e2985ef018
sane-scripts: new helper to redirect stdout to some permissioned file
2022-10-24 23:43:32 -07:00
d54b595e45
RSS: subscribe to Edward Snowden
2022-10-24 20:23:14 -07:00
ad75ed352c
RSS: clean up the substack subs
2022-10-24 20:14:36 -07:00
306836042c
RSS: add my own feed :-)
2022-10-24 19:52:39 -07:00
965181c8b0
moby: change password
2022-10-24 08:33:51 -07:00
b344c38bfb
provide a script for changing the ~/private dir secrets
...
gocryptfs doesn't (i think?) ship a tool for changing the password: you
just create a new fs and rsync/mv the data
2022-10-24 08:21:53 -07:00
174bc539bc
moby: enable a statically-assigned but encrypted password
2022-10-24 07:39:50 -07:00
9ef457c0dd
secrets/servo: grant access to lappy
2022-10-24 06:56:16 -07:00
939278b970
home: migrate Element directory to private storage
2022-10-24 06:42:51 -07:00
3d0bd0fbf4
remove TODO
file
...
some of these had been done. the ones not done are documented elsewhere
(either in this repo or in my own PKM).
2022-10-24 06:20:22 -07:00
36d8a711ac
modules/services: abstract behind default.nix
2022-10-24 06:13:04 -07:00
4c4b73f693
refactor: helpers/set-hostname.nix
becomes machines/instantiate.nix
2022-10-24 06:06:11 -07:00
9151f58b37
desko: set a password
2022-10-24 01:59:36 -07:00
b2c55ed98a
sane-private-unlock: make ~/private if it doesn't exist
2022-10-24 01:53:41 -07:00
1721546410
store ssh keys in ~/private, where they're encrypted
2022-10-24 01:33:14 -07:00
c833c68d83
move ssh pubkeys into their own file for future reuse
2022-10-24 01:33:01 -07:00
9a4c2613c1
lappy: update passwd
2022-10-24 00:47:09 -07:00
8de5b0a79d
iwd: switch APs more aggressively
...
unclear how much of a difference this makes yet: will hopefully
test/tune it over time.
2022-10-24 00:25:19 -07:00
ced64e63ef
Merge remote-tracking branch 'remotes/origin/staging/nixpkgs-2022-10-22'
2022-10-24 00:22:41 -07:00
8dd267db30
servo: goaccess: anonymize IPs and hide the 'HOSTS' panel
2022-10-24 00:16:42 -07:00
10541698a7
flake update: nixpkgs 2022-10-19 -> 2022-10-22
& others
...
```
• Updated input 'mobile-nixos':
'github:nixos/mobile-nixos/2a4d4a71e1dfa6d9001249fd57229e949dac0908' (2022-10-21)
→ 'github:nixos/mobile-nixos/1351091d2537040454fa232d8b94e745ab0eb5a3' (2022-10-24)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/db25c4da285c5989b39e4ce13dea651a88b7a9d4' (2022-10-19)
→ 'github:NixOS/nixpkgs/95aeaf83c247b8f5aa561684317ecd860476fcd6' (2022-10-22)
• Updated input 'nixpkgs-stable':
'github:NixOS/nixpkgs/44fc3cb097324c9f9f93313dd3f103e78d722968' (2022-10-20)
→ 'github:NixOS/nixpkgs/3933d8bb9120573c0d8d49dc5e890cb211681490' (2022-10-22)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/8e470d4eac115aa793437e52e84e7f9abdce236b' (2022-10-18)
→ 'github:Mic92/sops-nix/1b5f9512a265f0c9687dbff47893180f777f4809' (2022-10-23)
• Updated input 'sops-nix/nixpkgs-22_05':
'github:NixOS/nixpkgs/945a85cb7ee31f5f8c49432d77b610b777662d4f' (2022-10-15)
→ 'github:NixOS/nixpkgs/f9115594149ebcb409a42e303bec4956814a8419' (2022-10-23)
```
2022-10-23 21:47:03 -07:00
b658b93c64
lappy: store the hashed user passwd in git and decrypt it into /etc/passwd on boot
...
this approach lets me persist the password. persisting /etc/shadow
directly wasn't so feasible. populating /etc/shadow at activation time
is something nix already does and is easy to plug into.
so we store the passwd hash in this repo, but encrypt it to the
destination machine's ssh pubkey to add enough entropy that it's not
brute-forceable through the public git repo.
2022-10-23 06:53:06 -07:00
f68bc342e8
fix activationScript ordering to remove sops double-decrypt hack
2022-10-23 06:53:05 -07:00
e3221bf8b9
home: add handbrake program
2022-10-23 03:02:31 -07:00
3cfe236e90
sane-sync-from-iphone: handle the case where /mnt/iphone is hung
2022-10-22 23:35:00 -07:00
2b14648587
servo: persist the maildir
...
this way i don't lose my mail on every reboot...
wow i can't believe it took me this long to make the connection.
2022-10-22 07:00:56 -07:00
0753aa59e9
refactor: move default home impermanence dirs to modules/universal/users.nix
2022-10-22 06:09:53 -07:00
55cbce17c2
refactor: impermanence: remove duplicate function map-service-dirs
2022-10-22 06:03:04 -07:00
ebf3152ced
refactor: purge impermanence.home-files
option
...
persisting individual files doesn't work super well. we can do without
it and things are simpler.
2022-10-22 05:56:04 -07:00
8345375bc4
zsh: fix history path to be fully-qualified
...
it's implicitly a relative path to where the shell is initialized.
2022-10-22 05:52:05 -07:00
cc63cacf28
new script to unlock ~/private
2022-10-22 05:47:17 -07:00
8f61ba6085
zsh: move .zsh_history to ~/.local/share/zsh
...
this works better with impermanence (see code comment)
2022-10-22 04:08:37 -07:00
b43103a024
refactor: move .zsh_history impermanence definition into zsh.nix
2022-10-22 04:02:40 -07:00
187a52527b
refactor: squash env
directory
2022-10-22 03:56:50 -07:00
b26e826b3b
sway: add a config option to disable the greeter (and auto-login instead)
...
i need this now as a way to keep gtk3 packages (in greetd) out of the
environment, so i can test the Nautilus gtk3-not-present bug.
2022-10-22 01:31:51 -07:00
3851136398
nginx/goaccess: opt-in *specific* hosts for public logs
...
the other hosts are by default private. mostly because they're just
internal services where i'm the primary user.
2022-10-21 22:38:38 -07:00
635fee1bda
nginx: include hostname in log so goaccess can group on it
2022-10-21 22:00:49 -07:00
5048ee1ce5
servo: fix RSS feeds.nix invalid reference (fix build)
2022-10-21 21:59:17 -07:00
e787dc29c6
servo: enable goaccess
for metrics/monitoring
...
TODO: change the nginx log format to include virtualhost and enable
goaccess to group by host
2022-10-21 09:55:49 -07:00
7cc44f9455
feeds: follow Anish Lakhwara
...
supposedly. we'll see if my RSS client actually understands that feed...
2022-10-21 09:30:54 -07:00
419ababe6f
home-manager: split discord.nix
out of default.nix
2022-10-21 09:27:04 -07:00
e4c0a0d468
home-manager: split aerc.nix
out of default.nix
2022-10-21 09:15:08 -07:00
0e63cd4e11
home-manager: split sublime-music.nix
out of default.nix
2022-10-21 09:10:55 -07:00
9328e5ff32
home: disable nb
2022-10-21 09:01:06 -07:00
87dda0ad11
home: nb: move package inclusion to nb.nix
2022-10-21 08:59:04 -07:00
46783cd0e2
home-manager: split nb
out of default.nix
2022-10-21 08:53:08 -07:00
f7d3b8128e
home-manager: split vlc
config out of default.nix
2022-10-21 08:47:21 -07:00
9119f0b092
home-manager: split mpv
config out of default.nix
2022-10-21 08:44:25 -07:00
17189b22e9
home-manager: split git
config out of default.nix
2022-10-21 08:41:28 -07:00
7db3816511
home-manager: move librewolf
out of default.nix
2022-10-21 08:38:20 -07:00