colin
27b56b1a12
programs: sane-sandbox: implement a cleaner debugshell and test API
2024-01-23 11:19:52 +00:00
Colin
6e9220d2bb
programs: allow programs to specify "sandbox.method = "bwrap"" for bubblewrap sandboxing
2024-01-23 10:44:13 +00:00
Colin
0ddcfcaa23
sane-sandboxed: retrieve profiles from /share/sane-sandboxed/profiles so they can be customized without mass rebuilds
2024-01-23 08:01:23 +00:00
Colin
a4cb6645b4
programs: indirect firejail access through sane-sandboxed
2024-01-23 04:02:31 +00:00
Colin
2492ed2ca7
programs: introduce a sane-sandboxed helper
...
not yet used, but will be soon
2024-01-23 02:29:33 +00:00
Colin
f49d2a1e0e
programs: split "makeSandboxed" into its own file
2024-01-23 01:23:14 +00:00
Colin
0dc3f4f7f2
modules/programs: move to subdir
...
this will help me factor out helpers
2024-01-23 01:02:04 +00:00
Colin
d5901afb8e
programs: firejail: specify profile via : (clarifies to firejail that its an identifier and not a path); invoke firejail via name instead of absolute path
2024-01-22 23:58:54 +00:00
Colin
8bf41ea858
programs: fix missing newline in firejail config concatenation
2024-01-22 13:11:47 +00:00
Colin
df861a3ef0
programs: firejail: inject custom firejail config through /etc/firejail
...
this improves rebuild times, and makes it easier for packages to inject their own free-form config
2024-01-22 11:12:18 +00:00
Colin
60547204a8
sane.programs: firejail: support wrapping "runCommand" packages
2024-01-22 09:16:25 +00:00
Colin
dd35136ac0
firejail: fix so /run/wrappers are available inside a jail
2024-01-22 07:18:50 +00:00
Colin
0f3f0933b1
mpv: sandbox with firejail
2024-01-22 03:50:28 +00:00
Colin
9ecd0adcbe
firefox: sandbox with firejail
...
TODO: get it so open-in-mpv launches an mpv that has access to ~/.config/mpv
i guess this is the 'firejail url problem'
2024-01-21 23:59:15 +00:00
Colin
ad92a2e158
programs: abort when no firejail profile is found for a program.
...
in the future, i can whitelist specific binaries to omit their firejail
profiles.
2024-01-21 04:32:49 +00:00
Colin
5f5891d241
programs: apply firejail profile to programs which are net isolated
2024-01-21 04:28:48 +00:00
Colin
992194a1f0
programs: achieve network sandboxing without "sane-vpn do"
2024-01-21 03:51:12 +00:00
Colin
bad6a7bfee
programs: implement "default vpn" with native nix code instead of sane-vpn
2024-01-21 01:04:31 +00:00
Colin
66d5e204be
vpn: enforce "id" restrictions
2024-01-21 00:57:46 +00:00
Colin
ce35330923
vpn.nix: factor into a proper module
...
this will allow for better integration with 'sane.programs'
2024-01-21 00:49:34 +00:00
Colin
59187a0ec0
programs: allow running binaries in a netns-style firejail
2024-01-20 11:11:12 +00:00
Colin
fd0723169f
nix-serve: fix coredump loop
2024-01-19 21:34:45 +00:00
Colin
43a8ca90a7
feeds: add Cat and Girl
2024-01-16 19:12:25 +00:00
Colin
a5c6e41622
feeds: subscribe to POD OF JAKE
2024-01-14 05:20:28 +00:00
Colin
812a02bc6b
feeds: add The Dollop podcast
2024-01-14 00:49:29 +00:00
Colin
70f059eaac
feeds: subscribe to Jack Stauber
2024-01-13 16:43:41 +00:00
Colin
e2a43ddfa0
servo: clightning: allow group members to run lightning-cli
2024-01-11 15:59:32 +00:00
Colin
cecb114810
clightning: harden
2024-01-04 18:47:40 +00:00
Colin
7378d6c5b2
bitcoind: host behind tor
2024-01-04 16:25:49 +00:00
Colin
43498c62f9
clightning: integrate with tor
2024-01-03 18:29:16 +00:00
Colin
41ae86f40f
servo: enable clightning
2024-01-03 13:56:42 +00:00
Colin
3e52956a3a
servo: clightning: integrate, but do not enable
2024-01-02 18:32:34 +00:00
Colin
28d0a72c62
define (but dont activate) a clighting bitcoin service
2024-01-02 14:29:52 +00:00
Colin
822653ec10
feeds: vitalik.ca -> vitalik.eth.limo
2024-01-01 03:48:06 +00:00
Colin
68502ca944
feeds: add webcurious.co.uk link aggregator
2024-01-01 03:46:52 +00:00
Colin
d18e94ea87
feeds: subscribe to linmob.net
2023-12-14 22:20:30 +00:00
Colin
3467a5df48
feeds: subscribe Origin Stories
2023-12-13 22:31:58 +00:00
Colin
694dd59e27
feeds: subscribe bitsaboutmoney
2023-12-13 22:29:22 +00:00
Colin
69bc219efa
ports: fix systemd RandomizedDelaySec typo
2023-12-12 02:14:27 +00:00
Colin
4c5fb74c7d
feeds: subscribe to kosmosghost
2023-12-11 04:55:47 +00:00
Colin
008a6192d4
mpv: associate with https://youtube.com/ ...
2023-12-11 04:52:49 +00:00
Colin
f7a318c937
modules/users: fix services to specify PATH with correct precedence
2023-12-10 15:18:26 +00:00
Colin
01de6f84cf
feeds: subscribe to Louis Rossmann
2023-12-09 08:14:16 +00:00
Colin
2d06401f3c
feeds: subscribe to Tom Scott
2023-12-06 16:19:37 +00:00
Colin
2db56f2499
feeds: subscribe to TheB1M
2023-12-06 16:18:03 +00:00
Colin
63ea6d7002
feeds: subscribe to Exurb1a
2023-12-06 16:16:29 +00:00
Colin
3e2523cc2c
feeds: subscribe to Cold Fusion
2023-12-06 16:15:25 +00:00
Colin
ad3f5e305e
feeds: subscribe to Vox
...
don't @ me
2023-12-06 16:13:08 +00:00
Colin
aa5b9e3db3
user services: wrap with user PATH
...
notably, this alllows Fractal to open links with the preferred browser
2023-12-06 16:09:07 +00:00
Colin
46123719e9
feeds: subscribe to Vihart
2023-12-06 16:09:07 +00:00
Colin
16bce990c6
feeds: subscribe to PolyMatter
2023-12-06 16:09:07 +00:00
Colin
d55e387187
feeds: subscribe to Vsauce
2023-12-06 16:09:06 +00:00
Colin
e75c3375dc
feeds: subscribe to Channel5 News
2023-12-06 16:08:50 +00:00
Colin
b1c7cb367a
feeds: subcsribe to hbomberguy
2023-12-06 15:47:39 +00:00
Colin
d63d660ec2
feeds: subscribe to ContraPoints
2023-12-06 15:45:43 +00:00
Colin
9704dcc997
feeds: add support for video; subscribe to videos in gpodder
2023-12-06 15:36:05 +00:00
Colin
80875d6312
feeds: subscribe to Technology Connections
2023-12-06 15:35:38 +00:00
Colin
4cc5eed884
feeds: subscribe to srslywrong.com
2023-12-05 04:25:25 +00:00
Colin
8f9c9efca1
feeds: econlib: update feed URL
2023-11-26 02:17:36 +00:00
Colin
1cb83032a1
feeds: postmarketOS: update feed url
2023-11-26 02:17:23 +00:00
Colin
121e86013e
feeds: add Hard Fork podcast
2023-11-23 05:57:23 +00:00
Colin
e0a1dcd51f
refactor: remove modules/data/keys.nix
2023-11-23 03:56:00 +00:00
Colin
758281f772
modules/feeds: remove unused parameter
2023-11-23 03:37:18 +00:00
Colin
23f4b2e2e4
nixserve: dependency-inject the pubkey
...
this is in modules/ dir; shouldn't have that kind of data in it
2023-11-23 02:14:18 +00:00
Colin
2d65282643
nixremote: define the user as part of the nixserve module
2023-11-23 02:08:45 +00:00
Colin
77a0a36bb8
enable remote-building for lappy/moby
2023-11-23 01:59:37 +00:00
Colin
3ff9c0ad0c
add a "nixremote" user for remote bulding (experimental; builds arent actually enabled yet)
2023-11-23 01:27:28 +00:00
Colin
52b59bcde8
feeds: add Mic92 (nix dev)
2023-11-19 10:55:51 +00:00
Colin
91c2f6fc95
implement sane.programs.slowToBuild and {moby,desko,lappy}-light targets
...
i'm not sure this is the exact right abstraction, but it's a starting point
2023-11-18 22:06:42 +00:00
Colin
ad495301c0
feeds: add Jeff Geerling
2023-11-18 00:23:58 +00:00
Colin
cd79be5414
feeds: remove unused fields
2023-11-10 17:27:51 +00:00
Colin
6acd363f55
sane.persist.root-on-tmpfs -> sane.root-on-tmpfs
2023-11-09 00:15:04 +00:00