4ddd4191bc
nixpkgs: 2024-07-28 -> 2024-07-29
2024-07-30 15:50:04 +00:00
80492e902b
inotify watches: bump 1M -> 4M
...
i'm hoping this will reduce errors on servo seen in system services,
about exhausing "disk space" (file handle space)
2024-07-29 23:19:26 +00:00
45412e5042
common/fs: ftp auto-remounting in a way which doesnt use .service files
2024-07-29 15:44:54 +00:00
d76d50f1c4
common/fs: /mnt/servo/* ftp auto/re-mounting in a way which does better rate limiting
2024-07-29 07:11:52 +00:00
f1c76ada43
WIP: common/fs: simpler /mnt/servo/* ftp auto/re-mounting
2024-07-29 03:44:10 +00:00
6a9fd04437
bitcoin-cli: split into own file, and fix broken path to config file when running as user
2024-07-29 03:42:52 +00:00
666744bda3
bitcoin-cli,lightning-cli: ship as own package instead of shipping the whole daemon
2024-07-29 03:42:52 +00:00
ba09fbeec9
bitcoind: fix sandboxing
2024-07-29 03:42:52 +00:00
0bfaead177
sane-deadlines: only show on physical login, not ssh
2024-07-29 03:42:52 +00:00
1b93dbe12c
sane-sysload: show on remote login
2024-07-29 03:42:52 +00:00
bf1f843306
doc: rsyslog: note that this isnt the traditional setup
...
also, may want to tune the burst settings in the future. i definitely got rate-limited
2024-07-28 03:40:53 +00:00
9a1cd9341f
feeds: note some more podcast discovery places
2024-07-28 01:54:14 +00:00
3a6a5ffe01
rsyslog: persist logs
2024-07-28 01:54:14 +00:00
971de060d5
WIP: port /var/log persistence to private store
2024-07-28 01:54:14 +00:00
3ea57f1d6a
users: disable pam mount
...
this was needed for the old way of mounting ~/private, but no longer
2024-07-28 01:54:14 +00:00
e44771f67d
servo: postgresql: port data to private store
2024-07-27 16:51:23 +00:00
2e644dc020
persist/private: remove the "prefix", to allow the store to hold files not just in /home/colin
...
this will require a one-time manual migration on all devices
2024-07-27 00:26:57 +00:00
f4a6bc1991
pam_cap: fix ordering so that my sessions have correct capabilities again
2024-07-26 23:58:57 +00:00
19fd45211f
sane-secrets-unlock: remove from ~/.profile and make it an s6 service
...
more reliable, in practice
2024-07-26 22:18:32 +00:00
d905af6cd1
ship sane-private-unlock-remote as a cron job to lappy/desko
2024-07-26 20:54:27 +00:00
cbca403158
hosts/common: downgrade the auto-login to lib.mkDefault
...
servo uses autologin as root, for the purpose of recovery. let it keep that for now
2024-07-26 16:04:13 +00:00
3b8d6c8587
refactor: s6/unl0kr/profile: put more shell init stuff directly in modules/users/default.nix when it doesnt benefit from being pluggable
2024-07-26 15:58:59 +00:00
d59380b4dd
unl0kr: ensure it runs on the same tty the session was initialized on
2024-07-26 14:50:28 +00:00
3d91fa2475
systemd.networkd: disable the wait-online service
...
it blocks boot like a idiot
2024-07-26 14:01:31 +00:00
fcbbfc4a65
fix s6 service ordering: unl0kr -> (wait for mount) -> sway
...
note that the systemd-aware mount never completes -- it's stuck in 'activating' forever. that's the next challenge
2024-07-26 12:18:14 +00:00
b93e9e75e6
unl0kr: use inotify in the retry logic
2024-07-26 11:31:53 +00:00
4daf5452e8
unl0kr: dont echo password to terminal
2024-07-26 09:36:06 +00:00
af905a2f58
unl0kr: split the gocryptfs unlocking into its own separate service
...
/mnt/persist/private can be depended on by both s6 user services and systemd system services (which will become useful for servo)
/mnt/persist/private can be unlocked by dropping the key in remotely, however that won't kill unl0kr
TODO: fix unl0kr to not also output text to the tty
TODO: ensure gocryptfs mount can handle being fed a wrong password
2024-07-26 08:08:21 +00:00
8ef5920d84
unl0kr: port to an s6 service
...
this has some drawbacks in its current form and will be tidied
it writes the password also to the consold. it requires 'sudo'.
2024-07-25 18:45:01 +00:00
2203d6db59
cleanup: remove XDG_SESSION_TYPE, XDG_VTNR from global environment
2024-07-25 15:26:24 +00:00
07b55bb3ec
unl0kr: dont run atop getty -- just a bare /dev/tty1
...
i'm not sure what agetty was ever doing here.
unl0kr itself runs fine, it launches ~/.profile, and if i interrupt ~/.profile to use a console, that works too.
the console does regularly get interrupted by systemd output,
but i've checked and the agetty method had that same program.
2024-07-25 14:48:15 +00:00
874b7aecfa
persist: rename "cryptClearOnBoot" to "ephemeral"
2024-07-25 12:11:46 +00:00
800945d951
sway: disable touchpad middle-click (i hope?)
2024-07-25 12:11:46 +00:00
4c3b0f820b
feeds: unsubscribe from Vox, Post Reports (politics)
2024-07-25 08:41:13 +00:00
0756349c86
polyunfill: fix missing lvm2
2024-07-24 13:11:59 +00:00
490c587737
swaync-service-dispatcher: add up/down options
2024-07-24 11:49:15 +00:00
15df9edca1
swaync-service-dispatcher: add a usage command
2024-07-24 11:46:52 +00:00
2d73b85f92
gps-share: fix sandboxing
...
it's possible that the Avahi sandboxing isn't right. idk
2024-07-24 11:43:24 +00:00
70d4925483
gps-share: dont launch until after the modem is actually powered on
2024-07-24 11:15:44 +00:00
a165e568a8
mpv: tune controls for mobile (speculative)
2024-07-24 09:05:15 +00:00
a539e52abe
mpv: disable visualizer; it breaks UI
2024-07-24 09:05:05 +00:00
6f1173e45a
sops-gpg-adapter: port to nix-shell
2024-07-24 08:28:13 +00:00
34e770c5f5
sanebox: fix missing dependency on iptables/iproute2
2024-07-24 03:32:12 +00:00
0460a419c5
sane-vpn: use DHCP DNS servers when use specifies none -- instead of 1.1.1.1
2024-07-24 03:05:37 +00:00
9efa5bb209
sane-tag-music -> sane-tag-media, and formally support pdf
2024-07-23 17:42:25 +00:00
b21002207a
programs: ship exiftool
2024-07-23 17:19:50 +00:00
553a2724a4
youtube-tui: docs: mention more invidious instances
2024-07-22 16:14:44 +00:00
bf0583cbda
youtube-tui: update to a more reliable invidious instance
2024-07-22 16:00:51 +00:00
5a5842d26c
nicotine-plus: fix so it can read its config file on first run
2024-07-22 15:51:40 +00:00
3f8f3f4e54
mpv: sponsorblock: also skip intros
2024-07-22 14:20:34 +00:00
