|
368eb2c29b
|
programs: git: whitelist more repo roots
|
2024-01-31 21:17:48 +00:00 |
|
|
5f793523d1
|
ship linux 6.7 to lappy/desko/servo
|
2024-01-31 20:33:15 +00:00 |
|
|
33bee7ac2e
|
unl0kr: be a little more robust against bad password entry
|
2024-01-31 20:32:26 +00:00 |
|
|
84af8aca3c
|
unl0kr: remove debugging code
|
2024-01-31 20:10:57 +00:00 |
|
|
a0f00313a7
|
moby: disable signal-desktop autostart
|
2024-01-31 20:09:03 +00:00 |
|
|
6603115192
|
moby: disable getty auto-login
i think this interacts badly with unl0kr style logins, though
honestly kinda hard to tell if that was a fluke or real.
|
2024-01-31 19:47:24 +00:00 |
|
|
ac968e1589
|
sxmo: allow the option to disable greeter entirely
|
2024-01-31 19:46:37 +00:00 |
|
|
2d4fc4f274
|
landlock-sandboxer: build against latest compatible linux
|
2024-01-31 17:45:46 +00:00 |
|
|
1d72e13a98
|
sxmo: launch via unl0kr by default
|
2024-01-31 17:40:36 +00:00 |
|
|
d9667653e7
|
docs: sway: point out that one can launch sway directly from a TTY
|
2024-01-31 16:29:27 +00:00 |
|
|
8c6bf07102
|
todo.md: sync
|
2024-01-31 16:28:56 +00:00 |
|
|
634520a1e9
|
unl0kr: fix cross compilation
|
2024-01-31 16:23:55 +00:00 |
|
|
13be5a1731
|
unl0kr: fix LOGIN_TIMEOUT to be infinite
|
2024-01-31 15:43:30 +00:00 |
|
|
30288cd67f
|
user: add CAP_NET_ADMIN,CAP_NET_RAW even outside of systemd session
in fact, *only* outside of systemd session because they broke ambient caps in 255
|
2024-01-31 15:42:43 +00:00 |
|
|
87e2509af4
|
doc: cozy: mention that upstream has merged the patch i apply
|
2024-01-31 15:36:54 +00:00 |
|
|
8736ca478b
|
programs: firefox: allow access to servo image-macros
|
2024-01-31 15:36:09 +00:00 |
|
|
cb3960fb21
|
programs: git: fix access to ~/private/knowledge
|
2024-01-31 15:35:21 +00:00 |
|
|
6e24a1ff28
|
programs: re-enable sops
|
2024-01-31 15:30:15 +00:00 |
|
|
91eae95b32
|
modules.gui.gnome: fix build
|
2024-01-31 15:29:49 +00:00 |
|
|
f5c88853ee
|
sway: replace "greetd" with "unl0kr"-based login process
|
2024-01-31 15:20:27 +00:00 |
|
|
0009e5ca4c
|
programs: sandboxing: use wrapperType="wrappedDerivation" where applicable
|
2024-01-29 15:21:16 +00:00 |
|
|
0403d5c03e
|
nixpkgs: 2024-01-28 -> 2024-01-29
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/a86d1125195505d4ea8997b12507b9c623511256' (2024-01-28)
→ 'github:nixos/nixpkgs/aa476d3e0de89aeb67950a1bc76b4fd576c24505' (2024-01-29)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/f58fe0f36dbbef39b3f5ec8542a02dece7c9559b' (2024-01-28)
→ 'github:nixos/nixpkgs/a31b9bd76009c73a2f932fbdaa7145ac4a79544f' (2024-01-29)
```
|
2024-01-29 13:49:54 +00:00 |
|
|
db6ba61429
|
programs: sandbox more apps with wrapperType=wrappedDerivation
|
2024-01-29 13:45:57 +00:00 |
|
|
881d2f79ed
|
modules/programs: add "unchecked" passthru to aid debugging
|
2024-01-29 13:36:01 +00:00 |
|
|
47abdfb831
|
modules/programs: patch dbus-1 files to use sandboxed binaries
|
2024-01-29 13:09:43 +00:00 |
|
|
3831c6f087
|
TODO: fold
|
2024-01-29 13:07:44 +00:00 |
|
|
d3f7a036ce
|
ripgrep: move options out of assorted.nix into its own file
|
2024-01-29 12:57:56 +00:00 |
|
|
0454abacd9
|
komikku: sandbox
|
2024-01-29 12:56:08 +00:00 |
|
|
4f8d476ebf
|
modules/programs: patch old /nix/store paths in .desktop files
|
2024-01-29 12:56:08 +00:00 |
|
|
1cb2c5225f
|
programs: use wrapperType=wrappedDerivation where possible
|
2024-01-29 12:07:04 +00:00 |
|
|
7af970f38c
|
modules/programs: extend wrapperType="wrappedDerivation" to handle common share/ items
|
2024-01-29 11:59:38 +00:00 |
|
|
6f86e61a00
|
firefox: fix build
zip was giving some complaints... i'm not sure why, i think it still works
|
2024-01-29 09:57:35 +00:00 |
|
|
3ea3776281
|
nixpkgs: 2024-01-27 -> 2024-01-28
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/ef4dd61b7d53af44b060473308c50fa3b34d5681' (2024-01-27)
→ 'github:nixos/nixpkgs/a86d1125195505d4ea8997b12507b9c623511256' (2024-01-28)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/c002c6aa977ad22c60398daaa9be52f2203d0006' (2024-01-27)
→ 'github:nixos/nixpkgs/f58fe0f36dbbef39b3f5ec8542a02dece7c9559b' (2024-01-28)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/4606d9b1595e42ffd9b75b9e69667708c70b1d68' (2024-01-24)
→ 'github:Mic92/sops-nix/73bf36912e31a6b21af6e0f39218e067283c67ef' (2024-01-28)
• Updated input 'sops-nix/nixpkgs-stable':
'github:NixOS/nixpkgs/a1982c92d8980a0114372973cbdfe0a307f1bdea' (2024-01-12)
→ 'github:NixOS/nixpkgs/9a333eaa80901efe01df07eade2c16d183761fa3' (2024-01-22)
```
|
2024-01-29 09:57:35 +00:00 |
|
|
a7eb8dd6fa
|
nixpkgs: 2024-01-22 -> 2024-01-27
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/dceddd03df4f840ea28c65887c199495793fb322' (2024-01-22)
→ 'github:nixos/nixpkgs/ef4dd61b7d53af44b060473308c50fa3b34d5681' (2024-01-27)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/8cccce637e19577815de54c5ecc3132dff965aee' (2024-01-22)
→ 'github:nixos/nixpkgs/c002c6aa977ad22c60398daaa9be52f2203d0006' (2024-01-27)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/ae171b54e76ced88d506245249609f8c87305752' (2024-01-21)
→ 'github:Mic92/sops-nix/4606d9b1595e42ffd9b75b9e69667708c70b1d68' (2024-01-24)
```
this breaks sway login for lappy. not obvious why.
|
2024-01-29 09:57:35 +00:00 |
|
|
c1a1f51ca2
|
git: fix git-upload-pack (used on the remote when doing git pull)
|
2024-01-29 09:57:27 +00:00 |
|
|
32824cfade
|
modules/programs: sandbox in a manner that's more compatible with link-heavy apps like busybox, git, etc
|
2024-01-29 09:56:30 +00:00 |
|
|
51fc61b211
|
sane-sandboxed: cleanup
|
2024-01-29 09:14:43 +00:00 |
|
|
7b9795ea3d
|
modules/programs: implement embedWrapper option
|
2024-01-29 09:13:49 +00:00 |
|
|
5f3e481fe4
|
sane-sandboxed: refactor and avoid passing duplicate/subpaths into the sandbox
|
2024-01-29 07:15:02 +00:00 |
|
|
86219d7006
|
sane-sandboxed: simplify: consolidate homePaths and rootPaths into just "paths"
|
2024-01-29 05:43:10 +00:00 |
|
|
381da74e6c
|
users: enable pam_cap for "login" program
|
2024-01-28 17:55:19 +00:00 |
|
|
24c70c3683
|
feeds: switch acoup.blog to the database type feed
at some point my feed script became capable of understanding his RSS :)
|
2024-01-28 12:37:38 +00:00 |
|
|
bfec531fa2
|
sandbox a bunch more apps
|
2024-01-28 11:43:05 +00:00 |
|
|
de11edffa5
|
programs/assorted: remove more unused programs
|
2024-01-28 11:34:33 +00:00 |
|
|
294f167df0
|
sane-sandboxed: fix CLI escaping with capsh
|
2024-01-28 11:11:07 +00:00 |
|
|
e536e3c718
|
programs/assorted.nix: remove unused tree-sitter package
|
2024-01-28 11:03:09 +00:00 |
|
|
17d14dbac2
|
programs/assorted.nix: uninstall some programs i don't frequently use
|
2024-01-28 10:40:57 +00:00 |
|
|
94981ef335
|
vim: sandbox
|
2024-01-28 10:39:08 +00:00 |
|
|
3cd244be76
|
git: sandbox with bwrap
|
2024-01-28 10:36:19 +00:00 |
|
|
f100595257
|
modules/programs: properly forward autodetectCliPaths to the sandboxer
|
2024-01-28 10:31:07 +00:00 |
|