colin
/
nix-files
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
6,208 Commits 119 Branches 0 Tags 14 MiB
Commit Graph

1247 Commits

Author SHA1 Message Date
Colin 088b6f1b9a sane-sandboxed: load profiles via $NIX_PROFILES env var 2024-02-12 10:37:26 +00:00
Colin 96575acf3a programs: sane-sandboxed: move parseArgsExtra to outer scope; improve docs 2024-02-12 10:28:14 +00:00
Colin e81df0ac86 modules/programs: enforce that user services don't accidentally override PATH 2024-02-12 08:44:55 +00:00
Colin 87050a0500 feeds: add "FullTimeNix" podcast :) 2024-02-12 00:09:49 +00:00
Colin 0861edd7f9 modules/programs: remove ~/.config/mimeo from sandbox defaults 2024-02-11 23:35:27 +00:00
Colin b6bf8720c9 modules/programs: implement --sane-sandbox-portal flag for apps which want to use the portal to open other apps 2024-02-11 23:32:24 +00:00
Colin 0d3adcdc5c modules: users: have user services inherit PATH from environment rather than forcibly overwriting it 2024-02-09 09:50:26 +00:00
Colin 9ac0e0e4fc modules/programs: put things in a pid namespace by default 2024-02-08 23:36:59 +00:00
Colin c9af5bf9b4 programs: sandboxing: enable net isolation for most sandboxed programs 2024-02-08 21:51:32 +00:00
Colin bc85169e3d programs: sandboxer: allow disable net access 2024-02-08 21:07:34 +00:00
Colin 0c050d1953 programs: fuzzel: fix overly-aggressive sandboxing 2024-02-06 20:10:29 +00:00
Colin 2fc1fe7510 modules/programs: make-sandboxed: fix that /share/* was being linked into top-level /; better way to enforce sandboxing of /share entries 2024-02-06 19:55:55 +00:00
Colin 5f8699fcef rearrange /mnt structure for host-based subdirs 
e.g. /mnt/servo/media, /mnt/desko/home, etc
 2024-02-06 05:48:11 +00:00
Colin d7612d5034 modules/programs: make-sandboxed: avoid deep-copying all of /share when sandboxing 
saves like 1 GiB of closure. but i haven't thoroughly tested this
 2024-02-06 05:02:02 +00:00
Colin ed3935318d feeds: subscribe to non-paywalled Matt Levine 2024-02-05 16:41:38 +00:00
Colin 413903d03c make-sandboxed: also embed profiles for the withEmbeddedSandboxer passthru pkg 2024-02-05 08:26:40 +00:00
Colin 4d51c34ad2 programs: allow `sane.strictSandboxing = "warn"` 2024-02-05 05:28:02 +00:00
Colin 3439ca34b8 sane-sandboxed: add more autodetect options, and a "withEmbeddedSandboxer" package output (for dev) 2024-02-03 00:17:24 +00:00
Colin 0ee9f2026c sane-sandboxed: hopefully fix a problem with path normalization for paths with spaces 2024-02-02 22:56:43 +00:00
Colin 5e3c2636db programs: make-sandboxed: handle packages which use relative links in bin (like spotify) 2024-02-02 22:38:36 +00:00
Colin 2bb9115f35 modules/programs: sandboxing: add "whitelistDri" option for gfx-intensive apps 2024-02-02 17:18:51 +00:00
Colin 065d045640 fix so sway inherits program env vars 2024-02-02 15:36:06 +00:00
Colin 567c7993b6 modules/programs: sandbox: allow mimeo config in any sandbox 2024-02-02 12:52:36 +00:00
Colin 00f995aec9 fixup landlock-sandboxer to work well for all systems 
downgrade lappy/desko/servo back to default linux; zfs doesn't support latest

build landlock-sandboxer against the specific kernel being deployed; it's less noisy that way
 2024-01-31 21:19:10 +00:00
Colin 881d2f79ed modules/programs: add "unchecked" passthru to aid debugging 2024-01-29 13:36:01 +00:00
Colin 47abdfb831 modules/programs: patch dbus-1 files to use sandboxed binaries 2024-01-29 13:09:43 +00:00
Colin 3831c6f087 TODO: fold 2024-01-29 13:07:44 +00:00
Colin 4f8d476ebf modules/programs: patch old /nix/store paths in .desktop files 2024-01-29 12:56:08 +00:00
Colin 7af970f38c modules/programs: extend wrapperType="wrappedDerivation" to handle common share/ items 2024-01-29 11:59:38 +00:00
Colin 32824cfade modules/programs: sandbox in a manner that's more compatible with link-heavy apps like busybox, git, etc 2024-01-29 09:56:30 +00:00
Colin 51fc61b211 sane-sandboxed: cleanup 2024-01-29 09:14:43 +00:00
Colin 7b9795ea3d modules/programs: implement `embedWrapper` option 2024-01-29 09:13:49 +00:00
Colin 5f3e481fe4 sane-sandboxed: refactor and avoid passing duplicate/subpaths into the sandbox 2024-01-29 07:15:02 +00:00
Colin 86219d7006 sane-sandboxed: simplify: consolidate homePaths and rootPaths into just "paths" 2024-01-29 05:43:10 +00:00
Colin 24c70c3683 feeds: switch acoup.blog to the database type feed 
at some point my feed script became capable of understanding his RSS :)
 2024-01-28 12:37:38 +00:00
Colin 294f167df0 sane-sandboxed: fix CLI escaping with capsh 2024-01-28 11:11:07 +00:00
Colin f100595257 modules/programs: properly forward autodetectCliPaths to the sandboxer 2024-01-28 10:31:07 +00:00
Colin e84da827c2 sane-sandboxed: fix typo in add-pwd flag 2024-01-28 09:17:12 +00:00
Colin 42f9fa029d modules/programs: fix that whitelistPwd wasnt passed into the sandbox profile 2024-01-28 09:04:27 +00:00
Colin 40fee97b06 modules/programs: make-sandboxed: disallowReferences to the fake sane-sandboxed used during checkPhase 2024-01-28 08:58:13 +00:00
Colin 3cc8292d8b modules/programs: make-sandboxed: support packages with checkPhase by bypassing the sandbox 2024-01-28 07:45:08 +00:00
Colin 9261d30a34 modules/programs: reformatting 2024-01-28 05:58:08 +00:00
Colin 3eb3a8db5a modules/programs: add a `whitelistPwd` option to grant the program access to the directory it was called from 2024-01-28 05:57:30 +00:00
Colin 97129268f0 modules/programs: sandbox: add "capshonly" as a valid sandbox.method 2024-01-28 05:57:11 +00:00
Colin 4d7414c941 programs: introduce and use "autodetectCliPaths" nix config 2024-01-27 17:19:48 +00:00
Colin a7d081bfcb modules/programs: add a sane.strictSandboxing option 2024-01-27 17:11:07 +00:00
Colin 5ca208d07f modules/programs: sandbox: add enable flag and capabilities structured config 2024-01-27 17:08:27 +00:00
Colin 26b978dcf2 modules/programs: sandbox: fix "inline" -> "inplace" typo 2024-01-27 14:42:25 +00:00
Colin d8b6d419b6 modules/programs: sandboxing: add `wrapperType = "wrappedDerivation"` to wrap without rebuilding the whole package 2024-01-27 14:26:41 +00:00
Colin a06c81643c sane-sandboxed: don't error if ~ files aren't available to be bound 2024-01-27 12:48:58 +00:00
Colin 15fd7bf4a5 sane-sandboxed: implement a "capshonly" backend 2024-01-27 12:39:36 +00:00
Colin a6b824d3c4 modules/programs/sandbox: add an "embedProfile" option to source sandbox settings from the package instead of the system 2024-01-27 12:23:25 +00:00
Colin 3b4884fcf1 sane-sandbox: fix secret binding 2024-01-27 11:26:10 +00:00
Colin 4319dc58eb programs: landlock: restrict the capabilities of sandboxed processes 2024-01-27 09:49:51 +00:00
Colin 3122434908 programs: add an option to configure extra home paths to make accessible in the sandbox 2024-01-27 09:11:32 +00:00
Colin d54f8b1e93 programs: fix so environment variables make it onto user sessions 2024-01-27 09:02:55 +00:00
Colin b417f60769 sane-sandboxed: try binding /proc/self in landlock. still doesnt work well 2024-01-27 05:59:40 +00:00
Colin df2d5b6d01 sane-sandboxed: fixup /dev/std* for wireshark 2024-01-27 05:12:43 +00:00
Colin a66b257644 sane-sandboxed: better support for landlock and SANE_SANDBOX_PREPEND/APPEND 2024-01-27 04:43:42 +00:00
Colin ef66d2ec72 sane-sandboxed: add support for landlock backend 2024-01-27 03:39:26 +00:00
Colin 64878bee67 sane-sandboxed: add SANE_SANDBOX_PREPEND, SANE_SANDBOX_APPEND env vars 2024-01-26 09:14:18 +00:00
Colin c4874c85b1 bubblewrap: debugging 2024-01-26 09:13:00 +00:00
Colin 7f002b8718 programs: sane-sandboxed: implement --sane-sandbox-cap for capabilities setting 2024-01-24 06:34:11 +00:00
Colin 824630f7d1 programs: sandboxing: document /dev/dri a bit more 2024-01-24 05:28:27 +00:00
Colin 57105c6861 sane-sandboxed: autodetect: handle file:/// URIs 2024-01-24 05:00:08 +00:00
Colin 3758044e7b sane-sandboxed: better handle "--" 2024-01-24 04:59:24 +00:00
Colin bfaf098c31 sane-sandboxed: fix handling of `--` (which previously smushed arguments) 2024-01-24 02:52:01 +00:00
Colin 089f86d5e4 programs: make /usr/bin/env available in the sandbox 
enables KOReader to run
 2024-01-24 01:48:02 +00:00
Colin bdd70f8fa2 sane-sandboxed: ignore the executable path when autodetecting media 2024-01-23 16:32:06 +00:00
Colin bfd5630e21 programs: sandbox: omit media dirs by default, and implement --sane-sandbox-autodetect for programs which are liable to load data from paths 2024-01-23 15:48:12 +00:00
Colin 576d2c32f0 programs: support secrets even when sandboxed 2024-01-23 14:57:33 +00:00
Colin 25739ec2ba programs: sane-sandboxed: avoid reading firejail profiles when the backend isnt firejail 
this should provide a marginal perf gain
 2024-01-23 14:57:33 +00:00
Colin f148334b58 programs: port extraFirejailConfig to extraConfig 2024-01-23 14:57:33 +00:00
Colin 3a6ee8708e programs: sane-sandboxed: dont error if network mountpoints are offline 2024-01-23 13:13:31 +00:00
Colin 983bf93d8f programs: sane-sandboxed: make the profile handle arguments with spaces 2024-01-23 12:47:25 +00:00
Colin 40cc8f5d1c programs: sane-sandboxed: make more debuggable 2024-01-23 12:27:23 +00:00
Colin cce03a5dc8 programs: sandbox: use --dev-bind-try for root paths; fixes mpv on moby 2024-01-23 12:18:32 +00:00
Colin 98dfc3aa5a programs: sandbox: allow all programs to access media 
hopefully this is just a stopgap
 2024-01-23 11:36:58 +00:00
Colin 27b56b1a12 programs: sane-sandbox: implement a cleaner debugshell and test API 2024-01-23 11:19:52 +00:00
Colin 6e9220d2bb programs: allow programs to specify "sandbox.method = "bwrap"" for bubblewrap sandboxing 2024-01-23 10:44:13 +00:00
Colin 0ddcfcaa23 sane-sandboxed: retrieve profiles from /share/sane-sandboxed/profiles so they can be customized without mass rebuilds 2024-01-23 08:01:23 +00:00
Colin a4cb6645b4 programs: indirect firejail access through sane-sandboxed 2024-01-23 04:02:31 +00:00
Colin 2492ed2ca7 programs: introduce a sane-sandboxed helper 
not yet used, but will be soon
 2024-01-23 02:29:33 +00:00
Colin f49d2a1e0e programs: split "makeSandboxed" into its own file 2024-01-23 01:23:14 +00:00
Colin 0dc3f4f7f2 modules/programs: move to subdir 
this will help me factor out helpers
 2024-01-23 01:02:04 +00:00
Colin d5901afb8e programs: firejail: specify profile via : (clarifies to firejail that its an identifier and not a path); invoke firejail via name instead of absolute path 2024-01-22 23:58:54 +00:00
Colin 8bf41ea858 programs: fix missing newline in firejail config concatenation 2024-01-22 13:11:47 +00:00
Colin df861a3ef0 programs: firejail: inject custom firejail config through /etc/firejail 
this improves rebuild times, and makes it easier for packages to inject their own free-form config
 2024-01-22 11:12:18 +00:00
Colin 60547204a8 sane.programs: firejail: support wrapping "runCommand" packages 2024-01-22 09:16:25 +00:00
Colin dd35136ac0 firejail: fix so /run/wrappers are available inside a jail 2024-01-22 07:18:50 +00:00
Colin 0f3f0933b1 mpv: sandbox with firejail 2024-01-22 03:50:28 +00:00
Colin 9ecd0adcbe firefox: sandbox with firejail 
TODO: get it so open-in-mpv launches an mpv that has access to ~/.config/mpv

i guess this is the 'firejail url problem'
 2024-01-21 23:59:15 +00:00
Colin ad92a2e158 programs: abort when no firejail profile is found for a program. 
in the future, i can whitelist specific binaries to omit their firejail
profiles.
 2024-01-21 04:32:49 +00:00
Colin 5f5891d241 programs: apply firejail profile to programs which are net isolated 2024-01-21 04:28:48 +00:00
Colin 992194a1f0 programs: achieve network sandboxing without "sane-vpn do" 2024-01-21 03:51:12 +00:00
Colin bad6a7bfee programs: implement "default vpn" with native nix code instead of sane-vpn 2024-01-21 01:04:31 +00:00
Colin 66d5e204be vpn: enforce "id" restrictions 2024-01-21 00:57:46 +00:00
Colin ce35330923 vpn.nix: factor into a proper module 
this will allow for better integration with 'sane.programs'
 2024-01-21 00:49:34 +00:00
Colin 59187a0ec0 programs: allow running binaries in a netns-style firejail 2024-01-20 11:11:12 +00:00
Colin fd0723169f nix-serve: fix coredump loop 2024-01-19 21:34:45 +00:00
Colin 43a8ca90a7 feeds: add Cat and Girl 2024-01-16 19:12:25 +00:00
Colin a5c6e41622 feeds: subscribe to POD OF JAKE 2024-01-14 05:20:28 +00:00
Colin 812a02bc6b feeds: add The Dollop podcast 2024-01-14 00:49:29 +00:00
Colin 70f059eaac feeds: subscribe to Jack Stauber 2024-01-13 16:43:41 +00:00
Colin e2a43ddfa0 servo: clightning: allow group members to run lightning-cli 2024-01-11 15:59:32 +00:00
Colin cecb114810 clightning: harden 2024-01-04 18:47:40 +00:00
Colin 7378d6c5b2 bitcoind: host behind tor 2024-01-04 16:25:49 +00:00
Colin 43498c62f9 clightning: integrate with tor 2024-01-03 18:29:16 +00:00
Colin 41ae86f40f servo: enable clightning 2024-01-03 13:56:42 +00:00
Colin 3e52956a3a servo: clightning: integrate, but do not enable 2024-01-02 18:32:34 +00:00
Colin 28d0a72c62 define (but dont activate) a clighting bitcoin service 2024-01-02 14:29:52 +00:00
Colin 822653ec10 feeds: vitalik.ca -> vitalik.eth.limo 2024-01-01 03:48:06 +00:00
Colin 68502ca944 feeds: add webcurious.co.uk link aggregator 2024-01-01 03:46:52 +00:00
Colin d18e94ea87 feeds: subscribe to linmob.net 2023-12-14 22:20:30 +00:00
Colin 3467a5df48 feeds: subscribe Origin Stories 2023-12-13 22:31:58 +00:00
Colin 694dd59e27 feeds: subscribe bitsaboutmoney 2023-12-13 22:29:22 +00:00
Colin 69bc219efa ports: fix systemd RandomizedDelaySec typo 2023-12-12 02:14:27 +00:00
Colin 4c5fb74c7d feeds: subscribe to kosmosghost 2023-12-11 04:55:47 +00:00
Colin 008a6192d4 mpv: associate with https://youtube.com/... 2023-12-11 04:52:49 +00:00
Colin f7a318c937 modules/users: fix services to specify PATH with correct precedence 2023-12-10 15:18:26 +00:00
Colin 01de6f84cf feeds: subscribe to Louis Rossmann 2023-12-09 08:14:16 +00:00
Colin 2d06401f3c feeds: subscribe to Tom Scott 2023-12-06 16:19:37 +00:00
Colin 2db56f2499 feeds: subscribe to TheB1M 2023-12-06 16:18:03 +00:00
Colin 63ea6d7002 feeds: subscribe to Exurb1a 2023-12-06 16:16:29 +00:00
Colin 3e2523cc2c feeds: subscribe to Cold Fusion 2023-12-06 16:15:25 +00:00
Colin ad3f5e305e feeds: subscribe to Vox 
don't @ me
 2023-12-06 16:13:08 +00:00
Colin aa5b9e3db3 user services: wrap with user PATH 
notably, this alllows Fractal to open links with the preferred browser
 2023-12-06 16:09:07 +00:00
Colin 46123719e9 feeds: subscribe to Vihart 2023-12-06 16:09:07 +00:00
Colin 16bce990c6 feeds: subscribe to PolyMatter 2023-12-06 16:09:07 +00:00
Colin d55e387187 feeds: subscribe to Vsauce 2023-12-06 16:09:06 +00:00
Colin e75c3375dc feeds: subscribe to Channel5 News 2023-12-06 16:08:50 +00:00
Colin b1c7cb367a feeds: subcsribe to hbomberguy 2023-12-06 15:47:39 +00:00
Colin d63d660ec2 feeds: subscribe to ContraPoints 2023-12-06 15:45:43 +00:00
Colin 9704dcc997 feeds: add support for video; subscribe to videos in gpodder 2023-12-06 15:36:05 +00:00
Colin 80875d6312 feeds: subscribe to Technology Connections 2023-12-06 15:35:38 +00:00
Colin 4cc5eed884 feeds: subscribe to srslywrong.com 2023-12-05 04:25:25 +00:00
Colin 8f9c9efca1 feeds: econlib: update feed URL 2023-11-26 02:17:36 +00:00
Colin 1cb83032a1 feeds: postmarketOS: update feed url 2023-11-26 02:17:23 +00:00
Colin 121e86013e feeds: add Hard Fork podcast 2023-11-23 05:57:23 +00:00
Colin e0a1dcd51f refactor: remove modules/data/keys.nix 2023-11-23 03:56:00 +00:00
Colin 758281f772 modules/feeds: remove unused parameter 2023-11-23 03:37:18 +00:00
Colin 23f4b2e2e4 nixserve: dependency-inject the pubkey 
this is in modules/ dir; shouldn't have that kind of data in it
 2023-11-23 02:14:18 +00:00
Colin 2d65282643 nixremote: define the user as part of the nixserve module 2023-11-23 02:08:45 +00:00
Colin 77a0a36bb8 enable remote-building for lappy/moby 2023-11-23 01:59:37 +00:00
Colin 3ff9c0ad0c add a "nixremote" user for remote bulding (experimental; builds arent actually enabled yet) 2023-11-23 01:27:28 +00:00
Colin 52b59bcde8 feeds: add Mic92 (nix dev) 2023-11-19 10:55:51 +00:00
Colin 91c2f6fc95 implement sane.programs.slowToBuild and {moby,desko,lappy}-light targets 
i'm not sure this is the exact right abstraction, but it's a starting point
 2023-11-18 22:06:42 +00:00
Colin ad495301c0 feeds: add Jeff Geerling 2023-11-18 00:23:58 +00:00
Colin cd79be5414 feeds: remove unused fields 2023-11-10 17:27:51 +00:00
Colin 6acd363f55 sane.persist.root-on-tmpfs -> sane.root-on-tmpfs 2023-11-09 00:15:04 +00:00
Colin 23c46079a9 image: allow configuring the sector size 2023-11-08 16:42:25 +00:00
Colin 28d4a4b065 persistence: move stores behind a byStore attr to support disabling persistence altogether (for e.g. rescue image) 2023-11-08 15:33:15 +00:00
Colin 25e314c02e blogs: follow artemis.sh 2023-11-01 04:38:04 +00:00
Colin 6191542805 nix-serve: port 5000 -> 5001; prosody: enable proxy65 on port 5000 2023-10-20 04:48:30 +00:00
Colin 3942ae0f1b feeds: subscribe to Benjamin Mako 2023-10-18 21:57:56 +00:00
Colin fa65b0b92e feeds: add Samana Harihareswara 2023-10-18 21:53:51 +00:00
Colin 697ae02797 podcasts: The Daily: port to db 2023-10-18 21:37:12 +00:00
Colin ab35a46e5f podcasts: sub Tech Wont Save Us, Trash Future 2023-10-18 21:35:36 +00:00
Colin 90b1215a89 s/types.string/types.str/ 2023-10-17 22:46:02 +00:00
Colin 827d9626d6 ports: actually forward `ovpns` ports into the root namespace 2023-10-17 09:42:13 +00:00
Colin 5cfde63d5d wowlan: document theory on wake failure 2023-10-11 10:01:15 +00:00
Colin 6dd1d5759b wowlan: document a new failure mode/workaround 2023-10-10 21:33:34 +00:00
Colin 2de947d96e wowlan: move the implementation into sxmo_suspend.sh instead of a systemd service 2023-10-10 09:26:48 +00:00
Colin 85e5d30b0f wowlan module: port to rtl8723cs-wowlan python script 2023-10-10 08:34:02 +00:00
Colin 114df5efab wowlan: enable CONFIG_ARP_KEEP_ALIVE (experimental) 2023-10-10 05:24:57 +00:00
Colin a9ddfb2752 WIP: sxmo: port to systemd 2023-10-09 00:25:03 +00:00
Colin 4682ca32e2 wowlan: document another failure 2023-10-09 00:25:03 +00:00
Colin cf553b1386 wowlan: more documentation 2023-10-08 00:00:26 +00:00
Colin e40cbaf1cf wowlan: document more about disconnections detection 2023-10-07 21:51:33 +00:00
Colin 19b8c0c923 wowlan: document known issues 2023-10-07 21:29:55 +00:00
Colin e5125065d6 eg25-control: add a timeout to how long a power-on can take 2023-10-07 04:27:14 +00:00
Colin 6c6e1ee84b moby: add gps-related services to the "dialout" group 2023-10-03 01:01:06 +00:00
Colin 43fc050eed feeds: subscribe to FasterThanLime 2023-09-29 18:23:14 +00:00
Colin bdf049d9e4 moby: wowlan: also wake on ARP requests (experimental) 2023-09-28 20:55:18 +00:00
Colin 9205e076c5 modules/wowlan: move options to "ipv4" attrset for future protocol expansion 2023-09-28 20:09:04 +00:00
Colin ebbef901c1 wowlan: document VPN shortcomings 2023-09-27 01:32:50 +00:00
Colin 1ef203ee07 wowlan: docs: caveats 2023-09-27 01:30:06 +00:00
Colin ca645ed23d wowlan: remove the version/ip header length match 2023-09-27 01:26:51 +00:00
Colin 742ed50960 moby: configure wake-on-lan 2023-09-27 01:04:53 +00:00
Colin 21838afc0d feeds: subscribe to turnoff.us 2023-09-25 23:09:56 +00:00
Colin de12a2200e feeds: add amosbbatto 2023-09-25 12:09:38 +00:00
Colin 083bdad88f feeds: update metadata for all 
this should fix a couple broken feeds whose URL changed, but most changes here are inconsequential
 2023-09-24 12:25:04 +00:00
Colin 2f7655e1c1 eg25-control: don't auto-start GPS on boot 
this also means we don't power the modem on boot

this is OK to do now that i have a toggle in swaync for GPS
 2023-09-15 16:55:27 +00:00
Colin 71c01795f4 moby: eg25-control-freshen-agps: fix to actually run hourly 2023-09-15 07:35:05 +00:00
Colin 2291c89dbc moby: eg25-control: fixup perms & add service that DLs new agps data when stale 2023-09-15 04:47:12 +00:00
Colin 1546304b4e eg25-control: run as own user 
its perms might still need adjustment so that it can control modem power and write to mmcli
 2023-09-15 03:54:01 +00:00
Colin a0c2ed38e6 eg25-control: allow finer-grained service control 2023-09-15 01:38:50 +00:00
Colin 9ad1be40b2 persist: stores: crypt: remove unrecognized nodev flag 2023-09-13 06:07:04 +00:00
Colin 910d0fa59e persist: remove the nosuid flag since gocryptfs cant parse it here 2023-09-13 05:13:43 +00:00
Colin 7bef6b4089 modules: users/programs: cleaner option passthrough 2023-09-12 05:44:53 +00:00
Colin 8011e78e21 persist: cryptClearOnBoot: note rare (but predictable) bug during redeploy 2023-09-12 04:58:56 +00:00
Colin 3e33313bf0 programs: add a "services" option which forwards into the user config 2023-09-12 04:44:07 +00:00
Colin 6138291a8d users: add a "services" option via which to configure per-user systemd services 2023-09-12 04:43:23 +00:00
Colin 6addf5a3b2 fs: symlink: add an option by which to control the symlink target name 2023-09-12 04:41:32 +00:00
Colin 0da8d282fe feeds: add Andrew Heaton - Political Orphanage 2023-09-09 02:33:48 +00:00
Colin 51ecf1b54b sxmo: fix sxmo_hook_init.sh -> sxmo_hook_start.sh 2023-09-05 17:31:33 +00:00
Colin f62c844aaf modules: fs: allow symlink target to be a `path` 2023-09-05 17:21:02 +00:00
Colin 68bce9c8b7 ports: if they fail to forward, retry after some interval 2023-09-01 00:30:32 +00:00
Colin ded5d94d69 modules: fs: add a "text" type to populate static text files when symlinks wont do 2023-08-31 12:56:30 +00:00
Colin ff39fc5d95 ports: make upnp service files more human-readable 2023-08-31 01:02:48 +00:00
Colin 1c7997e1ef rename eg25-control-defaults.service -> eg25-control 2023-08-28 08:03:14 +00:00
Colin 5d349ce042 moby: init GPS during boot 2023-08-22 04:53:40 +00:00
Colin 17b90fc697 eg25-manager: configure without modemmanager support 2023-08-17 08:34:32 +00:00
Colin ef881b1392 podcasts: subscribe to Useful Idiots 2023-08-16 22:03:40 +00:00
Colin debea8fa5b podcasts: subscribe to Behind the Bastards 2023-08-16 21:58:51 +00:00
Colin 8a9acbaeea podcasts: subscribe to We're Not Wrong 2023-08-16 21:58:07 +00:00
Colin 8869ec7bca podcasts: subscribe to omegatau 2023-08-16 21:54:55 +00:00
Colin 4ec947d549 eg25-manager: set RestartSec to make the restart loops less painful 2023-08-16 09:09:13 +00:00
Colin db99043753 eg25-manager.service: remove modem_power module & point to the right UART 2023-08-15 10:46:18 +00:00
Colin 664b21e5f1 enable eg25-manager (experimental) 2023-08-10 07:27:38 +00:00
Colin 8dc568d52e ship mate.engrampa as archive manager (after getting it to cross compile) 2023-08-07 03:43:37 +00:00
Colin dcf97b70e1 programs: use the `declPackageSet` helper 2023-08-02 21:20:50 +00:00
Colin 1ba877b325 upnp-forward: add a timeout to the unit 
especially, this lets the target die, and the timer restart, when the UPNP stuff hangs
 2023-07-31 11:06:04 +00:00
Colin 9ca8c74ed7 feeds: add wireshark podcast 2023-07-31 00:11:47 +00:00
Colin f59da7ad0f feeds: add minding our way 2023-07-28 01:14:28 +00:00
Colin 183457444c feeds: add Ezra Klein show 2023-07-28 01:08:19 +00:00
Colin 28a91723b8 feeds: add Atlas Obscura podcast 2023-07-28 01:06:15 +00:00
Colin 535bbd2c0b sane.{programs,user}.fs: pass fs values onto sane.fs unmerged 
notably, this allows ~/.config/zsh/.zshrc to be specified by more than one location, and for the values to not overwrite one another
 2023-07-18 11:25:27 +00:00
Colin 11a4b7006e upnp-forwards: fix timer to actually run every hour 2023-07-18 09:54:06 +00:00
Colin 23e95ba2ba modules: fs: symlink.text: allow specifying it multiple times 2023-07-18 02:17:25 +00:00
Colin ebcc0c269e trust-dns: remove from this repo 
it's fully upstreamed into nixpkgs now
 2023-07-16 12:27:23 +00:00
Colin 8788a8c67a servo: upnp-forwards.timer: fix to invoke upnp-forwards.target instead of upnp-forwards.service 2023-07-15 22:08:55 +00:00
Colin 088286d8f7 mime: support multiple implementors of the same association, with different priorities 2023-07-15 10:11:31 +00:00
Colin 55d64eb598 programs: factor out a `sane.programs.<foo>.mime` schema 2023-07-15 08:44:18 +00:00
Colin 44b15ba8ed users: apply default permissions to any user who goes through the sane.users module 2023-07-14 23:56:01 +00:00
Colin e38bf42506 trust-dns: migrate module to nixpkgs repo 2023-07-13 09:57:11 +00:00
Colin 8b3521d08f fixup sxmo persistence (prev two commits don't build 2023-07-13 07:17:09 +00:00
Colin 4a7398da2f trust-dns: finish hardening 2023-07-13 01:33:31 +00:00
Colin 8e94d77b0f ports: create a separate systemd service per port forward 
this allows one failed forward to not take down all forwards
 2023-07-11 01:56:59 +00:00
Colin f765e3d030 sane-ip-check: also store the upnp gateway 2023-07-11 00:55:04 +00:00
Colin 452260f7c7 trust-dns: don't run as root 2023-07-10 09:00:37 +00:00
Colin b648aca505 trust-dns: link to docs in service file 2023-07-10 08:12:07 +00:00
Colin 8c4af55f82 trust-dns: apply some hardening (still need more) 2023-07-10 08:00:45 +00:00
Colin 23fb37a3e9 fs: have nodes `require` their parent instead of the weaker `want` 
this may fix it so spurious (failed) mounts of ~/private *don't* create a bunch of directories that later cause a real mount to be impossible
 2023-07-10 05:58:30 +00:00
Colin db72f5e11f fs: generated.script.scriptArgs -> generated.command 2023-07-08 11:15:23 +00:00
Colin 8753e5e0c6 fs: remove legacy `generated.script.script` option 2023-07-08 11:15:23 +00:00
Colin 558b35fee0 prepare fs.generated.script users to not assume a shell 2023-07-08 11:15:23 +00:00
Colin 3ce2716fbe fs: factor out the ensureSymlink/ensureDir/ensurePerms scripts 2023-07-08 10:35:10 +00:00
Colin e9293dbe07 fs: fix raciness that was causing `ensure-xyz` services to run multiple times per boot 2023-07-08 09:08:59 +00:00
Colin f18d624fd9 fs: avoid creating a new script for every fs entry 2023-07-08 09:00:49 +00:00
Colin 8f57394cd2 persist: create the backing path as a dependency of the VFS path 2023-07-08 02:08:18 +00:00
Colin 01b8a28a52 programs.fs: remove extraneous `wantedBeforeBy` clause 
it's provided by `sane.user.fs`
 2023-07-08 02:06:44 +00:00
Colin b42207882e programs.persist: fix to allow any options that underlying persist allows 2023-07-08 02:06:18 +00:00
Colin 0a519eddb4 persist: allow persisting of individual files, not just directories 
i actually do already, with ~/.ssh/id_ed25519 -- it works only as a fluke
 2023-07-08 01:31:14 +00:00
Colin acf89a041e modules/programs: cleanup `with` statements 2023-07-03 07:55:05 +00:00
Colin 9340d5f391 programs: remove explicit default definitions 2023-07-03 07:49:44 +00:00
Colin 9f1d61c781 programs: remove quadratic behavior 2023-07-03 07:16:24 +00:00
Colin 83e48eabad WIP: decrease quadratic operations in modules/programs.nix 2023-07-03 07:04:57 +00:00
Colin 9b9273b725 programs: call out some quadratic behavior; i can try to fix it in the future 2023-07-03 06:41:48 +00:00
Colin ccaff668c1 sane-lib: path: fix `from` bug; tidy 2023-07-03 05:28:53 +00:00