colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
4,784 Commits 125 Branches 1 Tag 12 MiB
3cd244be76
Commit Graph

1971 Commits

Author SHA1 Message Date
Colin
bb63a594ab conky: fixup needed paths for bwrap 2024-01-23 14:57:33 +00:00
Colin
f148334b58 programs: port extraFirejailConfig to extraConfig 2024-01-23 14:57:33 +00:00
Colin
da537ea8ea fractal: switch from firejail -> bwrap 2024-01-23 14:13:09 +00:00
Colin
18d224dc34 dino: switch from firejail to bwrap 2024-01-23 14:12:52 +00:00
Colin
38fd171713 spotify: sandbox with bwrap instead of firejail 2024-01-23 12:12:56 +00:00
Colin
84c78d9256 conky: sandbox with bwrap instead of firejail 2024-01-23 12:11:22 +00:00
Colin
973203d85e programs: mpv: sandbox with bwrap instead of firejail 2024-01-23 11:37:37 +00:00
Colin
f9174dd2aa programs: firefox: sandbox with bwrap instead of firejail 2024-01-23 11:37:19 +00:00
Colin
0bed4d0ada mpv: disable firejail sandboxing (it fails on moby) 2024-01-23 01:01:21 +00:00
Colin
f3e8af3fdb doc: libreoffice: mention "still" v.s. "fresh" variants 2024-01-23 01:00:34 +00:00
Colin
af542ec05f docs: gnome-keyring: point out that system gnome-keyring doesn't inherit my sandboxing 2024-01-23 01:00:06 +00:00
Colin
399a1d2052 steam: use wrapped package as system steam 2024-01-23 00:59:23 +00:00
Colin
bb6e5611d4 docs: conky: point out that un-sandboxed conky is used by sxmo-utils 2024-01-23 00:58:56 +00:00
Colin
c11f5a1401 wireshark: fix security.wrappers when wireshark is disabled 2024-01-22 23:58:04 +00:00
Colin
5b220f3fec wireshark: enable firejail isolation 2024-01-22 13:12:10 +00:00
Colin
df861a3ef0 programs: firejail: inject custom firejail config through /etc/firejail 
this improves rebuild times, and makes it easier for packages to inject their own free-form config
 2024-01-22 11:12:18 +00:00
Colin
d6754b6cac evince: sandbox with firejail 2024-01-22 10:20:29 +00:00
Colin
b03d7f7fb0 geary: test the firejail profile; it's not ready 2024-01-22 10:04:18 +00:00
Colin
008b186479 audacity: test the firejail profile; it's not ready 2024-01-22 10:04:03 +00:00
Colin
914f9b3703 vlc: sandbox with firejail 2024-01-22 09:47:24 +00:00
Colin
ed7ec4a371 conky: sandbox with firejail 2024-01-22 09:31:00 +00:00
Colin
2d338201a5 signal-desktop: sandbox with firejail 
TODO: fix URL opening / xdg-open
 2024-01-22 09:30:34 +00:00
Colin
a8aad1f98f dino: sandbox with firejail 
TODO: fix URL opening / xdg-open
 2024-01-22 09:30:13 +00:00
Colin
2d06b93118 fractal: sandbox with firejail 
TODO: seems this broke link opening? (xdg-open?)
 2024-01-22 09:28:50 +00:00
Colin
60547204a8 sane.programs: firejail: support wrapping "runCommand" packages 2024-01-22 09:16:25 +00:00
Colin
3d763a0021 tor-browser-bundle-bin -> tor-browser 
upstream nixpgs just has tor-browser-bundle-bin as an alias for tor-browser
 2024-01-22 08:13:37 +00:00
Colin
ad474873e2 dovecot: fix unparseable config 
upstream/nixpkgs is doing some shit, ugh
 2024-01-22 08:09:37 +00:00
Colin
0f3f0933b1 mpv: sandbox with firejail 2024-01-22 03:50:28 +00:00
Colin
f8440e3811 go2tv: allow more ports through the firewall 2024-01-22 03:50:04 +00:00
Colin
9ecd0adcbe firefox: sandbox with firejail 
TODO: get it so open-in-mpv launches an mpv that has access to ~/.config/mpv

i guess this is the 'firejail url problem'
 2024-01-21 23:59:15 +00:00
Colin
cf475c4696 nicotine-plus: remove distro-specific symlink 2024-01-21 03:56:33 +00:00
Colin
ce35330923 vpn.nix: factor into a proper module 
this will allow for better integration with 'sane.programs'
 2024-01-21 00:49:34 +00:00
Colin
59187a0ec0 programs: allow running binaries in a netns-style firejail 2024-01-20 11:11:12 +00:00
Colin
03fbf42680 servo: lemmy: pict-rs: fix broken CLI argument 2024-01-20 03:15:06 +00:00
Colin
7d670facd4 feeds: sort 2024-01-19 21:38:45 +00:00
Colin
61e5704fd6 feeds: unsub LW 
too verbose, and too many of y'all turned into authoritarians
 2024-01-19 21:38:14 +00:00
Colin
fd0723169f nix-serve: fix coredump loop 2024-01-19 21:34:45 +00:00
Colin
a725d42bf5 ip_forward: consolidate the options to fix servo build 2024-01-19 21:34:18 +00:00
Colin
c03cea2d4e net/vpn.nix: cleanup dead code 2024-01-19 09:58:13 +00:00
Colin
f43d6bff92 route VPN traffic such that i can configure any app to selectively use the VPN 
e.g. firejail --net=br-ovpnd-us-mi --noprofile --dns=46.227.67.134 getent ahostsv4 uninsane.org
 2024-01-19 09:54:01 +00:00
Colin
43a8ca90a7 feeds: add Cat and Girl 2024-01-16 19:12:25 +00:00
Colin
7d504892be servo: dovecot: fix broken sieve 2024-01-16 06:28:25 +00:00
Colin
d7a2bf9d26 servo: remove networking.useDHCP=false override 
seems likely that the change to systemd-networkd renamed the ethernet interface, and so eth0.useDHCP wasn't right. this change seems to restore networking
 2024-01-16 06:09:19 +00:00
Colin
851c15aa6d vpn: port ovpnd connections to use systemd-network 
this should allow better integration with e.g. systemd-run, in future
 2024-01-16 03:20:40 +00:00
Colin
c45898f903 WIP: wg-dev 2024-01-15 04:15:17 +00:00
Colin
0efec20904 hosts/common/net/vpn: remove unused "extraOptions" argument 2024-01-15 03:52:31 +00:00
Colin
5b9c58dbc6 hosts/common: use servo-style dns on all machines 
it'll be handy as i want to place individual applications inside VPNs/namespaces
 2024-01-15 01:16:22 +00:00
Colin
a7964c4f0c hosts/common: net: split upnp config into own file 2024-01-15 01:12:09 +00:00
Colin
006a7e9f72 consolidate net-related stuff into hosts/common/net/ directory 2024-01-15 01:11:13 +00:00
Colin
3856710faf net: annotate the UPNP rule 2024-01-15 01:08:10 +00:00
Colin
6cbc0bedf3 ddns-he (HurricaneElectric): remove 
it's unused for a year
 2024-01-15 00:55:10 +00:00
Colin
fbc0c7615a ddns-afraid (afraid.org): remove 
it's unused for a year
 2024-01-15 00:54:41 +00:00
Colin
34bcdb5128 firefox: disable kinetic scrolling 2024-01-14 20:34:14 +00:00
Colin
a5c6e41622 feeds: subscribe to POD OF JAKE 2024-01-14 05:20:28 +00:00
Colin
02e03227d8 servo: try to integrate peerswap with clightning, but it fails 2024-01-14 04:33:12 +00:00
Colin
812a02bc6b feeds: add The Dollop podcast 2024-01-14 00:49:29 +00:00
Colin
27898ecdc8 feeds: unsubscribe from Louis Rossman 
his channel is kinda just the same idea  played over and over
 2024-01-14 00:36:52 +00:00
Colin
1c2324cca4 servo: clightning-sane: status command: show profits from fees 2024-01-13 16:43:49 +00:00
Colin
70f059eaac feeds: subscribe to Jack Stauber 2024-01-13 16:43:41 +00:00
Colin
bac72be730 servo: clightning-sane: status command: show in/out payment sums 2024-01-13 15:53:48 +00:00
Colin
99858c1384 servo: clightning-sane: centralize metric reporting, fix so we blacklist our own channels less frequently 2024-01-13 04:47:20 +00:00
Colin
103a300e77 servo: clightning-sane: implement an autobalance subcommand 2024-01-13 03:04:24 +00:00
Colin
6b5cdd7508 servo: clightning-sane: log before we give up 2024-01-13 01:10:52 +00:00
Colin
2f1e354400 servo: clightning-sane: drop caches after so many failures 2024-01-12 23:54:06 +00:00
Colin
585a87130c servo: clightning-sane: remove unused loop_once_with_retries method 2024-01-12 23:31:30 +00:00
Colin
0e68533776 servo: clightning-sane: introduce parallelism 2024-01-12 23:30:52 +00:00
Colin
882cc5bfd0 servo: clightning-sane: rename Balancer -> LoopRouter 2024-01-12 21:36:20 +00:00
Colin
91847a9a8e servo: clightning-sane: factor "loop" action into own subroutine 2024-01-12 21:28:20 +00:00
Colin
5c649ff216 servo: clightning-sane: include peer_id in status --full 2024-01-12 20:56:00 +00:00
Colin
abdd224211 servo: clightning-sane: increase CLTV 9->18 2024-01-12 20:55:32 +00:00
Colin
0c72c59190 servo: clightning-sane: handle closed channels in status listing 2024-01-12 20:28:57 +00:00
Colin
432170a69e servo: clightning-sane: rename ppm in/out to theirs/mine 2024-01-12 19:31:39 +00:00
Colin
805b37a9a5 servo: clightning-sane: add a --full option for more info 2024-01-12 19:24:50 +00:00
Colin
87a0bda011 servo: clightning-sane: perform rebalance operation in a loop 2024-01-12 19:17:07 +00:00
Colin
5d2c6e1978 servo: clightning-sane: mark channels which cant be rebalanced freely 2024-01-12 18:43:58 +00:00
Colin
abafbd811b servo: clightning-sane: minor bugfixes 2024-01-12 18:30:49 +00:00
Colin
aca50d9946 servo: clightning-sane: add a "status" subcommand 2024-01-12 17:42:44 +00:00
Colin
bd4f4dab81 servo: clightning-sane: factor out a subcommands interface 2024-01-12 15:42:12 +00:00
Colin
aebd11ea82 alacritty: port config: yaml to toml 2024-01-12 03:24:55 +00:00
Colin
cec21375a5 servo: disable mautrix-signal 2024-01-12 03:24:55 +00:00
Colin
913403aac6 servo: clightning-sane: tidy 2024-01-12 01:25:56 +00:00
Colin
432a66bf5f servo: clightning: initialize a script for rebalancing with peers 2024-01-11 23:11:33 +00:00
Colin
e2a43ddfa0 servo: clightning: allow group members to run lightning-cli 2024-01-11 15:59:32 +00:00
Colin
8644e6705a servo: decrease ZFS cache size 2024-01-11 00:20:52 +00:00
Colin
3295ae3b74 servo: clightning: update config 2024-01-09 16:13:08 +00:00
Colin
e63438bedf feeds: disable The Linux Experience 2024-01-09 00:45:18 +00:00
Colin
37583d8c9c clightning: tune fees, logging 2024-01-06 18:08:51 +00:00
Colin
62b3863722 servo: clightning: enable experimental features 2024-01-06 09:13:17 +00:00
Colin
b11f03bd18 servo: clightning: docs 2024-01-05 22:09:32 +00:00
Colin
63620fa058 servo: clightning: node personalization and docs 2024-01-04 21:55:13 +00:00
Colin
4ce93f74c6 wob: add debug logging 2024-01-04 17:07:47 +00:00
Colin
09b806d7a7 go2tv: document youtube workarounds 2024-01-04 16:26:25 +00:00
Colin
2f31100c3f servo: ship go2tv 2024-01-04 16:25:50 +00:00
Colin
ca3f97ec51 docs: go2tv: elaborate seeking limitations 2024-01-04 16:25:49 +00:00
Colin
7378d6c5b2 bitcoind: host behind tor 2024-01-04 16:25:49 +00:00
Colin
276de5d662 tor: fix /var/lib/tor directory permissions 2024-01-04 16:25:49 +00:00
Colin
6f449cf35f clightning: document some places to find nodes for channels 2024-01-04 16:25:49 +00:00
Colin
daf046861c wob: implement as part of sway instead of exclusive to sxmo 2024-01-04 13:08:20 +00:00
Colin
43498c62f9 clightning: integrate with tor 2024-01-03 18:29:16 +00:00
Colin
22f5853741 firefox: remove unused functions 2024-01-03 14:59:59 +00:00