colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
4,860 Commits 125 Branches 1 Tag 12 MiB
5e3c2636db
Commit Graph

2018 Commits

Author SHA1 Message Date
Colin
cd0a046776 dovecot: remove dead code 2024-02-02 20:47:55 +00:00
Colin
27edee0bbf dovecot2: fix sieves 2024-02-02 20:47:20 +00:00
Colin
56734fe5da mpv: add /dev/dri to the sandbox 2024-02-02 19:18:30 +00:00
Colin
3c96f6d418 programs: koreader: enable DRI in the sandbox, and use wrappedDerivation 2024-02-02 17:22:57 +00:00
Colin
86b23e8183 programs: fractal: enable DRI in sandbox 2024-02-02 17:19:35 +00:00
Colin
065d045640 fix so sway inherits program env vars 2024-02-02 15:36:06 +00:00
Colin
d3eaa69261 lappy/desko: auto-start signal-desktop 2024-02-02 14:22:08 +00:00
Colin
6151eee8d5 programs (assorted): fix wantedBy = "default.target" to be more specific 
now GUI apps aren't stuck in a restart loop until sway starts

in particular, signal-desktop can actually be autostarted
 2024-02-02 14:21:57 +00:00
Colin
483a1d1780 sway: signal on launch to systemd that the graphical-session.target is ready 
this allows auto-launching of other services which require a compositor (i.e. messaging apps)
 2024-02-02 14:20:30 +00:00
Colin
2824671bde tune nix deploy parameters (specifically for moby) 
this is experimental; hard to understand immediately how significant are the effects
 2024-02-02 00:50:25 +00:00
Colin
efcaef2c35 lappy/desko/servo: downgrade kernel 6.7 -> 6.6 (latest supported by zfs) 2024-02-01 16:21:46 +00:00
Colin
25707eb79e servo: address deprecation warning: dovecot2.sieveScripts -> sieve.scripts 2024-02-01 15:47:56 +00:00
Colin
09923b60ea moby: disable desko as nixcache 2024-02-01 15:41:43 +00:00
Colin
3100189172 purge supercap 
i no longer have access to dispatch build jobs to it :((((
 2024-02-01 15:36:37 +00:00
Colin
715ac42f13 remove samba from closure 
current samba hangs during configurePhase. this is not the first time samba has failed to build. nor the third. purge it.
 2024-02-01 15:28:40 +00:00
Colin
a9810e7343 re-ship linux 6.7 to lappy/desko/servo 
now that landlock-sandboxer builds against the correct linux headers,
this can actually work.
 2024-02-01 13:54:44 +00:00
Colin
00f995aec9 fixup landlock-sandboxer to work well for all systems 
downgrade lappy/desko/servo back to default linux; zfs doesn't support latest

build landlock-sandboxer against the specific kernel being deployed; it's less noisy that way
 2024-01-31 21:19:10 +00:00
Colin
368eb2c29b programs: git: whitelist more repo roots 2024-01-31 21:17:48 +00:00
Colin
5f793523d1 ship linux 6.7 to lappy/desko/servo 2024-01-31 20:33:15 +00:00
Colin
33bee7ac2e unl0kr: be a little more robust against bad password entry 2024-01-31 20:32:26 +00:00
Colin
84af8aca3c unl0kr: remove debugging code 2024-01-31 20:10:57 +00:00
Colin
a0f00313a7 moby: disable signal-desktop autostart 2024-01-31 20:09:03 +00:00
Colin
6603115192 moby: disable getty auto-login 
i think this interacts badly with unl0kr style logins, though
honestly kinda hard to tell if that was a fluke or real.
 2024-01-31 19:47:24 +00:00
Colin
ac968e1589 sxmo: allow the option to disable greeter entirely 2024-01-31 19:46:37 +00:00
Colin
1d72e13a98 sxmo: launch via unl0kr by default 2024-01-31 17:40:36 +00:00
Colin
d9667653e7 docs: sway: point out that one can launch sway directly from a TTY 2024-01-31 16:29:27 +00:00
Colin
13be5a1731 unl0kr: fix LOGIN_TIMEOUT to be infinite 2024-01-31 15:43:30 +00:00
Colin
30288cd67f user: add CAP_NET_ADMIN,CAP_NET_RAW even outside of systemd session 
in fact, *only* outside of systemd session because they broke ambient caps in 255
 2024-01-31 15:42:43 +00:00
Colin
8736ca478b programs: firefox: allow access to servo image-macros 2024-01-31 15:36:09 +00:00
Colin
cb3960fb21 programs: git: fix access to ~/private/knowledge 2024-01-31 15:35:21 +00:00
Colin
6e24a1ff28 programs: re-enable sops 2024-01-31 15:30:15 +00:00
Colin
91eae95b32 modules.gui.gnome: fix build 2024-01-31 15:29:49 +00:00
Colin
f5c88853ee sway: replace "greetd" with "unl0kr"-based login process 2024-01-31 15:20:27 +00:00
Colin
0009e5ca4c programs: sandboxing: use wrapperType="wrappedDerivation" where applicable 2024-01-29 15:21:16 +00:00
Colin
db6ba61429 programs: sandbox more apps with wrapperType=wrappedDerivation 2024-01-29 13:45:57 +00:00
Colin
d3f7a036ce ripgrep: move options out of assorted.nix into its own file 2024-01-29 12:57:56 +00:00
Colin
0454abacd9 komikku: sandbox 2024-01-29 12:56:08 +00:00
Colin
1cb2c5225f programs: use wrapperType=wrappedDerivation where possible 2024-01-29 12:07:04 +00:00
Colin
6f86e61a00 firefox: fix build 
zip was giving some complaints... i'm not sure why, i think it still works
 2024-01-29 09:57:35 +00:00
Colin
c1a1f51ca2 git: fix git-upload-pack (used on the remote when doing git pull) 2024-01-29 09:57:27 +00:00
Colin
381da74e6c users: enable pam_cap for "login" program 2024-01-28 17:55:19 +00:00
Colin
24c70c3683 feeds: switch acoup.blog to the database type feed 
at some point my feed script became capable of understanding his RSS :)
 2024-01-28 12:37:38 +00:00
Colin
bfec531fa2 sandbox a bunch more apps 2024-01-28 11:43:05 +00:00
Colin
de11edffa5 programs/assorted: remove more unused programs 2024-01-28 11:34:33 +00:00
Colin
e536e3c718 programs/assorted.nix: remove unused tree-sitter package 2024-01-28 11:03:09 +00:00
Colin
17d14dbac2 programs/assorted.nix: uninstall some programs i don't frequently use 2024-01-28 10:40:57 +00:00
Colin
94981ef335 vim: sandbox 2024-01-28 10:39:08 +00:00
Colin
3cd244be76 git: sandbox with bwrap 2024-01-28 10:36:19 +00:00
Colin
7da979503b bubblewrap: explicitly disable sandboxing 2024-01-27 17:20:40 +00:00
Colin
3b32c26026 zsh: explicitly disable sandboxing 2024-01-27 17:20:24 +00:00