colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
7,775 Commits 141 Branches 1 Tag
04eb5ed0129f96df11f3e0af85c54ee20b51ae6e
Commit Graph

2517 Commits

Author SHA1 Message Date
Colin
cbe71868ef newsflash: deploy 2024-08-09 10:25:53 +00:00
Colin
1d205a89bc sway: fix gnome-calls to always be on workspace 1 2024-08-08 23:59:19 +00:00
Colin
5ff643aa2f foliate: fix sandboxing 2024-08-08 23:58:02 +00:00
Colin
bfdf63e641 calls: 46.3 -> 47.0-beta 2024-08-08 23:57:47 +00:00
Colin
c695f7a979 foliate: ship 2024-08-08 21:08:51 +00:00
Colin
1ee81db537 switch xdg-desktop-portal-gtk -> xdg-desktop-portal-gnome 
the gnome file chooser is far more responsive, on moby

though thumbnailing doesnt work, which may degrade the desktop experience :-(
 2024-08-08 09:43:47 +00:00
Colin
2de6491583 xdg-desktop-portal-gnome: get working as a xdp backend, on lappy 
probably needs some porting to moby before it works there
 2024-08-08 08:52:24 +00:00
Colin
4525df58e0 rsyslog: disable 2024-08-08 07:40:59 +00:00
Colin
a69af91b7b add /mnt/servo/home to my hosts 2024-08-08 00:45:33 +00:00
Colin
de6ffe6b75 flare-signal: update compatibility notes 2024-08-07 22:07:56 +00:00
Colin
f8aea34e96 sanebox: bwrap: make user namespace unsharing more obvious 2024-08-07 21:23:21 +00:00
Colin
49efb94a0a seatd: restrict capabilities 2024-08-07 20:30:29 +00:00
Colin
9b1e053ead seatd: place the socket in a place that lends itself to better sandboxing 2024-08-07 19:37:20 +00:00
Colin
6dad290cd5 duplicity: purge 2024-08-07 01:33:31 +00:00
Colin
cc6ed6c0ec flare-signal: annotate my notes on it with datestamps 2024-08-07 01:23:43 +00:00
Colin
d45ea622d1 servo: disable email-based registration gating 2024-08-06 21:39:32 +00:00
Colin
247fd3f807 less: tune flags, especially for systemd/journalctl 2024-08-06 19:25:10 +00:00
Colin
1cdeedd9ec servo: partially ship ollama 2024-08-06 08:24:29 +00:00
Colin
638655ff83 mnt-servo-*-reachable.service: harden systemd service 2024-08-06 06:43:10 +00:00
Colin
5e57e78411 /mnt/servo/*: fix to not hang the mount when fs is offline 
this is an unfortunate effect of the drop_privileges part of fuse3,
that the mount is active as soon as the fs implementation is launched,
instead of when it enters `fuse_main`.
 2024-08-06 05:54:31 +00:00
Colin
646c2dd85a common/fs: mount curlftpfs using fuse3 2024-08-06 04:48:47 +00:00
Colin
9cee460d7e gocryptfs: sandbox with landlock 
now /mnt/persist/ephemeral implementation can't access /mnt/persist/private; /mnt/persist/private can't access /mnt/desko/home, and so on
 2024-08-05 23:01:38 +00:00
Colin
c706a19836 landlock-sandboxer: rename the binary, so that it can be included on PATH without collisions 2024-08-05 22:59:14 +00:00
Colin
e25dd98f6c spot/spotify: disable 
i don't use spotify atm
 2024-08-05 00:47:59 +00:00
Colin
0906d76f83 libcap_ng: ship 2024-08-03 23:27:53 +00:00
Colin
2b3278eb7f /mnt/$host/home: layer bwrap sandboxing after the drop-privileges passoff 2024-08-03 17:11:11 +00:00
Colin
9b4e91fbd9 /mnt/$host/home: harden systemd settings 2024-08-03 16:27:42 +00:00
Colin
734627232a /mnt/$host/home: mount with drop_privileges 2024-08-03 15:13:04 +00:00
Colin
3adbbe5fa7 /mnt/$host/home: run as user instead of as root 2024-08-03 15:13:04 +00:00
Colin
97268e9b26 curlftpfs-sane: rename from curlftpfs 
i already patched it significantly; i plan to port to fuse3 shortly
 2024-08-03 14:32:01 +00:00
Colin
dae8481176 firefox: ship a "stub DNS" desktop file variant 
though note that my stub-dns seems to be broken recently...
 2024-08-02 21:41:07 +00:00
Colin
fbfd0afca4 common/fs: only desclare /mnt/$host mounts for hosts this machine is authorized to access 2024-08-02 20:29:22 +00:00
Colin
c490b6e6ad common/polyunfill: simplify my config by using the new security.pam.package option 2024-08-02 10:04:20 +00:00
Colin
eaeb8380dc fs: enable @basic-api everywhere, since its required by systemd restart logic 2024-08-02 09:13:55 +00:00
Colin
05a9e8e819 common: /mnt/servo: fix systemd mount files to be aware of the timeout, again 2024-08-02 08:16:13 +00:00
Colin
9dbb2a6266 sane.fs: take in the role of generating systemd.mounts files 2024-08-02 07:33:21 +00:00
Colin
f925dd9a20 fs: isolate /mnt/servo/* and /mnt/persist/ephemeral a bit more 2024-08-02 04:45:14 +00:00
Colin
cbe6bdf158 hosts: fs: sandbox /mnt/servo/* mounts 2024-08-02 03:17:53 +00:00
Colin
949a52dee1 activationScripts.notifyActive: be quiet about sane-deadlines/sane-sysload 2024-08-02 01:11:19 +00:00
Colin
2ee1fb17c4 sane-deadlines, sane-sysload: fix ordering to not run before the environment is configured 2024-08-02 01:04:07 +00:00
Colin
48cc718700 login: remove systemd-user-sessions integration so that we dont block on remote-fs 
tested on lappy. will it work on servo, with gitea?
 2024-08-02 00:52:51 +00:00
Colin
2197951e12 NetworkManager-dispatcher: cleanup an ordering cycle between it and trust-dns-localhost 2024-08-02 00:36:54 +00:00
Colin
6aa6c0020c lightning-cli: fix sandboxing 2024-08-01 19:59:23 +00:00
Colin
00a25f1533 feeds: fix complex systems URL 2024-08-01 19:52:22 +00:00
Colin
bc0a1eb1b3 feeds: sub to Complex Systems Podcast 2024-08-01 18:58:39 +00:00
Colin
cd3f483df0 sway: add "Super+B" shortcut to open the Web Browser 2024-08-01 18:55:25 +00:00
Colin
c07eaba873 tor-browser: associate with .onion URLs 2024-08-01 18:34:38 +00:00
Colin
bb420bd45d firefox: add a desktop item for launching inside a VPN 2024-08-01 18:10:32 +00:00
Colin
3902432864 where-am-i: fix bin linking 2024-08-01 17:57:45 +00:00
Colin
33efbeda8a link manpages into all linkIntoOwnPackage users 2024-08-01 17:43:58 +00:00