|
2492ed2ca7
|
programs: introduce a sane-sandboxed helper
not yet used, but will be soon
|
2024-01-23 02:29:33 +00:00 |
|
|
f49d2a1e0e
|
programs: split "makeSandboxed" into its own file
|
2024-01-23 01:23:14 +00:00 |
|
|
0dc3f4f7f2
|
modules/programs: move to subdir
this will help me factor out helpers
|
2024-01-23 01:02:04 +00:00 |
|
|
d5901afb8e
|
programs: firejail: specify profile via : (clarifies to firejail that its an identifier and not a path); invoke firejail via name instead of absolute path
|
2024-01-22 23:58:54 +00:00 |
|
|
8bf41ea858
|
programs: fix missing newline in firejail config concatenation
|
2024-01-22 13:11:47 +00:00 |
|
|
df861a3ef0
|
programs: firejail: inject custom firejail config through /etc/firejail
this improves rebuild times, and makes it easier for packages to inject their own free-form config
|
2024-01-22 11:12:18 +00:00 |
|
|
60547204a8
|
sane.programs: firejail: support wrapping "runCommand" packages
|
2024-01-22 09:16:25 +00:00 |
|
|
dd35136ac0
|
firejail: fix so /run/wrappers are available inside a jail
|
2024-01-22 07:18:50 +00:00 |
|
|
0f3f0933b1
|
mpv: sandbox with firejail
|
2024-01-22 03:50:28 +00:00 |
|
|
9ecd0adcbe
|
firefox: sandbox with firejail
TODO: get it so open-in-mpv launches an mpv that has access to ~/.config/mpv
i guess this is the 'firejail url problem'
|
2024-01-21 23:59:15 +00:00 |
|
|
ad92a2e158
|
programs: abort when no firejail profile is found for a program.
in the future, i can whitelist specific binaries to omit their firejail
profiles.
|
2024-01-21 04:32:49 +00:00 |
|
|
5f5891d241
|
programs: apply firejail profile to programs which are net isolated
|
2024-01-21 04:28:48 +00:00 |
|
|
992194a1f0
|
programs: achieve network sandboxing without "sane-vpn do"
|
2024-01-21 03:51:12 +00:00 |
|
|
bad6a7bfee
|
programs: implement "default vpn" with native nix code instead of sane-vpn
|
2024-01-21 01:04:31 +00:00 |
|
|
66d5e204be
|
vpn: enforce "id" restrictions
|
2024-01-21 00:57:46 +00:00 |
|
|
ce35330923
|
vpn.nix: factor into a proper module
this will allow for better integration with 'sane.programs'
|
2024-01-21 00:49:34 +00:00 |
|
|
59187a0ec0
|
programs: allow running binaries in a netns-style firejail
|
2024-01-20 11:11:12 +00:00 |
|
|
fd0723169f
|
nix-serve: fix coredump loop
|
2024-01-19 21:34:45 +00:00 |
|
|
43a8ca90a7
|
feeds: add Cat and Girl
|
2024-01-16 19:12:25 +00:00 |
|
|
a5c6e41622
|
feeds: subscribe to POD OF JAKE
|
2024-01-14 05:20:28 +00:00 |
|
|
812a02bc6b
|
feeds: add The Dollop podcast
|
2024-01-14 00:49:29 +00:00 |
|
|
70f059eaac
|
feeds: subscribe to Jack Stauber
|
2024-01-13 16:43:41 +00:00 |
|
|
e2a43ddfa0
|
servo: clightning: allow group members to run lightning-cli
|
2024-01-11 15:59:32 +00:00 |
|
|
cecb114810
|
clightning: harden
|
2024-01-04 18:47:40 +00:00 |
|
|
7378d6c5b2
|
bitcoind: host behind tor
|
2024-01-04 16:25:49 +00:00 |
|
|
43498c62f9
|
clightning: integrate with tor
|
2024-01-03 18:29:16 +00:00 |
|
|
41ae86f40f
|
servo: enable clightning
|
2024-01-03 13:56:42 +00:00 |
|
|
3e52956a3a
|
servo: clightning: integrate, but do not enable
|
2024-01-02 18:32:34 +00:00 |
|
|
28d0a72c62
|
define (but dont activate) a clighting bitcoin service
|
2024-01-02 14:29:52 +00:00 |
|
|
822653ec10
|
feeds: vitalik.ca -> vitalik.eth.limo
|
2024-01-01 03:48:06 +00:00 |
|
|
68502ca944
|
feeds: add webcurious.co.uk link aggregator
|
2024-01-01 03:46:52 +00:00 |
|
|
d18e94ea87
|
feeds: subscribe to linmob.net
|
2023-12-14 22:20:30 +00:00 |
|
|
3467a5df48
|
feeds: subscribe Origin Stories
|
2023-12-13 22:31:58 +00:00 |
|
|
694dd59e27
|
feeds: subscribe bitsaboutmoney
|
2023-12-13 22:29:22 +00:00 |
|
|
69bc219efa
|
ports: fix systemd RandomizedDelaySec typo
|
2023-12-12 02:14:27 +00:00 |
|
|
4c5fb74c7d
|
feeds: subscribe to kosmosghost
|
2023-12-11 04:55:47 +00:00 |
|
|
008a6192d4
|
mpv: associate with https://youtube.com/...
|
2023-12-11 04:52:49 +00:00 |
|
|
f7a318c937
|
modules/users: fix services to specify PATH with correct precedence
|
2023-12-10 15:18:26 +00:00 |
|
|
01de6f84cf
|
feeds: subscribe to Louis Rossmann
|
2023-12-09 08:14:16 +00:00 |
|
|
2d06401f3c
|
feeds: subscribe to Tom Scott
|
2023-12-06 16:19:37 +00:00 |
|
|
2db56f2499
|
feeds: subscribe to TheB1M
|
2023-12-06 16:18:03 +00:00 |
|
|
63ea6d7002
|
feeds: subscribe to Exurb1a
|
2023-12-06 16:16:29 +00:00 |
|
|
3e2523cc2c
|
feeds: subscribe to Cold Fusion
|
2023-12-06 16:15:25 +00:00 |
|
|
ad3f5e305e
|
feeds: subscribe to Vox
don't @ me
|
2023-12-06 16:13:08 +00:00 |
|
|
aa5b9e3db3
|
user services: wrap with user PATH
notably, this alllows Fractal to open links with the preferred browser
|
2023-12-06 16:09:07 +00:00 |
|
|
46123719e9
|
feeds: subscribe to Vihart
|
2023-12-06 16:09:07 +00:00 |
|
|
16bce990c6
|
feeds: subscribe to PolyMatter
|
2023-12-06 16:09:07 +00:00 |
|
|
d55e387187
|
feeds: subscribe to Vsauce
|
2023-12-06 16:09:06 +00:00 |
|
|
e75c3375dc
|
feeds: subscribe to Channel5 News
|
2023-12-06 16:08:50 +00:00 |
|
|
b1c7cb367a
|
feeds: subcsribe to hbomberguy
|
2023-12-06 15:47:39 +00:00 |
|