|
|
20cb850fb5
|
nixpkgs: 2024-02-18 -> 2024-02-21
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/d076cde70cbceca9315a11bdc609ddfcec9dfbca' (2024-02-18)
→ 'github:nixos/nixpkgs/97c19bdc7ecbe44755084a52acf38e17bdf2bc71' (2024-02-21)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/9511a7b219df1f8d8f5c2a58c4870fde169fe397' (2024-02-18)
→ 'github:nixos/nixpkgs/0e74ca98a74bc7270d28838369593635a5db3260' (2024-02-21)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/ffed177a9d2c685901781c3c6c9024ae0ffc252b' (2024-02-18)
→ 'github:Mic92/sops-nix/acfcce2a36da17ebb724d2e100d47881880c2e48' (2024-02-20)
```
|
2024-02-21 00:35:14 +00:00 |
|
|
|
c6470918de
|
types.string -> types.str
|
2024-02-21 00:25:44 +00:00 |
|
|
|
c0f374bd80
|
programs: sane-secrets-dump: don't leak secrets onto proc/cmdline
|
2024-02-21 00:24:31 +00:00 |
|
|
|
5a0760a571
|
programs: sandbox oathtools
|
2024-02-21 00:03:48 +00:00 |
|
|
|
757ab79724
|
programs: dconf: sandbox
|
2024-02-20 23:43:25 +00:00 |
|
|
|
81148b7b42
|
programs: explicitly depend on dconf instead of manually persisting dconf's dirs
|
2024-02-20 23:39:27 +00:00 |
|
|
|
429d0c53e7
|
programs: ripgrep: sandbox with bwrap instead of landlock
this provides network isolation
|
2024-02-20 23:32:54 +00:00 |
|
|
|
6cf1bc5a28
|
programs: grep: sandbox
|
2024-02-20 23:32:28 +00:00 |
|
|
|
768b340c93
|
findutils: sandbox
use bwrap instead of landlock for the dumb preference that i can disable
net
|
2024-02-20 23:31:58 +00:00 |
|
|
|
d9901aa161
|
programs: sane-secrets-*: sandbox
|
2024-02-20 23:31:39 +00:00 |
|
|
|
be2098c18a
|
programs: sane-vpn: sandbox
|
2024-02-20 23:05:24 +00:00 |
|
|
|
ee7d99289a
|
sane-vpn: allow shorthands like "sane-vpn up us" instead of full ovpnd-us
|
2024-02-20 23:01:53 +00:00 |
|
|
|
bb569b1668
|
sane-vpn: port away from systemd so that i can use it as an ordinary user (no sudo)
|
2024-02-20 22:21:02 +00:00 |
|
|
|
34524ea3e4
|
modules/vpn: fix the vpn-* systemd services
|
2024-02-20 20:40:46 +00:00 |
|
|
|
71025329e7
|
programs: sane-dev-cargo-loop: sandbox
|
2024-02-20 19:26:38 +00:00 |
|
|
|
ca4d1e3b9d
|
programs: sane-tag-music: sandbox
|
2024-02-20 19:26:18 +00:00 |
|
|
|
284b698015
|
sane-reclaim-boot-space: fix, and sandbox
well i didn't get to test this thoroughly: might still have problems
|
2024-02-20 19:16:36 +00:00 |
|
|
|
bc50daf685
|
nix.settings: port to structured attrs
|
2024-02-20 18:35:03 +00:00 |
|
|
|
47dcfb9cba
|
fix nix.settings.nix-path to actually take effect
now i can `nix-shell` again! nix-path takes precedence over `NIX_PATH`
env var.
|
2024-02-20 17:54:25 +00:00 |
|
|
|
2bd99f6e51
|
remove no-longer-needed nix trusted-users setting
well, it *seems* to work, at least!
|
2024-02-20 13:43:41 +00:00 |
|
|
|
8beac8df2f
|
programs: sandbox sane-shutdown, sane-reboot
|
2024-02-20 13:43:05 +00:00 |
|
|
|
58db553c84
|
programs: unl0kr: sandbox
|
2024-02-20 13:29:56 +00:00 |
|
|
|
2ea3776d84
|
programs: sane-sync-from-servo: remove
this was obsoleted by the top-level flake `sync` scripts
|
2024-02-20 13:16:21 +00:00 |
|
|
|
d596d005ca
|
systemd: configure a 25s stop timeout for the user manager too (hopefully)
|
2024-02-20 13:11:47 +00:00 |
|
|
|
e92db138ef
|
systemd: allow ordinary users to invoke shutdown/reboot
|
2024-02-20 12:25:04 +00:00 |
|
|
|
5fed127c23
|
refactor: split systemd config into own file
|
2024-02-20 12:18:28 +00:00 |
|
|
|
db49f0461c
|
refactor: move nix stuff out of common/default.nix -> common/nix/default.nix
|
2024-02-20 12:16:00 +00:00 |
|
|
|
73bb7827c0
|
refactor: nix-path/ -> nix/
|
2024-02-20 12:13:52 +00:00 |
|
|
|
a624571b22
|
move glib program recommendation into programs/assorted.nix
|
2024-02-20 12:11:26 +00:00 |
|
|
|
53cbe5c8da
|
dconf: split into own sane.programs definition
|
2024-02-20 12:09:52 +00:00 |
|
|
|
46de7b7e0d
|
move environment.defaultPackages clearing into polyunfill.nix
|
2024-02-20 11:54:39 +00:00 |
|
|
|
d7be5da483
|
warnings.nix: port to a proper module
|
2024-02-20 11:19:12 +00:00 |
|
|
|
902e351085
|
hack: silence the warning about using hashedPasswordFile *and* initialPassword
see: <https://github.com/NixOS/nixpkgs/pull/287506>
i'll factor this into something more general, later
|
2024-02-20 11:11:07 +00:00 |
|
|
|
9e8e1d82a6
|
flake: add a deploy.self-light target
|
2024-02-20 10:24:33 +00:00 |
|
|
|
a05184f956
|
programs: neovim: fix nvim-treesitter typo
|
2024-02-20 10:23:52 +00:00 |
|
|
|
36ad2d5421
|
programs: unl0kr: auto-derive the user option
|
2024-02-20 07:21:22 +00:00 |
|
|
|
b0f62830a5
|
unl0kr: port to sane.programs
|
2024-02-20 07:14:30 +00:00 |
|
|
|
f970679266
|
sxmo: remove symlinks for legacy sxmo_hook_{poweroff,reboot}.sh
|
2024-02-20 06:49:42 +00:00 |
|
|
|
c7f4661c1c
|
programs: htop: persist config
|
2024-02-20 05:38:45 +00:00 |
|
|
|
e8306831c5
|
programs: qemu: mark as slowToBuild
|
2024-02-20 05:34:47 +00:00 |
|
|
|
41b1a013d7
|
programs: sane-sudo-redirect: disable sandbox
|
2024-02-19 17:09:27 +00:00 |
|
|
|
f785ccd351
|
programs: sane-reclaim-disk-space: sandbox
|
2024-02-19 17:06:22 +00:00 |
|
|
|
48744dcaaa
|
programs: sane-ip-reconnect: remove (unused)
|
2024-02-19 17:05:27 +00:00 |
|
|
|
9373864b60
|
programs: sane-git-init: remove (unused)
|
2024-02-19 16:53:59 +00:00 |
|
|
|
c16c9dfe0b
|
programs: sandbox a bunch of sane scripts
|
2024-02-19 16:51:53 +00:00 |
|
|
|
292a411fb3
|
linux-megous: 6.7.2 (20240127-1717) -> 6.7.4 (20240211-1928)
|
2024-02-19 16:37:11 +00:00 |
|
|
|
2d17826731
|
programs: eza: sandbox with bwrap instead of landlock
|
2024-02-19 15:32:40 +00:00 |
|
|
|
34dedcff57
|
modules/programs: sane-sandboxed: fix normPath handling of paths containing special characters like [
|
2024-02-19 15:32:23 +00:00 |
|
|
|
de297f22be
|
programs: split sane-scripts out of assorted.nix
|
2024-02-19 14:19:10 +00:00 |
|
|
|
4b47b76461
|
programs: sfeed: sandbox
|
2024-02-19 14:14:59 +00:00 |
|
