|
25298c9be6
|
lappy: remove unused xkb_mobile_normal_buttons
|
2024-06-04 14:40:03 +00:00 |
|
|
e61549d917
|
moby: split remaining polyfill into roles.handheld
|
2024-06-04 14:38:32 +00:00 |
|
|
eca14a644b
|
refactor: moby: lift some of the polyfill out to pine64 hal
|
2024-06-04 14:36:46 +00:00 |
|
|
3937121522
|
refactor: moby: split pinephone-specific stuff into sane.hal.pine64
|
2024-06-04 14:35:34 +00:00 |
|
|
b334db28c6
|
refactor: hide x86_64-specific host config in a module
|
2024-06-04 14:26:24 +00:00 |
|
|
b52057e317
|
refactor: split "quirks.nix" out of hosts/common/hardware/default.nix
|
2024-06-04 14:14:22 +00:00 |
|
|
414ab85e20
|
refactor: move hosts/common/hardware/default.nix into hosts/common/boot.nix
|
2024-06-04 14:12:28 +00:00 |
|
|
82133a8f16
|
refactor: move logind config into systemd.nix
|
2024-06-04 14:09:58 +00:00 |
|
|
43a63d4f6e
|
hosts/modules: remove unused yggdrasil
|
2024-06-04 13:58:49 +00:00 |
|
|
9f9fc7d65b
|
moby: also sync books from servo
|
2024-06-04 10:08:25 +00:00 |
|
|
79d395e01c
|
nixpkgs: 2024-06-03 -> 2024-06-04, sops-nix
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/c987c730bbf2121264ebd68921b443db5bb28543' (2024-06-03)
→ 'github:nixos/nixpkgs/6a56765581a4dcf961a90faf54d32edb991bd315' (2024-06-04)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/77a51024c0f953d503eb3ed364aa4bff378649f8' (2024-06-03)
→ 'github:nixos/nixpkgs/c3759101288ea92aec42ab7b8aed4e967cfb8eb3' (2024-06-04)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/ab2a43b0d21d1d37d4d5726a892f714eaeb4b075' (2024-06-02)
→ 'github:Mic92/sops-nix/d4555e80d80d2fa77f0a44201ca299f9602492a0' (2024-06-03)
```
|
2024-06-04 06:35:29 +00:00 |
|
|
394259fe21
|
modemmanager: harden systemd service
|
2024-06-03 16:41:51 +00:00 |
|
|
8c256c629b
|
networkmanager: harden further with NoNewPrivileges and PrivateTmp
|
2024-06-03 16:23:22 +00:00 |
|
|
0e2d86ac96
|
NetworkManager-dispatcher: note why we cant use DynamicUser
|
2024-06-03 15:57:41 +00:00 |
|
|
e2a1e6730d
|
NetworkManager-dispatcher: harden systemd service
|
2024-06-03 15:44:22 +00:00 |
|
|
a1e923f999
|
networkmanager: tighten ProtectSystem to "strict"
|
2024-06-03 15:10:14 +00:00 |
|
|
09333c992c
|
wpa_supplicant: harden systemd service
|
2024-06-03 15:09:32 +00:00 |
|
|
80eb385c64
|
networkmanager: restrict service (using systemd options)
|
2024-06-03 14:27:00 +00:00 |
|
|
f6725f60b9
|
networkmanager: re-introduce my polkit patches
|
2024-06-03 13:04:48 +00:00 |
|
|
2f1592376d
|
document more sandbox limitations
|
2024-06-03 11:59:44 +00:00 |
|
|
42fed64b75
|
NetworkManager: split specific config options out of my main net/default.nix file
|
2024-06-03 11:24:38 +00:00 |
|
|
682143d47f
|
NetworkManager: 1.46.0 -> 1.48.0
mostly so i can review the PR and get this update mainlined sooner :)
|
2024-06-03 11:23:33 +00:00 |
|
|
1448cb4444
|
sane-reboot: fix operation on servo
|
2024-06-03 09:33:35 +00:00 |
|
|
2d07ff966b
|
health-check: mention failed systemd services
|
2024-06-03 09:30:02 +00:00 |
|
|
83404f6769
|
nixos/networkmanager patch: grab via PR
|
2024-06-03 07:49:53 +00:00 |
|
|
c6bb6e2e3c
|
megapixels-next: fix broken eval of metadata
|
2024-06-03 05:35:09 +00:00 |
|
|
9d109644b7
|
nixpkgs: 2024-06-01 -> 2024-06-03; sops-nix -> 2024-06-02
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/f7de25c01e4c073c06e0525226a0c2311d530cee' (2024-06-01)
→ 'github:nixos/nixpkgs/c987c730bbf2121264ebd68921b443db5bb28543' (2024-06-03)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/61c1d282153dbfcb5fe413c228d172d0fe7c2a7e' (2024-06-01)
→ 'github:nixos/nixpkgs/77a51024c0f953d503eb3ed364aa4bff378649f8' (2024-06-03)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/962797a8d7f15ed7033031731d0bb77244839960' (2024-05-26)
→ 'github:Mic92/sops-nix/ab2a43b0d21d1d37d4d5726a892f714eaeb4b075' (2024-06-02)
• Updated input 'sops-nix/nixpkgs-stable':
'github:NixOS/nixpkgs/59a450646ec8ee0397f5fa54a08573e8240eb91f' (2024-05-25)
→ 'github:NixOS/nixpkgs/3b1b4895b2c5f9f5544d02132896aeb9ceea77bc' (2024-06-01)
```
|
2024-06-03 05:31:28 +00:00 |
|
|
0050403b31
|
scripts: add an update helper
someday i can extend this for updating packages and feeds too
|
2024-06-03 05:30:03 +00:00 |
|
|
e4bcbab224
|
hosts: networking: switch to using nixos NetworkManager/ModemManager/etc, just patched for hardening
|
2024-06-02 11:22:03 +00:00 |
|
|
1b85aa0441
|
networkmanager/modemmanager: get closer to nixpkgs upstream
i've seen enough, that there's a path toward getting nixos proper to sandbox this in a way i'm happy with -- in time
|
2024-06-02 08:56:38 +00:00 |
|
|
f5e5d1bcc4
|
networkmanager: fix polkit integrations when running not as root
now nmcli/etc work
|
2024-06-02 05:10:11 +00:00 |
|
|
30d41f82f2
|
refactor: networkmanager: use substitute instead of sed when patching
|
2024-06-01 22:16:18 +00:00 |
|
|
62dbad3486
|
polyunfill: remove a few more default systemPackages
|
2024-06-01 21:06:40 +00:00 |
|
|
4287ecf0ed
|
polyfill: don't ship unused mtools package
|
2024-06-01 20:15:04 +00:00 |
|
|
b13ca92b72
|
polyfill: remove boot.{enableContainers,bcache}
|
2024-06-01 20:14:49 +00:00 |
|
|
45e121eb1c
|
make-sandboxed: preserve meta.mainProgram
|
2024-06-01 20:01:24 +00:00 |
|
|
53bbd611da
|
nixpkgs-review: persist the ~/.cache/nixpkgs-review directory
|
2024-06-01 17:15:54 +00:00 |
|
|
f0128b9496
|
apply patch for when trust-dns is renamed to hickory-dns
|
2024-06-01 17:07:44 +00:00 |
|
|
368169d48d
|
todo.md: start documenting sudo issues
|
2024-06-01 17:06:36 +00:00 |
|
|
cb1d5d53c6
|
feeds: add mintcast podcast
|
2024-06-01 16:28:42 +00:00 |
|
|
a5a635f00b
|
sftpgo: simplify my package override now that sftpgo 2.6.0 is merged
|
2024-06-01 16:22:22 +00:00 |
|
|
6fe3d26b30
|
modemmanager: fix missing mmcli binary in service definition
|
2024-06-01 15:41:14 +00:00 |
|
|
8340cf059f
|
nixpkgs-review: fix sandboxing
|
2024-06-01 15:26:23 +00:00 |
|
|
e0da3ece60
|
errno: simplify
|
2024-06-01 14:48:55 +00:00 |
|
|
8ea379d53b
|
errno: ship on all platforms
|
2024-06-01 14:04:45 +00:00 |
|
|
c7dd49af91
|
errno: fix cross compilation by not building *all* of moreutils
|
2024-06-01 14:03:59 +00:00 |
|
|
e8b900c722
|
todo.md: add media looping controls
|
2024-06-01 13:37:51 +00:00 |
|
|
36f4fa3018
|
checkSandboxed: fix so that cross-built scripts can be checked again
how did this work earlier? does lappy have binfmt enabled??
|
2024-06-01 13:24:41 +00:00 |
|
|
d8d11de9bc
|
sftpgo: replace deprecated "crypt" with "passlib"
|
2024-06-01 13:01:19 +00:00 |
|
|
07194d062a
|
servo: nfs: disable
|
2024-06-01 12:45:10 +00:00 |
|