|
|
efc16a9e80
|
persist: harden the "ephemeral" store mount environment
there's only so much this can actually achieve. it's still quite possible for someone who knows what they're doing to do large amounts of damage
|
2024-08-01 22:40:55 +00:00 |
|
|
|
161f272f41
|
gpodder-adaptive: track youtube-dl upstreaming
|
2024-08-01 20:02:47 +00:00 |
|
|
|
6aa6c0020c
|
lightning-cli: fix sandboxing
|
2024-08-01 19:59:23 +00:00 |
|
|
|
acd46940e4
|
clightning: lift the build fix into pkgs/default.nix
this lets me apply it outside the context of a nixos module
|
2024-08-01 19:53:05 +00:00 |
|
|
|
00a25f1533
|
feeds: fix complex systems URL
|
2024-08-01 19:52:22 +00:00 |
|
|
|
bc0a1eb1b3
|
feeds: sub to Complex Systems Podcast
|
2024-08-01 18:58:39 +00:00 |
|
|
|
cd3f483df0
|
sway: add "Super+B" shortcut to open the Web Browser
|
2024-08-01 18:55:25 +00:00 |
|
|
|
38a183cf3b
|
sane-open: backfill missing configureKeyboardFor_uri method
|
2024-08-01 18:54:50 +00:00 |
|
|
|
5ed6e84cc7
|
sane-open: refactor
|
2024-08-01 18:54:04 +00:00 |
|
|
|
7c1a0fc323
|
sane-open: add --debug flag
|
2024-08-01 18:52:55 +00:00 |
|
|
|
f16066549f
|
sane-open: fallback to URI instead of file when we cant do anything more specialized
|
2024-08-01 18:52:06 +00:00 |
|
|
|
659da66106
|
sane-open: add the ability to open URIs
|
2024-08-01 18:50:17 +00:00 |
|
|
|
c07eaba873
|
tor-browser: associate with .onion URLs
|
2024-08-01 18:34:38 +00:00 |
|
|
|
bb420bd45d
|
firefox: add a desktop item for launching inside a VPN
|
2024-08-01 18:10:32 +00:00 |
|
|
|
3902432864
|
where-am-i: fix bin linking
|
2024-08-01 17:57:45 +00:00 |
|
|
|
33efbeda8a
|
link manpages into all linkIntoOwnPackage users
|
2024-08-01 17:43:58 +00:00 |
|
|
|
8206fb0519
|
linkIntoOwnPackage: place man/doc into separate outputs
|
2024-08-01 17:11:24 +00:00 |
|
|
|
2687286489
|
servo: nginx: switch to mainline zlib to silence syslog warnings
|
2024-08-01 01:25:16 +00:00 |
|
|
|
d5e52e21f7
|
sane-stop-all-servo: stop ntfy and trust-dns-doof services
|
2024-07-31 23:40:51 +00:00 |
|
|
|
367fc24aa8
|
nixpkgs: full_index=1: actually apply to all PR urls -- not just nixpkgs commits
|
2024-07-31 20:59:07 +00:00 |
|
|
|
bf45206d1a
|
nixpkgs: use full_index=1 when fetching patches, for stable hashes
|
2024-07-31 20:52:38 +00:00 |
|
|
|
397b2ae2ea
|
nixpkgs: update hashes
|
2024-07-30 22:05:01 +00:00 |
|
|
|
f0ebb305ec
|
nixpkgs: update hashes
though it's probably fetchpatch2 just being stupid again and i'll revert
|
2024-07-30 21:58:01 +00:00 |
|
|
|
e629d2d999
|
rsync-net: harden systemd service, and dodge the "pasta doesnt support root" bug
|
2024-07-30 21:54:25 +00:00 |
|
|
|
9b2601e450
|
cross: fix texinfo (used for info command)
|
2024-07-30 16:23:06 +00:00 |
|
|
|
a20c13fffe
|
firefox-extensions.ublacklist: 8.9.1 -> 8.9.2
|
2024-07-30 15:50:04 +00:00 |
|
|
|
20a2d8dc1c
|
uassets: 2024-07-28 -> 2024-07-29
|
2024-07-30 15:50:04 +00:00 |
|
|
|
297bf7e090
|
syshud: 2024-07-21 -> 2024-07-29
|
2024-07-30 15:50:04 +00:00 |
|
|
|
ed024d081e
|
nixpkgs-wayland: 2024-07-27 -> 2024-07-28
|
2024-07-30 15:50:04 +00:00 |
|
|
|
4ddd4191bc
|
nixpkgs: 2024-07-28 -> 2024-07-29
|
2024-07-30 15:50:04 +00:00 |
|
|
|
32ef63028b
|
sane-reclaim-disk-space: fix quote typo
|
2024-07-30 15:32:35 +00:00 |
|
|
|
70bd001171
|
servo: bitcoind: harden systemd service
|
2024-07-30 13:12:27 +00:00 |
|
|
|
b53f376d70
|
servo: clightning: tighten sandboxing for bitcoin-cli interaction
|
2024-07-30 12:41:33 +00:00 |
|
|
|
621c147483
|
clightning: remove /var/lib/bitcond-mainnet from the service paths -- again
|
2024-07-30 11:17:10 +00:00 |
|
|
|
841076fd9e
|
clightning: move /var/lib/bitcoind-mainnet from ReadWritePaths -> ReadOnlyPaths
i think i can go further, remote it altogether
|
2024-07-29 23:19:26 +00:00 |
|
|
|
80492e902b
|
inotify watches: bump 1M -> 4M
i'm hoping this will reduce errors on servo seen in system services,
about exhausing "disk space" (file handle space)
|
2024-07-29 23:19:26 +00:00 |
|
|
|
f058fe0be6
|
servo: lemmy: sandbox
|
2024-07-29 23:19:26 +00:00 |
|
|
|
8fde3dea77
|
servo: pleroma: fix service hardening
|
2024-07-29 23:19:26 +00:00 |
|
|
|
ac9238a7f0
|
servo: assorted: plead with shitty AI companies to not bring my server to its knees by scraping all of the Linux source code
i thought AI was supposed to be smart
|
2024-07-29 19:19:32 +00:00 |
|
|
|
45412e5042
|
common/fs: ftp auto-remounting in a way which doesnt use .service files
|
2024-07-29 15:44:54 +00:00 |
|
|
|
d76d50f1c4
|
common/fs: /mnt/servo/* ftp auto/re-mounting in a way which does better rate limiting
|
2024-07-29 07:11:52 +00:00 |
|
|
|
f1c76ada43
|
WIP: common/fs: simpler /mnt/servo/* ftp auto/re-mounting
|
2024-07-29 03:44:10 +00:00 |
|
|
|
9dbd85ba08
|
servo: slskd: remove the hardening options until i can debug
|
2024-07-29 03:42:52 +00:00 |
|
|
|
2c707c3acd
|
servo: lemmy/lemmy-ui: harden the service with a syscall filter
|
2024-07-29 03:42:52 +00:00 |
|
|
|
0fae963d90
|
servo: lemmy: harden the backend systemd service
|
2024-07-29 03:42:52 +00:00 |
|
|
|
90df178c35
|
servo: slskd: harden (partially)
|
2024-07-29 03:42:52 +00:00 |
|
|
|
dc053149d0
|
servo: lemmy/lemmy-ui: harden
|
2024-07-29 03:42:52 +00:00 |
|
|
|
bce81d0487
|
servo: pleroma: harden
|
2024-07-29 03:42:52 +00:00 |
|
|
|
a8eba4df4d
|
servo: jackett: harden further
|
2024-07-29 03:42:52 +00:00 |
|
|
|
1bb36b74c2
|
scripts/check-uninsane: check that servo bitcoind is online
|
2024-07-29 03:42:52 +00:00 |
|
