3b8d6c8587
refactor: s6/unl0kr/profile: put more shell init stuff directly in modules/users/default.nix when it doesnt benefit from being pluggable
2024-07-26 15:58:59 +00:00
f4df121e3d
persist/private: s6: use systemd to explicitly start the mount, rather than assume it's already been initiated
2024-07-26 14:01:31 +00:00
96f786de20
persist/private: fix so systemd actually knows when the mount has completed
2024-07-26 12:44:32 +00:00
fcbbfc4a65
fix s6 service ordering: unl0kr -> (wait for mount) -> sway
...
note that the systemd-aware mount never completes -- it's stuck in 'activating' forever. that's the next challenge
2024-07-26 12:18:14 +00:00
4daf5452e8
unl0kr: dont echo password to terminal
2024-07-26 09:36:06 +00:00
af905a2f58
unl0kr: split the gocryptfs unlocking into its own separate service
...
/mnt/persist/private can be depended on by both s6 user services and systemd system services (which will become useful for servo)
/mnt/persist/private can be unlocked by dropping the key in remotely, however that won't kill unl0kr
TODO: fix unl0kr to not also output text to the tty
TODO: ensure gocryptfs mount can handle being fed a wrong password
2024-07-26 08:08:21 +00:00
8ef5920d84
unl0kr: port to an s6 service
...
this has some drawbacks in its current form and will be tidied
it writes the password also to the consold. it requires 'sudo'.
2024-07-25 18:45:01 +00:00
b554d32133
fix permissions of /nix/persist/private, to be user-writable
...
this is important for my rsync-net backup scripts, which need to record timestamps in there
2024-07-25 18:42:45 +00:00
2203d6db59
cleanup: remove XDG_SESSION_TYPE, XDG_VTNR from global environment
2024-07-25 15:26:24 +00:00
874b7aecfa
persist: rename "cryptClearOnBoot" to "ephemeral"
2024-07-25 12:11:46 +00:00
cf8e9f798d
persist/crypt: simplify the fileSystems definitions
...
turns out you can just declare your own fs type, that's cool
2024-07-25 12:11:46 +00:00
70d4925483
gps-share: dont launch until after the modem is actually powered on
2024-07-24 11:15:44 +00:00
225c8de7a2
trust-dns: fix dyn-dns reactor (trust-dns-lan does not exist)
2024-07-24 07:18:29 +00:00
34e770c5f5
sanebox: fix missing dependency on iptables/iproute2
2024-07-24 03:32:12 +00:00
db292850b0
modules/programs: fix sandbox.net = "vpn"
option
2024-07-19 12:44:09 +00:00
8e6272bafd
static-nix-shell: better enforce that all nix-shell deps are specified
2024-07-19 12:21:10 +00:00
a1de7a4afd
users: configure XDG_SESSION_TYPE during shell setup
2024-07-18 00:15:29 +00:00
0b7d8310df
trust-dns: patch resolver to handle more edge-case domains (api.mangadex.org., m.wikipedia.org., ...)
2024-07-17 15:28:41 +00:00
8472320629
sane-vpn: route DNS through the VPN's server
2024-07-17 02:00:05 +00:00
132798be23
sanebox: ensure sanebox is always on the PATH of sandboxed binaries
2024-07-16 07:24:42 +00:00
514cfe7b0b
feeds: subscribe to "Better Offline" podcast
2024-07-12 01:20:00 +00:00
46bf7c5ac9
nixpkgs: 2024-07-06 -> 2024-07-07
2024-07-08 05:38:44 +00:00
6824080f6b
avahi: fix broken sandboxing
2024-07-06 03:08:36 +00:00
3c53bca156
vpn: log a message whenever the endpoint is updated
...
only as i'm actively working in this area. hopefully this log message can be less noisy in the future
2024-07-06 03:03:38 +00:00
5048bd8d70
sanebox: fix that pasta-sandboxed programs would fail compile-time sandboxing test
2024-07-05 20:41:28 +00:00
a12aa02655
sane.programs: provide sandbox.net = "vpn.wg-home"
to tunnel through my home ISP
2024-07-05 20:18:34 +00:00
6d66a5dbf8
vpn: add a service to auto-refresh wireguard endpoints
2024-07-05 20:06:16 +00:00
5d80e298b5
wg-home: deploy so as to be compatible with sane-vpn (e.g., route *WAN* traffic through it)
2024-07-05 18:45:26 +00:00
823f8f2be3
feeds: subscribe to FLOSS Weekly
2024-07-04 13:34:48 +00:00
e72f9be1bf
feeds: subscribe to Sharp Tech
2024-07-04 13:23:36 +00:00
24ed242bac
servo: fix warning for getExe and iptables
2024-07-04 12:43:02 +00:00
e82feb9f71
make-sandboxed: migrate to binary wrapper
2024-07-03 19:35:56 +00:00
4839a40205
make-sandboxed: use makeWrapper
proper, rather than rolling my own
...
i can't use the _binary_ wrapper unless i use a fully-qualified path to 'sanebox' or hide it behind something like /usr/bin/env
2024-07-03 17:54:38 +00:00
e9c51eddb3
feeds: subscribe to Matt Stoller
2024-07-01 07:33:41 +00:00
9b8c461ce9
dont treat python packages specially: lift all python packages out of python-packages/
subdir; remove pyPkgs
arg from static-nix-shell.mkPython3
2024-06-27 11:28:17 +00:00
f54f1c57bc
avahi: integrate with nss
...
now i can resolve .local hosts, via glibc, e.g. 'getent hosts <host>.local'
2024-06-27 06:18:48 +00:00
98d6439f2a
modules/warnings: add a way to bypass module-level assertions as well
2024-06-27 06:17:53 +00:00
5d1c52d0bc
feeds: add buttondown.email
2024-06-24 17:05:10 +00:00
845dba3ca5
modules/vpn: fix deprecation warnings
2024-06-22 03:35:41 +00:00
09a615ee62
netns: factor the netns setup/teardown into distinct services, rather than trying to piggyback network-local-commands
...
idk what network-local-commands is about, nor network-pre.target.
network-pre.target doesn't seem to actually be wanted by anything (?)
2024-06-18 10:36:08 +00:00
f9091c0b0c
netns: ensure that network.target depends on network-pre.target (why doesnt it by default?)
...
this should fix that servo tries to start wg-ovpns before the netns is configured
2024-06-18 09:07:40 +00:00
39a39e763d
trust-dns: hack to substitute ANATIVE before anything else
2024-06-17 22:44:43 +00:00
0d99293b2f
servo: split the doof/ovpns netns config into its own module
...
a big thing this gets me is that the attributes (like IP addresses) are now accessible via 'config' an i won't have to hardcode them so much
2024-06-17 09:25:10 +00:00
b0ee12ba7b
modules/users: export HOME in environment.d because some services (nwg-panel) need it
2024-06-16 06:01:20 +00:00
c50a4d1d71
static-nix-shell: fix mkBash
scripts to actually be invokable from the CLI
...
they need the `bash` package! how did this work before?
2024-06-15 07:42:04 +00:00
330a64d820
feeds: add xorvoid.com
2024-06-13 04:46:12 +00:00
6d1db1ee67
feeds: update metadata
2024-06-13 03:03:15 +00:00
46e9d5f758
programs: fix s6 deps when dbus isnt enabled
2024-06-12 07:11:41 +00:00
11cdac0357
mobile-nixos: import by fetchFromGitHub instead of via flake
2024-06-07 21:15:54 +00:00
1dd10450f2
modules/image: remove extraneous sane.image.enable option
2024-06-07 07:42:47 +00:00