bb63a594ab
conky: fixup needed paths for bwrap
2024-01-23 14:57:33 +00:00
f148334b58
programs: port extraFirejailConfig to extraConfig
2024-01-23 14:57:33 +00:00
da537ea8ea
fractal: switch from firejail -> bwrap
2024-01-23 14:13:09 +00:00
18d224dc34
dino: switch from firejail to bwrap
2024-01-23 14:12:52 +00:00
38fd171713
spotify: sandbox with bwrap instead of firejail
2024-01-23 12:12:56 +00:00
84c78d9256
conky: sandbox with bwrap instead of firejail
2024-01-23 12:11:22 +00:00
973203d85e
programs: mpv: sandbox with bwrap instead of firejail
2024-01-23 11:37:37 +00:00
f9174dd2aa
programs: firefox: sandbox with bwrap instead of firejail
2024-01-23 11:37:19 +00:00
0bed4d0ada
mpv: disable firejail sandboxing (it fails on moby)
2024-01-23 01:01:21 +00:00
f3e8af3fdb
doc: libreoffice: mention "still" v.s. "fresh" variants
2024-01-23 01:00:34 +00:00
af542ec05f
docs: gnome-keyring: point out that system gnome-keyring doesn't inherit my sandboxing
2024-01-23 01:00:06 +00:00
399a1d2052
steam: use wrapped package as system steam
2024-01-23 00:59:23 +00:00
bb6e5611d4
docs: conky: point out that un-sandboxed conky is used by sxmo-utils
2024-01-23 00:58:56 +00:00
c11f5a1401
wireshark: fix security.wrappers when wireshark is disabled
2024-01-22 23:58:04 +00:00
5b220f3fec
wireshark: enable firejail isolation
2024-01-22 13:12:10 +00:00
df861a3ef0
programs: firejail: inject custom firejail config through /etc/firejail
...
this improves rebuild times, and makes it easier for packages to inject their own free-form config
2024-01-22 11:12:18 +00:00
d6754b6cac
evince: sandbox with firejail
2024-01-22 10:20:29 +00:00
b03d7f7fb0
geary: test the firejail profile; it's not ready
2024-01-22 10:04:18 +00:00
008b186479
audacity: test the firejail profile; it's not ready
2024-01-22 10:04:03 +00:00
914f9b3703
vlc: sandbox with firejail
2024-01-22 09:47:24 +00:00
ed7ec4a371
conky: sandbox with firejail
2024-01-22 09:31:00 +00:00
2d338201a5
signal-desktop: sandbox with firejail
...
TODO: fix URL opening / xdg-open
2024-01-22 09:30:34 +00:00
a8aad1f98f
dino: sandbox with firejail
...
TODO: fix URL opening / xdg-open
2024-01-22 09:30:13 +00:00
2d06b93118
fractal: sandbox with firejail
...
TODO: seems this broke link opening? (xdg-open?)
2024-01-22 09:28:50 +00:00
60547204a8
sane.programs: firejail: support wrapping "runCommand" packages
2024-01-22 09:16:25 +00:00
3d763a0021
tor-browser-bundle-bin -> tor-browser
...
upstream nixpgs just has tor-browser-bundle-bin as an alias for tor-browser
2024-01-22 08:13:37 +00:00
ad474873e2
dovecot: fix unparseable config
...
upstream/nixpkgs is doing some shit, ugh
2024-01-22 08:09:37 +00:00
0f3f0933b1
mpv: sandbox with firejail
2024-01-22 03:50:28 +00:00
f8440e3811
go2tv: allow more ports through the firewall
2024-01-22 03:50:04 +00:00
9ecd0adcbe
firefox: sandbox with firejail
...
TODO: get it so open-in-mpv launches an mpv that has access to ~/.config/mpv
i guess this is the 'firejail url problem'
2024-01-21 23:59:15 +00:00
cf475c4696
nicotine-plus: remove distro-specific symlink
2024-01-21 03:56:33 +00:00
ce35330923
vpn.nix: factor into a proper module
...
this will allow for better integration with 'sane.programs'
2024-01-21 00:49:34 +00:00
59187a0ec0
programs: allow running binaries in a netns-style firejail
2024-01-20 11:11:12 +00:00
03fbf42680
servo: lemmy: pict-rs: fix broken CLI argument
2024-01-20 03:15:06 +00:00
7d670facd4
feeds: sort
2024-01-19 21:38:45 +00:00
61e5704fd6
feeds: unsub LW
...
too verbose, and too many of y'all turned into authoritarians
2024-01-19 21:38:14 +00:00
fd0723169f
nix-serve: fix coredump loop
2024-01-19 21:34:45 +00:00
a725d42bf5
ip_forward: consolidate the options to fix servo build
2024-01-19 21:34:18 +00:00
c03cea2d4e
net/vpn.nix: cleanup dead code
2024-01-19 09:58:13 +00:00
f43d6bff92
route VPN traffic such that i can configure any app to selectively use the VPN
...
e.g. firejail --net=br-ovpnd-us-mi --noprofile --dns=46.227.67.134 getent ahostsv4 uninsane.org
2024-01-19 09:54:01 +00:00
43a8ca90a7
feeds: add Cat and Girl
2024-01-16 19:12:25 +00:00
7d504892be
servo: dovecot: fix broken sieve
2024-01-16 06:28:25 +00:00
d7a2bf9d26
servo: remove networking.useDHCP=false override
...
seems likely that the change to systemd-networkd renamed the ethernet interface, and so eth0.useDHCP wasn't right. this change seems to restore networking
2024-01-16 06:09:19 +00:00
851c15aa6d
vpn: port ovpnd connections to use systemd-network
...
this should allow better integration with e.g. systemd-run, in future
2024-01-16 03:20:40 +00:00
c45898f903
WIP: wg-dev
2024-01-15 04:15:17 +00:00
0efec20904
hosts/common/net/vpn: remove unused "extraOptions" argument
2024-01-15 03:52:31 +00:00
5b9c58dbc6
hosts/common: use servo-style dns on all machines
...
it'll be handy as i want to place individual applications inside VPNs/namespaces
2024-01-15 01:16:22 +00:00
a7964c4f0c
hosts/common: net: split upnp config into own file
2024-01-15 01:12:09 +00:00
006a7e9f72
consolidate net-related stuff into hosts/common/net/ directory
2024-01-15 01:11:13 +00:00
3856710faf
net: annotate the UPNP rule
2024-01-15 01:08:10 +00:00
6cbc0bedf3
ddns-he (HurricaneElectric): remove
...
it's unused for a year
2024-01-15 00:55:10 +00:00
fbc0c7615a
ddns-afraid (afraid.org): remove
...
it's unused for a year
2024-01-15 00:54:41 +00:00
34bcdb5128
firefox: disable kinetic scrolling
2024-01-14 20:34:14 +00:00
a5c6e41622
feeds: subscribe to POD OF JAKE
2024-01-14 05:20:28 +00:00
02e03227d8
servo: try to integrate peerswap with clightning, but it fails
2024-01-14 04:33:12 +00:00
812a02bc6b
feeds: add The Dollop podcast
2024-01-14 00:49:29 +00:00
27898ecdc8
feeds: unsubscribe from Louis Rossman
...
his channel is kinda just the same idea played over and over
2024-01-14 00:36:52 +00:00
1c2324cca4
servo: clightning-sane: status command: show profits from fees
2024-01-13 16:43:49 +00:00
70f059eaac
feeds: subscribe to Jack Stauber
2024-01-13 16:43:41 +00:00
bac72be730
servo: clightning-sane: status command: show in/out payment sums
2024-01-13 15:53:48 +00:00
99858c1384
servo: clightning-sane: centralize metric reporting, fix so we blacklist our own channels less frequently
2024-01-13 04:47:20 +00:00
103a300e77
servo: clightning-sane: implement an autobalance subcommand
2024-01-13 03:04:24 +00:00
6b5cdd7508
servo: clightning-sane: log before we give up
2024-01-13 01:10:52 +00:00
2f1e354400
servo: clightning-sane: drop caches after so many failures
2024-01-12 23:54:06 +00:00
585a87130c
servo: clightning-sane: remove unused loop_once_with_retries method
2024-01-12 23:31:30 +00:00
0e68533776
servo: clightning-sane: introduce parallelism
2024-01-12 23:30:52 +00:00
882cc5bfd0
servo: clightning-sane: rename Balancer -> LoopRouter
2024-01-12 21:36:20 +00:00
91847a9a8e
servo: clightning-sane: factor "loop" action into own subroutine
2024-01-12 21:28:20 +00:00
5c649ff216
servo: clightning-sane: include peer_id in status --full
2024-01-12 20:56:00 +00:00
abdd224211
servo: clightning-sane: increase CLTV 9->18
2024-01-12 20:55:32 +00:00
0c72c59190
servo: clightning-sane: handle closed channels in status listing
2024-01-12 20:28:57 +00:00
432170a69e
servo: clightning-sane: rename ppm in/out to theirs/mine
2024-01-12 19:31:39 +00:00
805b37a9a5
servo: clightning-sane: add a --full option for more info
2024-01-12 19:24:50 +00:00
87a0bda011
servo: clightning-sane: perform rebalance operation in a loop
2024-01-12 19:17:07 +00:00
5d2c6e1978
servo: clightning-sane: mark channels which cant be rebalanced freely
2024-01-12 18:43:58 +00:00
abafbd811b
servo: clightning-sane: minor bugfixes
2024-01-12 18:30:49 +00:00
aca50d9946
servo: clightning-sane: add a "status" subcommand
2024-01-12 17:42:44 +00:00
bd4f4dab81
servo: clightning-sane: factor out a subcommands interface
2024-01-12 15:42:12 +00:00
aebd11ea82
alacritty: port config: yaml to toml
2024-01-12 03:24:55 +00:00
cec21375a5
servo: disable mautrix-signal
2024-01-12 03:24:55 +00:00
913403aac6
servo: clightning-sane: tidy
2024-01-12 01:25:56 +00:00
432a66bf5f
servo: clightning: initialize a script for rebalancing with peers
2024-01-11 23:11:33 +00:00
e2a43ddfa0
servo: clightning: allow group members to run lightning-cli
2024-01-11 15:59:32 +00:00
8644e6705a
servo: decrease ZFS cache size
2024-01-11 00:20:52 +00:00
3295ae3b74
servo: clightning: update config
2024-01-09 16:13:08 +00:00
e63438bedf
feeds: disable The Linux Experience
2024-01-09 00:45:18 +00:00
37583d8c9c
clightning: tune fees, logging
2024-01-06 18:08:51 +00:00
62b3863722
servo: clightning: enable experimental features
2024-01-06 09:13:17 +00:00
b11f03bd18
servo: clightning: docs
2024-01-05 22:09:32 +00:00
63620fa058
servo: clightning: node personalization and docs
2024-01-04 21:55:13 +00:00
4ce93f74c6
wob: add debug logging
2024-01-04 17:07:47 +00:00
09b806d7a7
go2tv: document youtube workarounds
2024-01-04 16:26:25 +00:00
2f31100c3f
servo: ship go2tv
2024-01-04 16:25:50 +00:00
ca3f97ec51
docs: go2tv: elaborate seeking limitations
2024-01-04 16:25:49 +00:00
7378d6c5b2
bitcoind: host behind tor
2024-01-04 16:25:49 +00:00
276de5d662
tor: fix /var/lib/tor directory permissions
2024-01-04 16:25:49 +00:00
6f449cf35f
clightning: document some places to find nodes for channels
2024-01-04 16:25:49 +00:00
daf046861c
wob: implement as part of sway instead of exclusive to sxmo
2024-01-04 13:08:20 +00:00
43498c62f9
clightning: integrate with tor
2024-01-03 18:29:16 +00:00
22f5853741
firefox: remove unused functions
2024-01-03 14:59:59 +00:00