30507c3564
programs: soundconverter: sandbox with bwrap
2024-02-16 03:51:23 +00:00
2b66ffc58a
programs: feedbackd: sandbox w/ bwrap
2024-02-16 03:49:59 +00:00
48d96c1f36
programs: hase: sandbox with bwrap
...
couldn't test the net feature, because hase servers have since gone
offline :((
2024-02-16 03:48:59 +00:00
cdf61755a3
programs: splatmoji: document the sandboxing approach
2024-02-16 03:46:48 +00:00
dd1dc69530
packages: remove unused kid3
2024-02-16 03:39:45 +00:00
481f54ea2f
packages: disable unused packages: makemkv, mumble, openscad
2024-02-16 03:20:17 +00:00
511752fab5
programs: xdg-desktop-portal{-gtk,-wlr}: enable sandbox
2024-02-16 03:17:19 +00:00
40ed7cff1b
programs: git: fix failing sandbox build
2024-02-16 03:16:46 +00:00
5e7f914354
programs: superTux: fix failing sandbox build
2024-02-16 03:16:28 +00:00
0dec8b6d5b
programs: fontconfig: sandbox
2024-02-15 18:26:45 +00:00
7eaffc9fa0
programs: w3m: enable sandbox
2024-02-15 18:25:48 +00:00
b7c1a6331d
programs: mate.engrampa: enable sandbox
2024-02-15 18:24:27 +00:00
d6868d58e6
xdg-desktop-portal: disable sandbox
2024-02-15 18:23:40 +00:00
52d768a162
programs: xterm: mark as not needing a sandbox
2024-02-15 17:26:55 +00:00
7a685d8de9
programs: inkscape: sandbox with bwrap
2024-02-15 17:26:37 +00:00
838c6d7dc8
programs: swaync: sandbox
2024-02-15 16:38:38 +00:00
9d706df5b5
programs: waybar: narrow the /run/user paths to just sway-ipc.sock
2024-02-15 14:40:01 +00:00
06f1f1e9ea
sway: give SWAYSOCK a consistent name
2024-02-15 14:38:54 +00:00
2fbbe7fd78
sway: remove unused "sane.gui.sway.package" option
2024-02-15 14:38:10 +00:00
24d23f7903
programs: bemenu: fix sandboxing
2024-02-15 14:33:20 +00:00
0394aa65e9
sway: simplify config
2024-02-15 14:25:45 +00:00
5090c4e88c
sway: define without using nixos "programs.sway"
...
motivation was to leverage 'sane.programs.sway.env' to statically configure SWAYSOCK. i think that's still the right way: we'll see
2024-02-15 14:25:27 +00:00
081114da65
programs: waybar: sandbox in a way that works well for moby too
2024-02-15 13:16:18 +00:00
02b7586ffa
programs: komikku: add dbus to the sandbox to fix it
2024-02-15 11:58:08 +00:00
25dcb7f89a
programs: open-in-mpv: document that upstream merged my PR
2024-02-15 11:38:37 +00:00
88f1d63b6e
firefox: properly integrate xdg-desktop-portal for opening media
2024-02-15 11:36:50 +00:00
d36e269edd
programs: loupe: remove the dbus services to make it work with Firefox
2024-02-15 11:36:24 +00:00
582a003739
programs: waybar: fix battery indicator within sandbox
2024-02-15 10:35:24 +00:00
df60be8c61
open-in-mpv: sandbox with bwrap
2024-02-15 09:49:03 +00:00
e8b4c36442
programs: nautilus: specify inode/directory mime association
2024-02-15 09:48:26 +00:00
2f699737f5
firefox: fix open-in-mpv integration
...
two parts: add open-in-mpv's config to firefox's sandbox; patch open-in-mpv to forward to xdg-open
2024-02-15 09:14:57 +00:00
4a3d24be3f
waybar: migrate all config to "sane.programs"
2024-02-15 07:18:12 +00:00
10feb319fe
sway: lift waybar to own file and sandbox it
2024-02-15 02:33:40 +00:00
b2fcf6fdfd
programs: messengers (fractal, signal, dino, tuba): add media libraries to the sandbox
2024-02-15 00:49:24 +00:00
dcc2eb265d
programs: re-enable sandbox for tumiki-fighters and losslesscut (X applications)
2024-02-15 00:09:40 +00:00
518c3afd07
programs: sandbox: disable losslesscut/tumiki-fighters sandbox until i can figure out Xwayland
2024-02-14 14:37:59 +00:00
90dee85664
programs: sort alphabetically
2024-02-14 14:28:22 +00:00
26fc283fd9
programs: losslesscut: sandbox
2024-02-14 14:26:56 +00:00
d0430ce1e9
programs: pavucontrol/pwvucontrol: enable audio devices inside the sandbox
2024-02-14 14:26:56 +00:00
368a52b91e
programs: speedtest-cli: sandbox with bwrap
2024-02-14 14:26:56 +00:00
d90dacee1f
programs: grimshot: sandbox with bwrap
2024-02-14 14:17:41 +00:00
a6e2b3bc5c
programs: xdg-terminal-exec: disable sandbox
2024-02-14 14:11:35 +00:00
8863a3c674
programs: wob: sandbox with bwrap
2024-02-14 14:10:20 +00:00
fa8d6dbb9f
programs: wob: fix config substitution
2024-02-14 14:04:54 +00:00
e5e79a6b60
programs: FileMimeInfo: disable sandbox
2024-02-14 13:54:21 +00:00
95f7eeeb5c
programs: libnotify: sandbox with bwrap
2024-02-14 13:49:48 +00:00
29d638c68b
programs: dig: sandbox with bwrap
2024-02-14 13:47:44 +00:00
7d22a5466f
programs: zsh: fix "switch" function to be friendly to sandboxing
2024-02-14 13:45:56 +00:00
5907d9fa42
Revert "xdg-desktop-portal-gtk: build without support for notifications"
...
This reverts commit c9e02bfd8a
2024-02-14 11:09:37 +00:00
67fe8d4666
swaync: propagate GNOTIFICATION_BACKEND = "freedesktop" to all users
2024-02-14 11:09:20 +00:00
c9e02bfd8a
xdg-desktop-portal-gtk: build without support for notifications
2024-02-14 10:51:18 +00:00
03b58b3cab
programs: vim: support system copy/paste inside of sandbox
2024-02-14 09:11:31 +00:00
ae01c17c05
programs: splatmoji: fix to work inside a sandbox again
2024-02-14 09:11:12 +00:00
677e6e679b
programs: sandbox {s,}waylock lockscreen
2024-02-14 08:48:03 +00:00
3eb47a9a8d
programs: swaylock: *partially* sandbox with capsh
2024-02-14 05:46:36 +00:00
f11e443678
programs: waylock: *partially* sandbox with capsh
2024-02-14 05:46:28 +00:00
8f8ec090c4
programs: add "waylock"
2024-02-14 05:01:33 +00:00
e174eaeff0
programs: loupe: fix sandboxing
2024-02-14 04:32:10 +00:00
f12b7afa1e
programs: mimeo: dont sandbox
2024-02-14 01:51:26 +00:00
080bd856ec
programs: sandboxing: only permit wayland socket access to those specific apps which require it
2024-02-14 01:49:49 +00:00
2d7c5b9fa5
programs: mpv: explicitly add Videos/servo, Books/servo to sandbox
2024-02-13 15:38:57 +00:00
83cb29aeeb
xdg-utils: re-add mimetype package
2024-02-13 12:31:04 +00:00
1a18ed533b
programs: don't include dbus in the sandbox by default
2024-02-13 11:58:33 +00:00
18eec98cae
programs: brightnessctl: switch to landlock
2024-02-13 11:58:33 +00:00
82c386a6a4
programs: tor-browser-bundle-bin -> tor-browser
...
they're the same (aliased), only my programs API expects 'tor-browser' specifically
2024-02-13 11:58:33 +00:00
634dc318cd
programs: spotify: remove old/unused firejail config
2024-02-13 11:15:30 +00:00
6eaaeeb91a
programs: remove audio from the sandbox by default
2024-02-13 11:14:38 +00:00
94be4a7551
programs: wob: fix service definition (Exec -> ExecStart)
2024-02-13 11:03:18 +00:00
b4a20da78a
programs: brightnessctl: sandbox
2024-02-13 10:55:44 +00:00
bb68506839
modules/programs: add separate "user" v.s. "system" options for whitelistDbus
2024-02-13 10:55:10 +00:00
77e2af0ed9
programs: krita: enable sandbox
2024-02-13 10:36:42 +00:00
126f3e4922
programs: sandboxing: restrict /run/user dir to just dbus/pipewire/pulse/wayland, by default
2024-02-13 10:28:30 +00:00
371af5939e
programs: mpv: tighten the /run/user portion of the sandbox
2024-02-12 15:24:07 +00:00
e94e338040
programs: handbrake: remove unneeded Pictures/servo-macros from sandbox
2024-02-12 12:54:41 +00:00
354ce378f6
programs: assorted: convert /mnt/servo "extraPaths" into "extraHomePaths" where possible
2024-02-12 12:54:16 +00:00
f9a998eb92
programs: koreader: remove "sandbox.embedProfile = true"
...
i guess this was set while i was debugging
2024-02-12 11:33:55 +00:00
1e05119adc
mpv: fix loading of album art within sandbox
2024-02-12 08:59:46 +00:00
e81df0ac86
modules/programs: enforce that user services don't accidentally override PATH
2024-02-12 08:44:55 +00:00
b19492ba23
programs: mpv: add .config/mpv to sandbox paths
2024-02-12 08:26:51 +00:00
8b26fa1303
programs: wob: split the script into an actual package
2024-02-12 08:26:51 +00:00
c0883dc777
sway: refactor: store sway-portals.conf in the user dir instead of system-wide
...
it's a user service, so prefer to configure it via user/home conf dirs
2024-02-12 07:13:39 +00:00
6b3a71aadf
programs: xdg-desktop-portal: dont show app chooser for apps which are the default association
2024-02-12 07:12:04 +00:00
8d0d20757e
gui: fold xdg-desktop-portal.nix back into sway config
2024-02-12 01:38:05 +00:00
66ca822ac1
remove xdg-desktop-portal-gtk service; xdg-desktop-portal knows how to start that itself
2024-02-12 01:33:34 +00:00
db7a414030
xdg-desktop-portal(s): dont install globally
2024-02-12 01:16:17 +00:00
87050a0500
feeds: add "FullTimeNix" podcast :)
2024-02-12 00:09:49 +00:00
bf53e3628a
xdg-utils: cleanup
2024-02-11 23:57:50 +00:00
d35f938806
mime.nix: fix cross build
2024-02-11 23:44:55 +00:00
d719eb0f11
programs: gPodder: enable Videos/gPodder in sandbox
2024-02-11 23:37:16 +00:00
0fbc10fce3
mime: store mime associations in ~/.local/share/applications instead of /run/current-system/sw/share/applications to facilitate sandboxing
2024-02-11 23:31:43 +00:00
772f1070e7
xdg-desktop-portal: configure myself, to unblock future portal-related work
2024-02-11 23:29:07 +00:00
50c6e406bc
programs: disable zecwallet-lite
2024-02-09 20:23:56 +00:00
590a239f7d
programs: gpodder: sandbox with bwrap
...
which we can do, now that xdg-open works correctly within sandboxes
2024-02-09 10:31:42 +00:00
bcbc57f5ef
programs: get xdg-open to work from within sandboxes
...
note that implementation may have a quirk that applications launched via the portal cannot themselves "xdg-open" through the portal, because of the environment variable manipulation.
not sure how best to address that.
2024-02-09 10:27:30 +00:00
0d3adcdc5c
modules: users: have user services inherit PATH from environment rather than forcibly overwriting it
2024-02-09 09:50:26 +00:00
d19907a38d
sway: enable OpenURI interface in xdg-desktop-portal
2024-02-09 05:57:02 +00:00
c9af5bf9b4
programs: sandboxing: enable net isolation for most sandboxed programs
2024-02-08 21:51:32 +00:00
f6ca6210f9
feeds: link to podcastindex.org
2024-02-07 21:47:19 +00:00
227d159c66
sway: map Super+Shift+PageUp/Down to next/prev track
2024-02-06 23:52:53 +00:00
a6becb8c42
sway: add Super+space to toggle media
2024-02-06 23:22:24 +00:00
2a5398beb3
sway: simplify brightness_up_cmd
...
sxmo just uses brightnessctl internally, plus a call to 'notify'
i don't really need the notification, and if i did i could implement wob support on both desktop and mobile
2024-02-06 23:10:01 +00:00
0f12ed68f7
sway: simplify config templating
2024-02-06 23:04:44 +00:00
0c050d1953
programs: fuzzel: fix overly-aggressive sandboxing
2024-02-06 20:10:29 +00:00
2fc1fe7510
modules/programs: make-sandboxed: fix that /share/* was being linked into top-level /; better way to enforce sandboxing of /share entries
2024-02-06 19:55:55 +00:00
5fbf66fb15
programs: loupe: sandbox with bwrap
2024-02-06 06:05:32 +00:00
97d50629e9
programs: handbrake: sandbox with landlock
2024-02-06 05:48:54 +00:00
5f8699fcef
rearrange /mnt structure for host-based subdirs
...
e.g. /mnt/servo/media, /mnt/desko/home, etc
2024-02-06 05:48:11 +00:00
7ce957c3af
gtk: set GSK_RENDERER=cairo to fix a bug somewhere in moby's render stack
2024-02-06 05:02:02 +00:00
5ff7bf0c69
programs: fuzzel: sandbox
2024-02-06 02:34:46 +00:00
2495200b67
tidy: programs: wget: remove warning about the sandbox being untested
2024-02-06 01:34:40 +00:00
4c499629f5
programs: vvvvvv: sandbox with bwrap
2024-02-06 01:34:04 +00:00
7b9f54dd54
programs: superTux: sandbox with bwrap
2024-02-06 01:16:36 +00:00
bda932c3df
programs: supertuxkart: sandbox with bwrap
2024-02-06 01:10:39 +00:00
3f96f4af82
sway: refer to fewer programs in the config by absolute path
...
this aids in sandboxing and swapping stuff in/out at runtime
2024-02-05 23:40:18 +00:00
1c4e2f97fe
swaylock: mark sandboxing as unsupported
2024-02-05 23:36:35 +00:00
594a729968
feeds: remove balaji
2024-02-05 22:48:09 +00:00
6eb2a3d67f
programs: handbrake: sandbox with bwrap
2024-02-05 22:28:15 +00:00
ddc41bc9d8
programs: pavucontrol/pwvucontrol: sandbox with bwrap
2024-02-05 22:15:48 +00:00
7d833ebf76
programs: kdenlive: sandbox with bwrap
2024-02-05 22:07:37 +00:00
bfc0eadfaa
programs: hitori: sandbox with bwrap
2024-02-05 21:52:57 +00:00
ff1cbcc16b
programs: gnome-clocks,gnome-calendar: sandbox with bwrap
2024-02-05 21:46:27 +00:00
9a8d8a20bd
programs: frozen-bubble: persist data and sandbox with bwrap
2024-02-05 21:32:58 +00:00
cd1d22e7b9
programs: gnome-calculator: sandbox with bwrap
2024-02-05 20:58:38 +00:00
2c0e93826d
programs: gimp: sandbox with bwrap
2024-02-05 20:53:05 +00:00
cab346f3ad
programs: delfin: sandbox with bwrap
2024-02-05 20:44:47 +00:00
a2decaff9c
programs: bemenu: sandbox with landlock
2024-02-05 18:41:52 +00:00
8ef9f7a485
epiphany: persist dconf settings; reduce sandboxer errors
2024-02-05 18:31:38 +00:00
12846732b9
programs: blanket: sandbox with bwrap
2024-02-05 18:26:21 +00:00
e84079e84c
programs: firefox: allow sandbox access to ~/dev
2024-02-05 18:17:49 +00:00
45ffd9246d
programs: brave: sandbox with bwrap
2024-02-05 18:17:28 +00:00
ed3935318d
feeds: subscribe to non-paywalled Matt Levine
2024-02-05 16:41:38 +00:00
6d1eae2200
programs: gnome-2048: sandbox with bwrap
2024-02-05 08:26:06 +00:00
293eab8225
koreader: use modern openssl
2024-02-04 20:05:02 +00:00
abdbb83e10
koreader: replace vendored dependencies with their nixpkgs equivalents much more effectively
...
the old method was still causing everything to be re-compiled within koreader, rather than linking against the nix store.
decreases build time to about 3m on a desktop
2024-02-04 19:39:32 +00:00
dc74bca06a
programs: vim: add private/knowledge to sandbox
2024-02-03 23:53:53 +00:00
42523b75a8
programs: gdb: disable sandboxing
2024-02-03 23:53:34 +00:00
111946eb1d
programs: vim, imagemagick: fix sandboxing to consider uncreated files
2024-02-03 14:07:53 +00:00
14b20fd9c2
programs: komikku: fix sandboxing
2024-02-03 00:52:17 +00:00
2df1b20f02
programs: epiphany: simplify the sandboxing
2024-02-03 00:44:23 +00:00
2f9fad503c
programs: fix sandboxing errors for programs which create files (notably: ffmpeg)
2024-02-03 00:17:54 +00:00
cd0a046776
dovecot: remove dead code
2024-02-02 20:47:55 +00:00
27edee0bbf
dovecot2: fix sieves
2024-02-02 20:47:20 +00:00
56734fe5da
mpv: add /dev/dri to the sandbox
2024-02-02 19:18:30 +00:00
3c96f6d418
programs: koreader: enable DRI in the sandbox, and use wrappedDerivation
2024-02-02 17:22:57 +00:00
86b23e8183
programs: fractal: enable DRI in sandbox
2024-02-02 17:19:35 +00:00
065d045640
fix so sway inherits program env vars
2024-02-02 15:36:06 +00:00
d3eaa69261
lappy/desko: auto-start signal-desktop
2024-02-02 14:22:08 +00:00
6151eee8d5
programs (assorted): fix wantedBy = "default.target" to be more specific
...
now GUI apps aren't stuck in a restart loop until sway starts
in particular, signal-desktop can actually be autostarted
2024-02-02 14:21:57 +00:00
483a1d1780
sway: signal on launch to systemd that the graphical-session.target is ready
...
this allows auto-launching of other services which require a compositor (i.e. messaging apps)
2024-02-02 14:20:30 +00:00
2824671bde
tune nix deploy parameters (specifically for moby)
...
this is experimental; hard to understand immediately how significant are the effects
2024-02-02 00:50:25 +00:00
efcaef2c35
lappy/desko/servo: downgrade kernel 6.7 -> 6.6 (latest supported by zfs)
2024-02-01 16:21:46 +00:00
25707eb79e
servo: address deprecation warning: dovecot2.sieveScripts -> sieve.scripts
2024-02-01 15:47:56 +00:00
09923b60ea
moby: disable desko as nixcache
2024-02-01 15:41:43 +00:00
3100189172
purge supercap
...
i no longer have access to dispatch build jobs to it :((((
2024-02-01 15:36:37 +00:00
715ac42f13
remove samba from closure
...
current samba hangs during configurePhase. this is not the first time samba has failed to build. nor the third. purge it.
2024-02-01 15:28:40 +00:00
a9810e7343
re-ship linux 6.7 to lappy/desko/servo
...
now that landlock-sandboxer builds against the correct linux headers,
this can actually work.
2024-02-01 13:54:44 +00:00
00f995aec9
fixup landlock-sandboxer to work well for all systems
...
downgrade lappy/desko/servo back to default linux; zfs doesn't support latest
build landlock-sandboxer against the specific kernel being deployed; it's less noisy that way
2024-01-31 21:19:10 +00:00
368eb2c29b
programs: git: whitelist more repo roots
2024-01-31 21:17:48 +00:00
5f793523d1
ship linux 6.7 to lappy/desko/servo
2024-01-31 20:33:15 +00:00
33bee7ac2e
unl0kr: be a little more robust against bad password entry
2024-01-31 20:32:26 +00:00
84af8aca3c
unl0kr: remove debugging code
2024-01-31 20:10:57 +00:00
a0f00313a7
moby: disable signal-desktop autostart
2024-01-31 20:09:03 +00:00
6603115192
moby: disable getty auto-login
...
i think this interacts badly with unl0kr style logins, though
honestly kinda hard to tell if that was a fluke or real.
2024-01-31 19:47:24 +00:00
ac968e1589
sxmo: allow the option to disable greeter entirely
2024-01-31 19:46:37 +00:00
1d72e13a98
sxmo: launch via unl0kr by default
2024-01-31 17:40:36 +00:00
d9667653e7
docs: sway: point out that one can launch sway directly from a TTY
2024-01-31 16:29:27 +00:00
13be5a1731
unl0kr: fix LOGIN_TIMEOUT to be infinite
2024-01-31 15:43:30 +00:00
30288cd67f
user: add CAP_NET_ADMIN,CAP_NET_RAW even outside of systemd session
...
in fact, *only* outside of systemd session because they broke ambient caps in 255
2024-01-31 15:42:43 +00:00
8736ca478b
programs: firefox: allow access to servo image-macros
2024-01-31 15:36:09 +00:00
cb3960fb21
programs: git: fix access to ~/private/knowledge
2024-01-31 15:35:21 +00:00
6e24a1ff28
programs: re-enable sops
2024-01-31 15:30:15 +00:00
91eae95b32
modules.gui.gnome: fix build
2024-01-31 15:29:49 +00:00
f5c88853ee
sway: replace "greetd" with "unl0kr"-based login process
2024-01-31 15:20:27 +00:00
0009e5ca4c
programs: sandboxing: use wrapperType="wrappedDerivation" where applicable
2024-01-29 15:21:16 +00:00
db6ba61429
programs: sandbox more apps with wrapperType=wrappedDerivation
2024-01-29 13:45:57 +00:00
d3f7a036ce
ripgrep: move options out of assorted.nix into its own file
2024-01-29 12:57:56 +00:00
0454abacd9
komikku: sandbox
2024-01-29 12:56:08 +00:00
1cb2c5225f
programs: use wrapperType=wrappedDerivation where possible
2024-01-29 12:07:04 +00:00
6f86e61a00
firefox: fix build
...
zip was giving some complaints... i'm not sure why, i think it still works
2024-01-29 09:57:35 +00:00
c1a1f51ca2
git: fix git-upload-pack (used on the remote when doing git pull)
2024-01-29 09:57:27 +00:00
381da74e6c
users: enable pam_cap for "login" program
2024-01-28 17:55:19 +00:00
24c70c3683
feeds: switch acoup.blog to the database type feed
...
at some point my feed script became capable of understanding his RSS :)
2024-01-28 12:37:38 +00:00
bfec531fa2
sandbox a bunch more apps
2024-01-28 11:43:05 +00:00
de11edffa5
programs/assorted: remove more unused programs
2024-01-28 11:34:33 +00:00
e536e3c718
programs/assorted.nix: remove unused tree-sitter package
2024-01-28 11:03:09 +00:00
17d14dbac2
programs/assorted.nix: uninstall some programs i don't frequently use
2024-01-28 10:40:57 +00:00
94981ef335
vim: sandbox
2024-01-28 10:39:08 +00:00
3cd244be76
git: sandbox with bwrap
2024-01-28 10:36:19 +00:00
7da979503b
bubblewrap: explicitly disable sandboxing
2024-01-27 17:20:40 +00:00
3b32c26026
zsh: explicitly disable sandboxing
2024-01-27 17:20:24 +00:00
cad25306e7
alacritty: explicitly disable sandbox
2024-01-27 17:20:11 +00:00
4d7414c941
programs: introduce and use "autodetectCliPaths" nix config
2024-01-27 17:19:48 +00:00
b29b8bdec7
wireshark: specify capabilities via sandbox.capabilities config
2024-01-27 17:12:40 +00:00
02b6e17449
nicotine-plus: disable
...
now i have no firejail programs; no more setuid wrapper in /run/wrappers :)
2024-01-27 15:37:43 +00:00
770db96ec6
go2tv: sandbox with bwrap
2024-01-27 15:31:08 +00:00
ff356fdd49
playerctl: sandbox with bwrap
2024-01-27 15:18:56 +00:00
eec89e2cc1
librewolf: sandbox with bwrap
2024-01-27 15:16:53 +00:00
d69d8f64f3
tor-browser: sandbox with bwrap; remove useHardenedMalloc patch
2024-01-27 15:04:22 +00:00
4ee2562202
programs: tidy: prefer "sandbox.extraHomePaths" over "fs" for external deps
2024-01-27 14:54:17 +00:00
08b1ece56e
programs: gnome-weather: sandbox with bwrap
2024-01-27 14:53:38 +00:00
b22c2e094c
koreader: sandbox with bwrap
2024-01-27 14:39:22 +00:00
b40775f97c
koreader-from-src: document FTP configuration
2024-01-27 14:39:02 +00:00
100ddad40e
wike: link to issue about state directory
2024-01-27 14:27:02 +00:00
1bde38bf72
cozy: sandbox with bwrap
2024-01-27 13:11:22 +00:00
0a25ef544f
wike: sandbox with bwrap
2024-01-27 12:29:58 +00:00
79ee47bada
firefox: get away with linking slightly less into the sandbox
2024-01-27 11:41:18 +00:00
be06e61bfb
programs: geary: fix sandboxing
...
this is an UGLY one. geary itself uses bwrap, and that fails if it's sandboxed AT ALL in landlock (i.e. even with just / landlocked as RW).
maybe this has to do with what landlock-sandboxer considers 'read/write' to be, and there's actually more file ops i need to enable on /
2024-01-27 11:28:08 +00:00
dae7785ee2
wireshark: remove dead code
2024-01-27 09:04:08 +00:00
27f3b2bd76
firefox: allow ~/tmp and ~/Pictures access
2024-01-27 06:00:46 +00:00
3e6278fa21
wireshark: sandbox with landlock instead of firejail
...
and remove the SUID wrapper, yay!
2024-01-27 04:44:21 +00:00
8ecb17ed3e
programs: enable libcap_ng/netcap
2024-01-26 09:13:20 +00:00
c4874c85b1
bubblewrap: debugging
2024-01-26 09:13:00 +00:00
563a75e9b2
users: launch entire systemd --user namespace with cap_net_admin, cap_net_raw
...
this should make sandboxing wireshark *much* easier, and same with things which require net namespaces, in the future
2024-01-25 15:05:35 +00:00
79e2bd2913
epiphany: sandbox with bwrap
...
this is the first app which *requires* DRI/DRM to function correctly. maybe this effects anything webkitgtk (like wike)?
2024-01-24 06:25:20 +00:00
95161b55cd
spot: sandbox with bwrap
2024-01-24 05:47:04 +00:00
d91759068c
element-desktop: sandbox with bwrap
2024-01-24 05:37:46 +00:00
c23c496066
programs: tuba: sandbox with bwrap
...
it complains "Fontconfig error: No writable cache directories"
seeeeeveral times. not sure if that's new or not. no obvious
consequences.
2024-01-24 05:34:10 +00:00
f8e8d23857
vlc: sandbox with bwrap instead of firejail
2024-01-24 05:19:20 +00:00
8484bb7978
docs: mime: document how to show the nix mime associations
2024-01-24 05:00:35 +00:00
0e99b296bc
animatch: remove the (unused) .config directory
2024-01-24 02:18:58 +00:00
d0e1241bd1
animatch: fix to run on wayland w/o Xwayland, and enable bwrap sandbox
2024-01-24 01:43:33 +00:00
c1a0a08b76
gtkcord4: sandbox with bwrap
2024-01-24 00:12:12 +00:00
e8748ce0a0
servo: lemmy: pict-rs: port the media-enable-full-video -> media-video-allow-audio CLI flag
2024-01-23 17:12:13 +00:00
7cf9b342cc
gpodder: fixup GPODDER_DOWNLOAD_DIR to be more friendly to sandboxing
2024-01-23 16:44:47 +00:00
8739851f48
evince: port sandbox from firejail to bwrap
2024-01-23 16:44:13 +00:00
d945b43f6b
signal-desktop: switch sandbox from firejail -> bwrap
2024-01-23 16:42:48 +00:00
7722acecee
sway: obtain deps via "config.sane.programs", so that i get the sandboxed version of e.g. splatmoji
2024-01-23 16:32:42 +00:00
571a0a9d06
gui: disable unused abaddon app
2024-01-23 16:30:06 +00:00
ccf4f66dd9
programs: dialect: sandbox with bubblewrap
2024-01-23 16:23:14 +00:00
b38e5403a5
splatmoji: sandbox
2024-01-23 16:01:27 +00:00
09af041745
g4music: ensure it can access the Music dir in its sandbox
2024-01-23 16:00:21 +00:00
cb5131746f
programs: audacity: sandbox with bubblewrap
2024-01-23 15:59:50 +00:00
bfd5630e21
programs: sandbox: omit media dirs by default, and implement --sane-sandbox-autodetect for programs which are liable to load data from paths
2024-01-23 15:48:12 +00:00
026f5dee4d
programs: g4music: sandbox with bwrap
2024-01-23 15:06:45 +00:00
b59be8338a
firefox: fix up sandboxing of ssh/sops
2024-01-23 14:57:57 +00:00
ab4bbc2224
programs: remove explicit firejail installation; let sane.programs decide when to install it sys-wide
2024-01-23 14:57:33 +00:00
156fcd1bf2
aerc: enable bwrap sandbox
2024-01-23 14:57:33 +00:00
bb63a594ab
conky: fixup needed paths for bwrap
2024-01-23 14:57:33 +00:00
f148334b58
programs: port extraFirejailConfig to extraConfig
2024-01-23 14:57:33 +00:00
da537ea8ea
fractal: switch from firejail -> bwrap
2024-01-23 14:13:09 +00:00
18d224dc34
dino: switch from firejail to bwrap
2024-01-23 14:12:52 +00:00
38fd171713
spotify: sandbox with bwrap instead of firejail
2024-01-23 12:12:56 +00:00
84c78d9256
conky: sandbox with bwrap instead of firejail
2024-01-23 12:11:22 +00:00
973203d85e
programs: mpv: sandbox with bwrap instead of firejail
2024-01-23 11:37:37 +00:00
f9174dd2aa
programs: firefox: sandbox with bwrap instead of firejail
2024-01-23 11:37:19 +00:00
0bed4d0ada
mpv: disable firejail sandboxing (it fails on moby)
2024-01-23 01:01:21 +00:00
f3e8af3fdb
doc: libreoffice: mention "still" v.s. "fresh" variants
2024-01-23 01:00:34 +00:00
af542ec05f
docs: gnome-keyring: point out that system gnome-keyring doesn't inherit my sandboxing
2024-01-23 01:00:06 +00:00
399a1d2052
steam: use wrapped package as system steam
2024-01-23 00:59:23 +00:00
bb6e5611d4
docs: conky: point out that un-sandboxed conky is used by sxmo-utils
2024-01-23 00:58:56 +00:00
c11f5a1401
wireshark: fix security.wrappers when wireshark is disabled
2024-01-22 23:58:04 +00:00
5b220f3fec
wireshark: enable firejail isolation
2024-01-22 13:12:10 +00:00
df861a3ef0
programs: firejail: inject custom firejail config through /etc/firejail
...
this improves rebuild times, and makes it easier for packages to inject their own free-form config
2024-01-22 11:12:18 +00:00
d6754b6cac
evince: sandbox with firejail
2024-01-22 10:20:29 +00:00
b03d7f7fb0
geary: test the firejail profile; it's not ready
2024-01-22 10:04:18 +00:00
008b186479
audacity: test the firejail profile; it's not ready
2024-01-22 10:04:03 +00:00
914f9b3703
vlc: sandbox with firejail
2024-01-22 09:47:24 +00:00
ed7ec4a371
conky: sandbox with firejail
2024-01-22 09:31:00 +00:00
2d338201a5
signal-desktop: sandbox with firejail
...
TODO: fix URL opening / xdg-open
2024-01-22 09:30:34 +00:00
a8aad1f98f
dino: sandbox with firejail
...
TODO: fix URL opening / xdg-open
2024-01-22 09:30:13 +00:00
2d06b93118
fractal: sandbox with firejail
...
TODO: seems this broke link opening? (xdg-open?)
2024-01-22 09:28:50 +00:00
60547204a8
sane.programs: firejail: support wrapping "runCommand" packages
2024-01-22 09:16:25 +00:00
3d763a0021
tor-browser-bundle-bin -> tor-browser
...
upstream nixpgs just has tor-browser-bundle-bin as an alias for tor-browser
2024-01-22 08:13:37 +00:00
ad474873e2
dovecot: fix unparseable config
...
upstream/nixpkgs is doing some shit, ugh
2024-01-22 08:09:37 +00:00
0f3f0933b1
mpv: sandbox with firejail
2024-01-22 03:50:28 +00:00
f8440e3811
go2tv: allow more ports through the firewall
2024-01-22 03:50:04 +00:00
9ecd0adcbe
firefox: sandbox with firejail
...
TODO: get it so open-in-mpv launches an mpv that has access to ~/.config/mpv
i guess this is the 'firejail url problem'
2024-01-21 23:59:15 +00:00
cf475c4696
nicotine-plus: remove distro-specific symlink
2024-01-21 03:56:33 +00:00
ce35330923
vpn.nix: factor into a proper module
...
this will allow for better integration with 'sane.programs'
2024-01-21 00:49:34 +00:00
59187a0ec0
programs: allow running binaries in a netns-style firejail
2024-01-20 11:11:12 +00:00
03fbf42680
servo: lemmy: pict-rs: fix broken CLI argument
2024-01-20 03:15:06 +00:00
7d670facd4
feeds: sort
2024-01-19 21:38:45 +00:00
61e5704fd6
feeds: unsub LW
...
too verbose, and too many of y'all turned into authoritarians
2024-01-19 21:38:14 +00:00
fd0723169f
nix-serve: fix coredump loop
2024-01-19 21:34:45 +00:00
a725d42bf5
ip_forward: consolidate the options to fix servo build
2024-01-19 21:34:18 +00:00
c03cea2d4e
net/vpn.nix: cleanup dead code
2024-01-19 09:58:13 +00:00
f43d6bff92
route VPN traffic such that i can configure any app to selectively use the VPN
...
e.g. firejail --net=br-ovpnd-us-mi --noprofile --dns=46.227.67.134 getent ahostsv4 uninsane.org
2024-01-19 09:54:01 +00:00
43a8ca90a7
feeds: add Cat and Girl
2024-01-16 19:12:25 +00:00
7d504892be
servo: dovecot: fix broken sieve
2024-01-16 06:28:25 +00:00
d7a2bf9d26
servo: remove networking.useDHCP=false override
...
seems likely that the change to systemd-networkd renamed the ethernet interface, and so eth0.useDHCP wasn't right. this change seems to restore networking
2024-01-16 06:09:19 +00:00
851c15aa6d
vpn: port ovpnd connections to use systemd-network
...
this should allow better integration with e.g. systemd-run, in future
2024-01-16 03:20:40 +00:00
c45898f903
WIP: wg-dev
2024-01-15 04:15:17 +00:00
0efec20904
hosts/common/net/vpn: remove unused "extraOptions" argument
2024-01-15 03:52:31 +00:00
5b9c58dbc6
hosts/common: use servo-style dns on all machines
...
it'll be handy as i want to place individual applications inside VPNs/namespaces
2024-01-15 01:16:22 +00:00
a7964c4f0c
hosts/common: net: split upnp config into own file
2024-01-15 01:12:09 +00:00
006a7e9f72
consolidate net-related stuff into hosts/common/net/ directory
2024-01-15 01:11:13 +00:00
3856710faf
net: annotate the UPNP rule
2024-01-15 01:08:10 +00:00
6cbc0bedf3
ddns-he (HurricaneElectric): remove
...
it's unused for a year
2024-01-15 00:55:10 +00:00
fbc0c7615a
ddns-afraid (afraid.org): remove
...
it's unused for a year
2024-01-15 00:54:41 +00:00
34bcdb5128
firefox: disable kinetic scrolling
2024-01-14 20:34:14 +00:00
a5c6e41622
feeds: subscribe to POD OF JAKE
2024-01-14 05:20:28 +00:00
02e03227d8
servo: try to integrate peerswap with clightning, but it fails
2024-01-14 04:33:12 +00:00
812a02bc6b
feeds: add The Dollop podcast
2024-01-14 00:49:29 +00:00
27898ecdc8
feeds: unsubscribe from Louis Rossman
...
his channel is kinda just the same idea played over and over
2024-01-14 00:36:52 +00:00
1c2324cca4
servo: clightning-sane: status command: show profits from fees
2024-01-13 16:43:49 +00:00
70f059eaac
feeds: subscribe to Jack Stauber
2024-01-13 16:43:41 +00:00
bac72be730
servo: clightning-sane: status command: show in/out payment sums
2024-01-13 15:53:48 +00:00
99858c1384
servo: clightning-sane: centralize metric reporting, fix so we blacklist our own channels less frequently
2024-01-13 04:47:20 +00:00
103a300e77
servo: clightning-sane: implement an autobalance subcommand
2024-01-13 03:04:24 +00:00
6b5cdd7508
servo: clightning-sane: log before we give up
2024-01-13 01:10:52 +00:00
2f1e354400
servo: clightning-sane: drop caches after so many failures
2024-01-12 23:54:06 +00:00
585a87130c
servo: clightning-sane: remove unused loop_once_with_retries method
2024-01-12 23:31:30 +00:00
0e68533776
servo: clightning-sane: introduce parallelism
2024-01-12 23:30:52 +00:00
882cc5bfd0
servo: clightning-sane: rename Balancer -> LoopRouter
2024-01-12 21:36:20 +00:00
91847a9a8e
servo: clightning-sane: factor "loop" action into own subroutine
2024-01-12 21:28:20 +00:00
5c649ff216
servo: clightning-sane: include peer_id in status --full
2024-01-12 20:56:00 +00:00
abdd224211
servo: clightning-sane: increase CLTV 9->18
2024-01-12 20:55:32 +00:00
0c72c59190
servo: clightning-sane: handle closed channels in status listing
2024-01-12 20:28:57 +00:00
432170a69e
servo: clightning-sane: rename ppm in/out to theirs/mine
2024-01-12 19:31:39 +00:00
805b37a9a5
servo: clightning-sane: add a --full option for more info
2024-01-12 19:24:50 +00:00
87a0bda011
servo: clightning-sane: perform rebalance operation in a loop
2024-01-12 19:17:07 +00:00
5d2c6e1978
servo: clightning-sane: mark channels which cant be rebalanced freely
2024-01-12 18:43:58 +00:00
abafbd811b
servo: clightning-sane: minor bugfixes
2024-01-12 18:30:49 +00:00
aca50d9946
servo: clightning-sane: add a "status" subcommand
2024-01-12 17:42:44 +00:00
bd4f4dab81
servo: clightning-sane: factor out a subcommands interface
2024-01-12 15:42:12 +00:00
aebd11ea82
alacritty: port config: yaml to toml
2024-01-12 03:24:55 +00:00
cec21375a5
servo: disable mautrix-signal
2024-01-12 03:24:55 +00:00
913403aac6
servo: clightning-sane: tidy
2024-01-12 01:25:56 +00:00
432a66bf5f
servo: clightning: initialize a script for rebalancing with peers
2024-01-11 23:11:33 +00:00
e2a43ddfa0
servo: clightning: allow group members to run lightning-cli
2024-01-11 15:59:32 +00:00
8644e6705a
servo: decrease ZFS cache size
2024-01-11 00:20:52 +00:00
3295ae3b74
servo: clightning: update config
2024-01-09 16:13:08 +00:00
e63438bedf
feeds: disable The Linux Experience
2024-01-09 00:45:18 +00:00
37583d8c9c
clightning: tune fees, logging
2024-01-06 18:08:51 +00:00
62b3863722
servo: clightning: enable experimental features
2024-01-06 09:13:17 +00:00
b11f03bd18
servo: clightning: docs
2024-01-05 22:09:32 +00:00
63620fa058
servo: clightning: node personalization and docs
2024-01-04 21:55:13 +00:00
4ce93f74c6
wob: add debug logging
2024-01-04 17:07:47 +00:00
09b806d7a7
go2tv: document youtube workarounds
2024-01-04 16:26:25 +00:00
2f31100c3f
servo: ship go2tv
2024-01-04 16:25:50 +00:00
ca3f97ec51
docs: go2tv: elaborate seeking limitations
2024-01-04 16:25:49 +00:00
7378d6c5b2
bitcoind: host behind tor
2024-01-04 16:25:49 +00:00
276de5d662
tor: fix /var/lib/tor directory permissions
2024-01-04 16:25:49 +00:00
6f449cf35f
clightning: document some places to find nodes for channels
2024-01-04 16:25:49 +00:00
daf046861c
wob: implement as part of sway instead of exclusive to sxmo
2024-01-04 13:08:20 +00:00
43498c62f9
clightning: integrate with tor
2024-01-03 18:29:16 +00:00
22f5853741
firefox: remove unused functions
2024-01-03 14:59:59 +00:00
fe217f6667
firefox: disable ctrl+shift+c shortcut more broadly
2024-01-03 14:59:27 +00:00
41ae86f40f
servo: enable clightning
2024-01-03 13:56:42 +00:00
6d52c8ecf8
servo: split tor/i2p into own files
2024-01-03 13:56:14 +00:00
75b649543a
firefox: enable ctrl-shift-c-should-copy extension
2024-01-03 13:42:58 +00:00
041855dbc7
zsh: fix broken <del> and <ctrl>+<arrow> keybindings
2024-01-03 13:07:29 +00:00
3e52956a3a
servo: clightning: integrate, but do not enable
2024-01-02 18:32:34 +00:00
d8f4158bc6
servo: consolidate blockchains under cryptocurrencies directory
2024-01-02 18:16:58 +00:00
36638e80a3
bitcoin: add myself as an authenticated rpcuser
2024-01-02 18:11:46 +00:00
6471524f4a
programs: zecwallet-lite: move to own file
2024-01-01 15:17:51 +00:00
3efecb9560
sxmo_hook_block_suspend: re-introduce exponential backoff
2024-01-01 13:03:26 +00:00
8d0707699c
mpv/vlc: associate with flv video type
2024-01-01 11:48:18 +00:00
318774a2a0
sxmo_suspend: fix that "sxmo_jobs periodic_blink" would hang post-wakeup
2024-01-01 11:48:03 +00:00
b14e997a43
sxmo: remove sxmo_hook_screenoff.sh override
...
generally, i can get away with the defaults and patch my alternative into sxmo_suspend.sh more reliably/simply
2024-01-01 10:33:24 +00:00
b949438be5
sxmo_suspend.sh: stop, and resume, the sxmo LED blinking
...
then later i can remove the custom screenoff hook
2024-01-01 10:01:48 +00:00
6ee9e8e405
sxmo_hook_screenoff: decrease the blink frequency even more
...
if i was smarter i'd just disable the periodic blinking right before entering sleep
2024-01-01 07:24:08 +00:00
09ee8e6efc
sxmo_hook_block_suspend: forward only to the next script, not all next scripts
2024-01-01 07:01:09 +00:00
49527edaa9
sxmo_suspend.sh: fix rtcwake to use sudo
2024-01-01 06:38:43 +00:00
92d193ffe3
sxmo_hook_block_suspend: fix recursion counter
2024-01-01 06:19:30 +00:00
6fe195e2dd
sxmo: block suspend if go2tv is active
2024-01-01 04:56:39 +00:00
6d8b6c61a2
feeds: sort
2024-01-01 03:56:25 +00:00
822653ec10
feeds: vitalik.ca -> vitalik.eth.limo
2024-01-01 03:48:06 +00:00
68502ca944
feeds: add webcurious.co.uk link aggregator
2024-01-01 03:46:52 +00:00
103d11a87c
net: fix broken firewall/ipset setup
2023-12-31 14:25:36 +00:00
a4fe002607
sway: always render KOReader titlebar
2023-12-30 11:57:33 +00:00
f9361af41c
go2tv: remove firewall fix and allow SSDP at the iptables layer
2023-12-30 06:16:17 +00:00
4ad209020a
disable chatty (doesnt cross compile)
2023-12-30 05:34:02 +00:00
b0ddb1b31c
conky: use the same percent symbol even in battery_estimate
2023-12-28 17:43:34 +00:00
70ee98736a
conky/battery_estimate: handle the static state better
2023-12-28 17:35:33 +00:00
5de06cef35
conky: fix text substitutions
2023-12-28 17:07:29 +00:00
4f3706622c
conky/battery_estimate: render stylized
2023-12-28 03:05:27 +00:00
104e76de47
conky/battery_estimate: render h/m indicators as superscript
2023-12-28 01:53:43 +00:00
1df99978bb
conky/battery_estimte: select icon based on battery percentage
2023-12-28 01:11:51 +00:00
3846322f12
conky/battery_estimate: support new-style Thinkpad batteries
2023-12-28 00:41:23 +00:00
623b2c6611
conky/battery_estimate: add debugging
2023-12-28 00:35:48 +00:00
cb4d73f959
nixpkgs: 2023-12-23 -> 2023-12-26
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/2125288b9266cde9e3333a6787525bc151918742' (2023-12-23)
→ 'github:nixos/nixpkgs/0db7618e46243d3710ff2b8040aca5f6e0102900' (2023-12-26)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/d8aba6fe4067abdd8b1a7f398f2b90f21c608530' (2023-12-23)
→ 'github:nixos/nixpkgs/d956588517edbcde71781bd8ac3a9947a9fc55a6' (2023-12-26)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/f7db64b88dabc95e4f7bee20455f418e7ab805d4' (2023-12-18)
→ 'github:Mic92/sops-nix/e523e89763ff45f0a6cf15bcb1092636b1da9ed3' (2023-12-24)
• Updated input 'sops-nix/nixpkgs-stable':
'github:NixOS/nixpkgs/a19a71d1ee93226fd71984359552affbc1cd3dc3' (2023-12-17)
→ 'github:NixOS/nixpkgs/7790e078f8979a9fcd543f9a47427eeaba38f268' (2023-12-23)
```
2023-12-27 00:34:48 +00:00
58febf51bd
remove most useDHCP=false settings
...
networking.useDHCP was deprecated, and then later undeprecated: it's safe to keep it defaulted
2023-12-24 02:17:06 +00:00
237c493252
slskd: fix Restart option
2023-12-23 10:23:17 +00:00
18e7acd9e7
slskd: restart even on non-failure exit
2023-12-23 05:39:22 +00:00
9e24fba5ee
document that loupe is an image viewer
2023-12-21 22:58:23 +00:00
12edd60969
nixpkgs: bump 2023-12-21
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/459873d8d6492b492ca7f9b03d5a50117099abfa' (2023-12-21)
→ 'github:nixos/nixpkgs/63fbe1a992e6030fbf444ac9d6b629ec76ab86ad' (2023-12-21)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/38bbf09b10659db891af01288bd99a5e8e8d7861' (2023-12-21)
→ 'github:nixos/nixpkgs/490828bce1b0cdfe328adc7f6280a519d7e68ed4' (2023-12-21)
```
2023-12-21 20:03:06 +00:00
dbb6773634
audacity: disable first-run splashscreen
2023-12-21 04:08:05 +00:00
245a0544bc
audacity: ship w/o the webkitgtk dependency
2023-12-21 03:10:38 +00:00
b6a45656af
gui: add planify app
2023-12-19 22:31:14 +00:00
f618925190
gui: ship openscad
2023-12-19 08:04:20 +00:00
68ae723543
nixos-prebuild: disable
2023-12-19 01:58:59 +00:00
e4123759f5
nginx: only auto-index /share
2023-12-19 00:12:27 +00:00
5e727a83b3
slskd: disable debug logging
2023-12-18 18:09:58 +00:00
8d49c423ca
transmission: disable debug logging
2023-12-18 17:58:04 +00:00
efb2815fa5
uninsane.org: simplify the /share routing (and generalize it to other subdirectories)
2023-12-18 06:03:49 +00:00
1063a89541
powerbutton/lid-switch: tune the desired actions
2023-12-17 21:08:16 +00:00
fd0f709d50
git: remove a/ b/ prefixes from diffs
2023-12-17 20:48:31 +00:00
5edd10c332
move kiwix data to /var/lib/kiwix and persist
2023-12-16 03:05:15 +00:00
5c36ee79be
kiwix: wikipedia snapshot: 2022-05 -> 2023-11
2023-12-16 01:54:34 +00:00
b2bf9d63a3
mpv: don't assume xdg-terminal-exec is on PATH
2023-12-16 00:43:43 +00:00
bcac00d766
mpv: uosc: add a "cast" option to the menu
2023-12-16 00:39:36 +00:00
c256d7ded5
koreader: implement copy-to-clipboard
2023-12-15 20:53:04 +00:00
7ba39ea831
koreader: document how to configure
2023-12-15 20:05:06 +00:00
28f90e4421
sxmo: lengthen voldown hold time before revealing terminal
2023-12-15 19:12:26 +00:00
728604e036
gui hosts: ship delfin
2023-12-15 08:44:32 +00:00
a933f8b512
delfin: persist server settings
2023-12-15 08:17:07 +00:00
ef8a8bc246
go2tv: document known-good format matrix
2023-12-15 03:22:03 +00:00
136ddda055
nautilus: enable the A/V pane
2023-12-15 02:57:25 +00:00
5fbf2166f1
moby: enable go2tv/catt
2023-12-15 02:33:18 +00:00
