|
|
0d99293b2f
|
servo: split the doof/ovpns netns config into its own module
a big thing this gets me is that the attributes (like IP addresses) are now accessible via 'config' an i won't have to hardcode them so much
|
2024-06-17 09:25:10 +00:00 |
|
|
|
b0ee12ba7b
|
modules/users: export HOME in environment.d because some services (nwg-panel) need it
|
2024-06-16 06:01:20 +00:00 |
|
|
|
c50a4d1d71
|
static-nix-shell: fix mkBash scripts to actually be invokable from the CLI
they need the `bash` package! how did this work before?
|
2024-06-15 07:42:04 +00:00 |
|
|
|
330a64d820
|
feeds: add xorvoid.com
|
2024-06-13 04:46:12 +00:00 |
|
|
|
6d1db1ee67
|
feeds: update metadata
|
2024-06-13 03:03:15 +00:00 |
|
|
|
46e9d5f758
|
programs: fix s6 deps when dbus isnt enabled
|
2024-06-12 07:11:41 +00:00 |
|
|
|
11cdac0357
|
mobile-nixos: import by fetchFromGitHub instead of via flake
|
2024-06-07 21:15:54 +00:00 |
|
|
|
1dd10450f2
|
modules/image: remove extraneous sane.image.enable option
|
2024-06-07 07:42:47 +00:00 |
|
|
|
52a0e8cf53
|
modules/hal/samsung: init
this can be used to get baseline support for samsung exynos5 chromebook
i should probably rename it, in time
|
2024-06-07 07:33:46 +00:00 |
|
|
|
d75f59ba06
|
modules/image: increase the default boot partition size from 512 MiB -> 1024 MiB
|
2024-06-07 07:29:50 +00:00 |
|
|
|
aa0a395353
|
nit: fix image output to be a file, not an item inside a folder
|
2024-06-07 07:28:56 +00:00 |
|
|
|
3aa2ece59b
|
modules/programs: convert lib.optionalAttrs to mkIf
this allows stuff to be lazier
|
2024-06-07 07:26:07 +00:00 |
|
|
|
45e121eb1c
|
make-sandboxed: preserve meta.mainProgram
|
2024-06-01 20:01:24 +00:00 |
|
|
|
f0128b9496
|
apply patch for when trust-dns is renamed to hickory-dns
|
2024-06-01 17:07:44 +00:00 |
|
|
|
cb1d5d53c6
|
feeds: add mintcast podcast
|
2024-06-01 16:28:42 +00:00 |
|
|
|
36f4fa3018
|
checkSandboxed: fix so that cross-built scripts can be checked again
how did this work earlier? does lappy have binfmt enabled??
|
2024-06-01 13:24:41 +00:00 |
|
|
|
f875db916d
|
sandboxing: fix checkSandboxed to handle packages with multiple outputs
|
2024-06-01 12:12:46 +00:00 |
|
|
|
f296d8df93
|
make-sandboxed: fix multi-output packages and sandbox *all* their outputs
this mostly applies to the wrapperType = 'inplace' users
|
2024-05-31 23:26:16 +00:00 |
|
|
|
0bb887158b
|
implement a dropbear SSH module
|
2024-05-30 20:58:01 +00:00 |
|
|
|
4c84d1a727
|
doc: modules/users: show what XDG_SESSION_{ID,CLASS,TYPE} could look like if set
|
2024-05-30 08:44:26 +00:00 |
|
|
|
4aeb3360d3
|
cleanup: programs: dont assume sway is always the wayland/x11 provider
|
2024-05-30 06:00:32 +00:00 |
|
|
|
0c456d11d8
|
programs: ensure things which depend on sound or wayland are ordered after it
|
2024-05-30 04:55:05 +00:00 |
|
|
|
3b73773169
|
programs: ensure things which depend on dbus are ordered after it
|
2024-05-30 03:48:45 +00:00 |
|
|
|
9ba8ff738b
|
refactor: sane.programs.$foo.service: specify type concretely
|
2024-05-30 03:39:32 +00:00 |
|
|
|
c5c174f988
|
sway: patch to use a narrower sandbox
|
2024-05-29 18:24:59 +00:00 |
|
|
|
d4dfcd6510
|
login: remove systemd pam integration (so it doesnt try, and fail, to start the user manager)
|
2024-05-29 15:42:39 +00:00 |
|
|
|
d865be952a
|
refactor: sandboxing: replace manual --sanebox-keep-namespace pid config with isolatePids = false
|
2024-05-29 12:56:46 +00:00 |
|
|
|
00d06db66a
|
make-sandboxed: handle more systemd service files
|
2024-05-29 12:54:44 +00:00 |
|
|
|
b88467771e
|
doc: trust-dns: fix wan.txt example path
|
2024-05-29 09:33:59 +00:00 |
|
|
|
1ee21c4795
|
NetworkManager: run as user instead of root
|
2024-05-29 09:16:30 +00:00 |
|
|
|
be38d56717
|
make-sandboxed: handle more systemd/dbus service file locations
|
2024-05-28 13:36:01 +00:00 |
|
|
|
7e490f5c07
|
remove lingering references to sxmo
|
2024-05-27 00:38:30 +00:00 |
|
|
|
af72f312d3
|
sandbox: remove /run/wrappers: SUID wrappers dont really accomplish much inside a namespace
|
2024-05-26 01:18:30 +00:00 |
|
|
|
6a15434cc6
|
net/vpn: remove the bridge devices from my VPN setup
|
2024-05-26 01:18:30 +00:00 |
|
|
|
73f5c9608e
|
sanebox: tighter dependency handling, to not rely on @BACKEND_FALLBACK@
|
2024-05-25 10:26:36 +00:00 |
|
|
|
b035d312aa
|
firejail: purge
|
2024-05-25 10:21:31 +00:00 |
|
|
|
7b1bc210fd
|
sanebox: integrate with pasta (passt) for better net sandboxing
|
2024-05-25 09:39:18 +00:00 |
|
|
|
118ed5f950
|
sanebox: populate --sanebox-net-dev with the actual net device -- not the bridge
|
2024-05-25 08:17:38 +00:00 |
|
|
|
ffe599e5cb
|
sanebox: rename --sanebox-net to --sanebox-net-dev
|
2024-05-25 08:13:35 +00:00 |
|
|
|
30c677fafc
|
feeds: subscribe to weekinethereumnews.com
|
2024-05-25 00:52:39 +00:00 |
|
|
|
f7cc3fc5d9
|
modules/dns: support AAAA records
|
2024-05-20 05:46:25 +00:00 |
|
|
|
cbbddee152
|
modules/programs: add ~/.config/FOO and ~/.local/share/FOO to the sandbox where applicable
|
2024-05-18 06:32:07 +00:00 |
|
|
|
157af52112
|
feeds: add Grumpy.website
|
2024-05-16 19:25:22 +00:00 |
|
|
|
9d725a0974
|
servo: disable unused nixcache.uninsane.org
|
2024-05-16 02:46:23 +00:00 |
|
|
|
df4ef0ce5a
|
desko: disable nix-serve
|
2024-05-16 02:35:27 +00:00 |
|
|
|
b5502ea401
|
sanebox: remove --sanebox-cache-symlink flag
|
2024-05-15 23:59:38 +00:00 |
|
|
|
1211023c55
|
modules/programs: remove dead code from per-user profiles
|
2024-05-15 23:58:10 +00:00 |
|
|
|
b4229ecb1e
|
sanebox: load the link cache from a static /etc path instead of via CLI args
|
2024-05-15 23:55:15 +00:00 |
|
|
|
348837ff4a
|
programs: sandboxing: replace profiles with raw CLI args
|
2024-05-15 09:13:20 +00:00 |
|
|
|
17eaa7446a
|
sanebox: remove all profile-related features except for direct, path-based profile loading
|
2024-05-15 09:13:20 +00:00 |
|
