colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
4,863 Commits 125 Branches 1 Tag 12 MiB
3439ca34b8
Commit Graph

4863 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Colin
3439ca34b8 sane-sandboxed: add more autodetect options, and a "withEmbeddedSandboxer" package output (for dev) 2024-02-03 00:17:24 +00:00
Colin
24e6e6cacc firefox-extensions.sidebery: downgrade 5.1.1 -> 5.0.0 
release format is inconsistent; would need to build from-source to reliably use the latest version(s)
 2024-02-02 23:26:14 +00:00
Colin
0ee9f2026c sane-sandboxed: hopefully fix a problem with path normalization for paths with spaces 2024-02-02 22:56:43 +00:00
Colin
5e3c2636db programs: make-sandboxed: handle packages which use relative links in bin (like spotify) 2024-02-02 22:38:36 +00:00
Colin
cd0a046776 dovecot: remove dead code 2024-02-02 20:47:55 +00:00
Colin
27edee0bbf dovecot2: fix sieves 2024-02-02 20:47:20 +00:00
Colin
56734fe5da mpv: add /dev/dri to the sandbox 2024-02-02 19:18:30 +00:00
Colin
832a572d56 firefox-extensions: bump to latest 2024-02-02 19:17:04 +00:00
Colin
3c96f6d418 programs: koreader: enable DRI in the sandbox, and use wrappedDerivation 2024-02-02 17:22:57 +00:00
Colin
86b23e8183 programs: fractal: enable DRI in sandbox 2024-02-02 17:19:35 +00:00
Colin
2bb9115f35 modules/programs: sandboxing: add "whitelistDri" option for gfx-intensive apps 2024-02-02 17:18:51 +00:00
Colin
065d045640 fix so sway inherits program env vars 2024-02-02 15:36:06 +00:00
Colin
d3eaa69261 lappy/desko: auto-start signal-desktop 2024-02-02 14:22:08 +00:00
Colin
6151eee8d5 programs (assorted): fix wantedBy = "default.target" to be more specific 
now GUI apps aren't stuck in a restart loop until sway starts

in particular, signal-desktop can actually be autostarted
 2024-02-02 14:21:57 +00:00
Colin
483a1d1780 sway: signal on launch to systemd that the graphical-session.target is ready 
this allows auto-launching of other services which require a compositor (i.e. messaging apps)
 2024-02-02 14:20:30 +00:00
Colin
567c7993b6 modules/programs: sandbox: allow mimeo config in any sandbox 2024-02-02 12:52:36 +00:00
Colin
f6eeab5650 nixpkgs: 2024-02-01 -> 2024-02-02 
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/06002f375e1d20f1481abcb696a50f232202e7ac' (2024-02-01)
  → 'github:nixos/nixpkgs/1bfd22b6448ac4d407510bd37fe16d87a9dcb41b' (2024-02-02)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/fbba9b8f0b6364928f60ef1b97e686b569cdb64e' (2024-02-01)
  → 'github:nixos/nixpkgs/eef63ea04722d812a09a5974ed18c9761088a6e1' (2024-02-02)
```
 2024-02-02 01:07:32 +00:00
Colin
2824671bde tune nix deploy parameters (specifically for moby) 
this is experimental; hard to understand immediately how significant are the effects
 2024-02-02 00:50:25 +00:00
Colin
efcaef2c35 lappy/desko/servo: downgrade kernel 6.7 -> 6.6 (latest supported by zfs) 2024-02-01 16:21:46 +00:00
Colin
25707eb79e servo: address deprecation warning: dovecot2.sieveScripts -> sieve.scripts 2024-02-01 15:47:56 +00:00
Colin
18679cd8c3 fix deprecation warnings: overrideScope' -> overrideScope 2024-02-01 15:44:46 +00:00
Colin
09923b60ea moby: disable desko as nixcache 2024-02-01 15:41:43 +00:00
Colin
3100189172 purge supercap 
i no longer have access to dispatch build jobs to it :((((
 2024-02-01 15:36:37 +00:00
Colin
715ac42f13 remove samba from closure 
current samba hangs during configurePhase. this is not the first time samba has failed to build. nor the third. purge it.
 2024-02-01 15:28:40 +00:00
Colin
a9810e7343 re-ship linux 6.7 to lappy/desko/servo 
now that landlock-sandboxer builds against the correct linux headers,
this can actually work.
 2024-02-01 13:54:44 +00:00
Colin
4f352c5725 landlock-sandboxer: build against headers which match the sandboxer source 2024-02-01 13:53:39 +00:00
Colin
17f35a3619 linux-megous: 6.6.0 -> 6.7.2 2024-02-01 12:51:53 +00:00
Colin
89d4f3eec3 nixpkgs: 2024-01-29 -> 2024-02-01 
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/aa476d3e0de89aeb67950a1bc76b4fd576c24505' (2024-01-29)
  → 'github:nixos/nixpkgs/06002f375e1d20f1481abcb696a50f232202e7ac' (2024-02-01)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/a31b9bd76009c73a2f932fbdaa7145ac4a79544f' (2024-01-29)
  → 'github:nixos/nixpkgs/fbba9b8f0b6364928f60ef1b97e686b569cdb64e' (2024-02-01)
```
 2024-02-01 11:32:36 +00:00
Colin
44419d71a5 lemmy-lemonade: init at 2023.10.29 2024-02-01 11:32:07 +00:00
Colin
02e597a862 fractal-nixified: 5 -> 6 2024-02-01 10:57:01 +00:00
Colin
00f995aec9 fixup landlock-sandboxer to work well for all systems 
downgrade lappy/desko/servo back to default linux; zfs doesn't support latest

build landlock-sandboxer against the specific kernel being deployed; it's less noisy that way
 2024-01-31 21:19:10 +00:00
Colin
368eb2c29b programs: git: whitelist more repo roots 2024-01-31 21:17:48 +00:00
Colin
5f793523d1 ship linux 6.7 to lappy/desko/servo 2024-01-31 20:33:15 +00:00
Colin
33bee7ac2e unl0kr: be a little more robust against bad password entry 2024-01-31 20:32:26 +00:00
Colin
84af8aca3c unl0kr: remove debugging code 2024-01-31 20:10:57 +00:00
Colin
a0f00313a7 moby: disable signal-desktop autostart 2024-01-31 20:09:03 +00:00
Colin
6603115192 moby: disable getty auto-login 
i think this interacts badly with unl0kr style logins, though
honestly kinda hard to tell if that was a fluke or real.
 2024-01-31 19:47:24 +00:00
Colin
ac968e1589 sxmo: allow the option to disable greeter entirely 2024-01-31 19:46:37 +00:00
Colin
2d4fc4f274 landlock-sandboxer: build against latest compatible linux 2024-01-31 17:45:46 +00:00
Colin
1d72e13a98 sxmo: launch via unl0kr by default 2024-01-31 17:40:36 +00:00
Colin
d9667653e7 docs: sway: point out that one can launch sway directly from a TTY 2024-01-31 16:29:27 +00:00
Colin
8c6bf07102 todo.md: sync 2024-01-31 16:28:56 +00:00
Colin
634520a1e9 unl0kr: fix cross compilation 2024-01-31 16:23:55 +00:00
Colin
13be5a1731 unl0kr: fix LOGIN_TIMEOUT to be infinite 2024-01-31 15:43:30 +00:00
Colin
30288cd67f user: add CAP_NET_ADMIN,CAP_NET_RAW even outside of systemd session 
in fact, *only* outside of systemd session because they broke ambient caps in 255
 2024-01-31 15:42:43 +00:00
Colin
87e2509af4 doc: cozy: mention that upstream has merged the patch i apply 2024-01-31 15:36:54 +00:00
Colin
8736ca478b programs: firefox: allow access to servo image-macros 2024-01-31 15:36:09 +00:00
Colin
cb3960fb21 programs: git: fix access to ~/private/knowledge 2024-01-31 15:35:21 +00:00
Colin
6e24a1ff28 programs: re-enable sops 2024-01-31 15:30:15 +00:00
Colin
91eae95b32 modules.gui.gnome: fix build 2024-01-31 15:29:49 +00:00