3ce2716fbe
fs: factor out the ensureSymlink/ensureDir/ensurePerms scripts
2023-07-08 10:35:10 +00:00
e9293dbe07
fs: fix raciness that was causing ensure-xyz
services to run multiple times per boot
2023-07-08 09:08:59 +00:00
f18d624fd9
fs: avoid creating a new script for every fs entry
2023-07-08 09:00:49 +00:00
8f57394cd2
persist: create the backing path as a dependency of the VFS path
2023-07-08 02:08:18 +00:00
01b8a28a52
programs.fs: remove extraneous wantedBeforeBy
clause
...
it's provided by `sane.user.fs`
2023-07-08 02:06:44 +00:00
b42207882e
programs.persist: fix to allow any options that underlying persist allows
2023-07-08 02:06:18 +00:00
0a519eddb4
persist: allow persisting of individual files, not just directories
...
i actually do already, with ~/.ssh/id_ed25519 -- it works only as a fluke
2023-07-08 01:31:14 +00:00
acf89a041e
modules/programs: cleanup with
statements
2023-07-03 07:55:05 +00:00
9340d5f391
programs: remove explicit default definitions
2023-07-03 07:49:44 +00:00
9f1d61c781
programs: remove quadratic behavior
2023-07-03 07:16:24 +00:00
83e48eabad
WIP: decrease quadratic operations in modules/programs.nix
2023-07-03 07:04:57 +00:00
9b9273b725
programs: call out some quadratic behavior; i can try to fix it in the future
2023-07-03 06:41:48 +00:00
ccaff668c1
sane-lib: path: fix from
bug; tidy
2023-07-03 05:28:53 +00:00
9777e5f83c
trust-dns: rework the module to be more suitable for upstreaming
...
still need to do hardening and docs
2023-07-02 08:21:33 +00:00
3df165593c
web browser: set $BROWSER environment variable
...
this gets used as fallback by e.g. xdg-email
2023-06-30 08:50:58 +00:00
dbd312e9bd
guest: enable access to shelvacu
2023-06-29 09:11:22 +00:00
68cda2006b
cleanup/refactor users
2023-06-28 03:46:29 +00:00
6676935ee1
feeds: add The Linux Experiment
2023-06-28 03:05:45 +00:00
40ec4d6ce0
programs: allow programs to ship system-level environment variables
2023-06-27 10:24:48 +00:00
0751e748ea
feeds: add PostmarketOS podcast
2023-06-25 22:22:32 +00:00
ec3a7067b6
modules/programs.nix: fix eval error when a program is suggestedBy multiple enabled packages
2023-06-23 02:05:26 +00:00
3d56117d65
gocryptfs: remove "defaults" flag
2023-06-10 23:21:42 +00:00
1724ac60e5
feeds: update URL for The Intercept
2023-06-10 23:08:51 +00:00
bf168c7f0f
feeds: update URL for Deconstructed
2023-06-10 22:59:44 +00:00
4fd4efa22f
DNS: split the zone generation out of trust-dns
...
this is in preparation for upstreaming parts of this into nixpkgs
2023-06-08 00:32:28 +00:00
c44f69a01f
modules/services/dyn-dns: specifc sane-ip-check* more irectly
2023-06-07 08:00:43 +00:00
adbc2a76c3
modules/ports.nix: specify sane-ip-port-forward more directly
2023-06-07 08:00:43 +00:00
d6bde02dfe
feeds: update URL for Acquired podcast
2023-06-01 00:04:54 +00:00
d07bb03936
feeds: update URL/title for _ACQ2_
2023-05-31 23:57:08 +00:00
1ab2f42ff4
feeds: update URL for _The Portal_
2023-05-31 23:54:46 +00:00
287817056f
refactor: sane.services.wan-ports -> sane.ports
2023-05-31 04:25:39 +00:00
5cc7ced859
dns: rework so that we branch to the LAN v.s. WAN results based on source IP of the query -- not interface.
...
this simplifies the UPnP forwards and the OVPN routing
2023-05-31 00:56:52 +00:00
4dc5378b3e
dns: give different results based on which port the request arrives from
...
WAN and VPN requests are served by local port 1053 and `wan.uninsane.org`.
LAN requests are served by port 53 and `servo.lan.uninsane.org`.
i'm not *super* fond of this. a recursive resolver of uninsane.org via the VPN will only ever get WAN addresses (broken).
we may prefer to do IP-based responses, maybe via the same Linux firewall rules that forward from VPN namespace to root namespace
2023-05-30 12:00:30 +00:00
35c9f2bf60
servo: enable UPnP port forwarding timer
2023-05-28 20:38:24 +00:00
c1ddddddc0
ports: hide behind services.sane.wan-ports
...
later i will use this to enable UPnP on relevant ports
2023-05-26 23:28:30 +00:00
7e402ce974
dyn-dns: obtain IP address via UPnP
2023-05-26 22:40:50 +00:00
ace9d71d0e
nix-serve: fix typo
2023-05-18 11:07:51 +00:00
fb427e55e8
secrets: define these by crawling the repo to decrease duplication
2023-05-14 09:50:01 +00:00
318efe09e2
secrets: split desko.yaml into one-secret-per-file
2023-05-14 02:29:30 +00:00
9d6629ad12
feeds: subscribe tuxphones.com
2023-05-12 07:45:42 +00:00
59a2259105
feeds: add theregister.com
2023-05-09 22:53:06 +00:00
51c7ccd782
feeds: subscribe Morning Brew
2023-05-08 21:50:59 +00:00
74ed7bff11
programs: remove wantedBy
from the fs, and make it implicit
2023-05-08 21:41:02 +00:00
89f28e63b4
fs: leave a note about trying lazyAttrs
2023-05-08 09:50:10 +00:00
f89f136041
sane.programs: allow per-program config (and port web-browser to use that)
2023-05-08 09:49:58 +00:00
2450bb6f06
refactor package layout to conform better with NUR expectations
2023-05-02 01:27:51 +00:00
44195a7d87
programs: ship /home secrets correctly
2023-04-26 03:46:18 +00:00
9c09d03e5c
programs: add per-program secrets
2023-04-26 00:19:33 +00:00
1f2c9a9a5e
refactor hosts/common/home to use sane.programs
API
2023-04-24 07:22:33 +00:00
337fb9e9d9
sane.programs: allow programs to define files, as per sane.fs
2023-04-24 06:49:56 +00:00