|
|
1098d121b4
|
firefox-extensions.sidebery: 5.0.0 -> 5.1.1.7
|
2024-02-26 18:07:45 +00:00 |
|
|
|
821c631b1d
|
firefox-extensions.sponsorblock: 5.5.5 -> 5.5.6
|
2024-02-26 18:03:44 +00:00 |
|
|
|
96347ad7ac
|
firefox-extensions.bypass-paywalls-clean: 3.5.5.0 -> 3.5.7.0
|
2024-02-26 18:02:10 +00:00 |
|
|
|
4f933cc0fa
|
fix "update.pkgs" script
|
2024-02-26 18:01:47 +00:00 |
|
|
|
03615ce244
|
nixpkgs: 2024-02-24 -> 2024-02-25; sops-nix -> 2024-02-25
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/a3e2b0de906a8fe0143c2783199abdc132dee56a' (2024-02-24)
→ 'github:nixos/nixpkgs/f42891a2fa716dcab10336a1b7313993430568ea' (2024-02-25)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/b66514c14e85cd7d853d6dbbf1a421ba232eff10' (2024-02-24)
→ 'github:nixos/nixpkgs/8e474340ed0592ca21c1398d88dd89bf7100e881' (2024-02-25)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/f6b80ab6cd25e57f297fe466ad689d8a77057c11' (2024-02-21)
→ 'github:Mic92/sops-nix/2874fbbe4a65bd2484b0ad757d27a16107f6bc17' (2024-02-25)
• Updated input 'sops-nix/nixpkgs-stable':
'github:NixOS/nixpkgs/69405156cffbdf2be50153f13cbdf9a0bea38e49' (2024-02-17)
→ 'github:NixOS/nixpkgs/89a2a12e6c8c6a56c72eb3589982c8e2f89c70ea' (2024-02-25)
```
|
2024-02-26 17:35:34 +00:00 |
|
|
|
7d613d90d8
|
nixcache: disable my own substituters by default
|
2024-02-26 17:35:34 +00:00 |
|
|
|
afd52014d1
|
sane-reclaim-disk-space: note to run as root
|
2024-02-26 15:25:12 +00:00 |
|
|
|
dd6e1c5e38
|
flake: fix "deploy" commands to bypass substituters, and address deprecated nix path signing
|
2024-02-26 15:01:14 +00:00 |
|
|
|
d0d7994c2f
|
sxmo: remove 'greeter' option
|
2024-02-26 07:27:33 +00:00 |
|
|
|
b5da7a86fa
|
libkiwix: 12.1.1 -> 13.1.0
|
2024-02-26 06:10:37 +00:00 |
|
|
|
f2e1bb6b86
|
programs: python3-repl: sandbox
|
2024-02-25 18:52:55 +00:00 |
|
|
|
fe0f6988bd
|
programs: disable wine (unused)
|
2024-02-25 18:42:25 +00:00 |
|
|
|
c402a265cd
|
programs: stepmania: sandbox
|
2024-02-25 18:26:32 +00:00 |
|
|
|
d5643a6a5d
|
assorted static-nix-shell packages: use srcRoot
|
2024-02-25 17:37:38 +00:00 |
|
|
|
e757e35065
|
static-nix-shell: add a srcRoot argument which allows more precisely specifying the source files and avoiding unnecessary rebuilds
|
2024-02-25 17:37:10 +00:00 |
|
|
|
953dd98b0f
|
refactor: static-nix-shell: remove unused options
|
2024-02-25 17:28:00 +00:00 |
|
|
|
c9c1181242
|
programs: wireplumber: sandbox
|
2024-02-25 17:11:48 +00:00 |
|
|
|
f9888fe8d6
|
programs: sane-private-init: sandbox
|
2024-02-25 16:46:10 +00:00 |
|
|
|
036145e6ba
|
programs: sane-private-change-passwd: sandbox
note that this is entirely untested
|
2024-02-25 16:35:13 +00:00 |
|
|
|
5b647a1a90
|
programs: sane-private-change-passwd: rewrite based on how my system looks today
i haven't tested this
|
2024-02-25 16:28:57 +00:00 |
|
|
|
7c486492c8
|
programs: pipewire: port sandbox to bwrap and restrict further
|
2024-02-25 15:19:57 +00:00 |
|
|
|
890b41f563
|
programs: pipewire: sandbox
still need to sandbox wireplumber
|
2024-02-25 14:34:11 +00:00 |
|
|
|
ca36fe1b96
|
programs: gnome.seahorse: sandbox
|
2024-02-25 12:03:42 +00:00 |
|
|
|
d2df668c9e
|
modules/programs: sane-sandboxed: replace --sane-sandbox-keep-pidspace with --sane-sandbox-keep-namespace <pid|cgroup|ipc|uts>
|
2024-02-25 12:00:00 +00:00 |
|
|
|
b7921ac41b
|
refactor: programs: sort
|
2024-02-25 11:53:49 +00:00 |
|
|
|
c304367e21
|
programs: gnome-maps: sandbox
|
2024-02-25 11:51:50 +00:00 |
|
|
|
2ad33a49df
|
refactor: pipewire: remove dead code
|
2024-02-25 10:38:42 +00:00 |
|
|
|
0b4efd2ab2
|
pipewire: migrate services to sane.programs to completely disable socket activation
see: https://github.com/NixOS/nixpkgs/issues/291318
|
2024-02-25 10:36:21 +00:00 |
|
|
|
0745e9fc06
|
refactor: programs: split gnome-maps into own file
|
2024-02-25 09:06:32 +00:00 |
|
|
|
e0267b5669
|
programs: pipewire: disable socket activation
|
2024-02-25 08:55:59 +00:00 |
|
|
|
b3c7aac8c5
|
programs: wike: sandbox: enable DRI to fix graphical glitches
|
2024-02-25 08:38:10 +00:00 |
|
|
|
c788596c45
|
programs: sane-private-do: grant net access
crucial for e.g. sane-private-do git push
|
2024-02-25 08:25:13 +00:00 |
|
|
|
f807d7c0a2
|
modules/programs: sane-sandboxed: bwrap: don't virtualize {/dev,/proc,/tmp} if explicitly asked to bind them instead
this is necessary for some programs which want a near-maximial sandbox, like
launchers or shells, or more specifically, `sane-private-do`.
|
2024-02-25 08:15:39 +00:00 |
|
|
|
6ab5dd8a8f
|
modules/persist: ensure that the mountpoint for the private store is created at boot
|
2024-02-25 07:51:24 +00:00 |
|
|
|
52b8cd0209
|
modules/persist: ensure backing directory is created *before* we mount
|
2024-02-25 07:22:50 +00:00 |
|
|
|
6865331b48
|
programs: sandbox sane-scripts.private-do
|
2024-02-25 05:41:27 +00:00 |
|
|
|
dd00a2fe6e
|
sane-private-do: run a shell by default, and leave the mount in its original state on exit
|
2024-02-25 05:41:27 +00:00 |
|
|
|
4ee02151f4
|
sane-private-{lock,unlock}: just defer to mount
|
2024-02-25 05:19:44 +00:00 |
|
|
|
00bf2f79cc
|
ssh: clean up /etc/ssh/host_keys persistence
|
2024-02-25 05:19:44 +00:00 |
|
|
|
04a6055d06
|
remove /libexec from environment.pathsToLink
|
2024-02-25 05:12:44 +00:00 |
|
|
|
15a7793f0d
|
bonsai: 1.0.2 -> 1.1.0
|
2024-02-25 01:59:01 +00:00 |
|
|
|
f714bd8281
|
programs: jq: sandbox
|
2024-02-25 01:59:01 +00:00 |
|
|
|
73b2594d9b
|
programs: sandboxing: distinguish between "existingFileOrParent" and "existingOrParent"
|
2024-02-25 01:59:01 +00:00 |
|
|
|
a55dc5332d
|
modules/programs: sane-sandboxed: introduce "existingOrParent" autodetect-cli option
some programs will want this, to create directories by name; e.g. archive managers
|
2024-02-25 01:48:10 +00:00 |
|
|
|
86108518da
|
modules/programs: sane-sandboxed: add a new "existingFile" option for the cli autodetect
|
2024-02-25 01:43:39 +00:00 |
|
|
|
0f1ad0f3c9
|
fs: auto-mount /mnt/<host>/home and enable "follow_symlinks" option
|
2024-02-24 16:04:04 +00:00 |
|
|
|
bcd7a6f646
|
nixpkgs: 2024-02-22 -> 2024-02-24
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/024149d718e25378f4decfeeb614b88208c2f700' (2024-02-22)
→ 'github:nixos/nixpkgs/a3e2b0de906a8fe0143c2783199abdc132dee56a' (2024-02-24)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/a7fa133a1e973c127e9c83e2c8e3407ae3797099' (2024-02-22)
→ 'github:nixos/nixpkgs/b66514c14e85cd7d853d6dbbf1a421ba232eff10' (2024-02-24)
```
|
2024-02-24 12:21:27 +00:00 |
|
|
|
92c2eb8383
|
nixpatches: update the icu cross fix
|
2024-02-24 12:14:29 +00:00 |
|
|
|
879d01ac2e
|
modules/ssh: note that theres a better store to place the ssh host_keys in
|
2024-02-24 12:14:14 +00:00 |
|
|
|
0448df51e3
|
modules/programs: sane-sandboxed: add a --sane-sandbox-dry-run flag
|
2024-02-24 12:00:58 +00:00 |
|
