a5cb989c59
hosts/common: add remote /mnt/crappy/home mount
2024-06-11 00:36:18 +00:00
8e7401955f
hosts/common: add crappy's pubkey/lan IP
2024-06-11 00:27:14 +00:00
fa605768e7
hosts/common: enable ALL firmware -- not just the "redistributable" stuff
2024-06-11 00:26:52 +00:00
3c279edd31
feeds: unsubscribe from Vsauce
2024-06-11 00:26:17 +00:00
ec29ec76f0
swayidle: fix that input events werent suppressed during screen-off
2024-06-09 18:36:57 +00:00
0f97e3d7ed
sane-input-handler: fix that input events werent suppressed during screen-off
...
note that this doesn't fix input gating during the
screenoff-after-inactivity case.
2024-06-09 18:28:31 +00:00
b24b68a6bd
mpv: switch to mainline mpv
2024-06-09 06:48:43 +00:00
cb32dc99cd
sysvol: fix background transparency
2024-06-09 01:50:39 +00:00
502c9d1db3
nixpkgs: 24.05-unstable-2024-06-xx -> 24.05-unstable-2024-06-08
2024-06-09 00:48:52 +00:00
f219c59ad5
nixpkgs: acquire via builtins.fetchGit instead of flake
...
i'll probably delete this toplevel flake at some point as well
2024-06-08 01:37:47 +00:00
6b8371c32b
nixpkgs-wayland: import by fetchFromGitHub instead of via flake
2024-06-07 21:29:45 +00:00
50450fe7fe
brave: fix eval error on armv7l
2024-06-07 07:32:24 +00:00
8807140c83
neovim: fix cross to armv7l
2024-06-07 07:31:44 +00:00
d8fed884d0
programs: steam: move from pcGuiApps -> pcGameApps
2024-06-07 07:30:56 +00:00
8105e00b39
refactor: make system.stateVersion
common across all hosts.
...
otherwise it's hairy to share nixos configs/modules between them
note that this alters the stateVersion for desko/lappy/rescue, but unlikely to matter
2024-06-04 15:58:53 +00:00
7e32fab5d4
refactor: moby: split more stuff out of the toplevel config and hide behind roles/etc
2024-06-04 15:58:51 +00:00
b334db28c6
refactor: hide x86_64-specific host config in a module
2024-06-04 14:26:24 +00:00
b52057e317
refactor: split "quirks.nix" out of hosts/common/hardware/default.nix
2024-06-04 14:14:22 +00:00
414ab85e20
refactor: move hosts/common/hardware/default.nix into hosts/common/boot.nix
2024-06-04 14:12:28 +00:00
82133a8f16
refactor: move logind config into systemd.nix
2024-06-04 14:09:58 +00:00
394259fe21
modemmanager: harden systemd service
2024-06-03 16:41:51 +00:00
8c256c629b
networkmanager: harden further with NoNewPrivileges and PrivateTmp
2024-06-03 16:23:22 +00:00
0e2d86ac96
NetworkManager-dispatcher: note why we cant use DynamicUser
2024-06-03 15:57:41 +00:00
e2a1e6730d
NetworkManager-dispatcher: harden systemd service
2024-06-03 15:44:22 +00:00
a1e923f999
networkmanager: tighten ProtectSystem
to "strict"
2024-06-03 15:10:14 +00:00
09333c992c
wpa_supplicant: harden systemd service
2024-06-03 15:09:32 +00:00
80eb385c64
networkmanager: restrict service (using systemd options)
2024-06-03 14:27:00 +00:00
f6725f60b9
networkmanager: re-introduce my polkit patches
2024-06-03 13:04:48 +00:00
42fed64b75
NetworkManager: split specific config options out of my main net/default.nix file
2024-06-03 11:24:38 +00:00
682143d47f
NetworkManager: 1.46.0 -> 1.48.0
...
mostly so i can review the PR and get this update mainlined sooner :)
2024-06-03 11:23:33 +00:00
9d109644b7
nixpkgs: 2024-06-01 -> 2024-06-03; sops-nix -> 2024-06-02
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/f7de25c01e4c073c06e0525226a0c2311d530cee' (2024-06-01)
→ 'github:nixos/nixpkgs/c987c730bbf2121264ebd68921b443db5bb28543' (2024-06-03)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/61c1d282153dbfcb5fe413c228d172d0fe7c2a7e' (2024-06-01)
→ 'github:nixos/nixpkgs/77a51024c0f953d503eb3ed364aa4bff378649f8' (2024-06-03)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/962797a8d7f15ed7033031731d0bb77244839960' (2024-05-26)
→ 'github:Mic92/sops-nix/ab2a43b0d21d1d37d4d5726a892f714eaeb4b075' (2024-06-02)
• Updated input 'sops-nix/nixpkgs-stable':
'github:NixOS/nixpkgs/59a450646ec8ee0397f5fa54a08573e8240eb91f' (2024-05-25)
→ 'github:NixOS/nixpkgs/3b1b4895b2c5f9f5544d02132896aeb9ceea77bc' (2024-06-01)
```
2024-06-03 05:31:28 +00:00
e4bcbab224
hosts: networking: switch to using nixos NetworkManager/ModemManager/etc, just patched for hardening
2024-06-02 11:22:03 +00:00
1b85aa0441
networkmanager/modemmanager: get closer to nixpkgs upstream
...
i've seen enough, that there's a path toward getting nixos proper to sandbox this in a way i'm happy with -- in time
2024-06-02 08:56:38 +00:00
f5e5d1bcc4
networkmanager: fix polkit integrations when running not as root
...
now nmcli/etc work
2024-06-02 05:10:11 +00:00
30d41f82f2
refactor: networkmanager: use substitute
instead of sed
when patching
2024-06-01 22:16:18 +00:00
62dbad3486
polyunfill: remove a few more default systemPackages
2024-06-01 21:06:40 +00:00
4287ecf0ed
polyfill: don't ship unused mtools
package
2024-06-01 20:15:04 +00:00
b13ca92b72
polyfill: remove boot.{enableContainers,bcache}
2024-06-01 20:14:49 +00:00
53bbd611da
nixpkgs-review: persist the ~/.cache/nixpkgs-review directory
2024-06-01 17:15:54 +00:00
cb1d5d53c6
feeds: add mintcast podcast
2024-06-01 16:28:42 +00:00
6fe3d26b30
modemmanager: fix missing mmcli
binary in service definition
2024-06-01 15:41:14 +00:00
8340cf059f
nixpkgs-review: fix sandboxing
2024-06-01 15:26:23 +00:00
e0da3ece60
errno: simplify
2024-06-01 14:48:55 +00:00
8ea379d53b
errno: ship on all platforms
2024-06-01 14:04:45 +00:00
c7dd49af91
errno: fix cross compilation by not building *all* of moreutils
2024-06-01 14:03:59 +00:00
8657cf1fcf
ship ausyscall
binary
2024-06-01 12:17:08 +00:00
e3e86a43a9
brightnessctl: disable unused dbus access
2024-06-01 12:09:51 +00:00
05986d363d
brightnessctl: fix udev rules so i can run it again
2024-06-01 12:02:24 +00:00
539d9e45a2
networkmanager/modemmanager: ship separate packages for the daemon and CLI tools
...
they require fundamentally different sandboxing approaches. the daemon *can't* always use bwrap if it wants to run as non-root. meanwhile the CLI tools would mostly *prefer* to run under bwrap.
in the long term i'll maybe upstream the systemd sandboxing into nixpkgs, where there looks to be desire for it
2024-05-31 23:26:16 +00:00
326bf045b0
networkmanager/wpa_supplicant: switch user back to "networkmanager"
...
root gives too much power, even with bwrap/namespaces
2024-05-31 23:26:16 +00:00