7f8cae42ff
s6: migrate to /run/user/$id/s6
2024-03-23 21:33:08 +00:00
2e58353b0e
refactor: users/services: have waitExists
support waiting on multiple paths
2024-03-23 17:28:29 +00:00
6102a0301d
sway: move $WAYLAND_DISPLAY into a subdir to make it easier to sandbox
2024-03-23 16:37:22 +00:00
39de5b84c2
sway: fix readiness check
2024-03-23 15:54:20 +00:00
5205251f6f
programs: xwayland: sandbox it without exposing net access
2024-03-23 15:33:23 +00:00
8c48adefa5
pipewire: move sockets into a subdirectory for easier sandboxing
2024-03-23 13:34:13 +00:00
4418c16967
users/services: s6: push bundle dependencies down onto the actual atomic services
2024-03-23 13:04:12 +00:00
8008fd35cb
modules/users: allow readiness.pathExists
2024-03-23 13:03:11 +00:00
e6c00e6215
users/services: implement dbus readiness checks for s6-rc
2024-03-21 17:16:11 +00:00
fff9d69e3e
users/services: s6-rc: implement readiness polling
2024-03-21 17:16:11 +00:00
4fa7e6113d
users/services: s6: exec
into the run/finish commands
2024-03-21 17:16:11 +00:00
16ca71188f
users/services: simplify the before/after/wantedBy criteria, to match s6 concepts
2024-03-21 17:16:11 +00:00
c5c37e79ac
users/services: actually remove the systemd backend
2024-03-21 17:16:11 +00:00
d2f6648bce
users/services: refactor: replace ExecStart/ExecStopPost with command/cleanupCommand
...
note that this completely breaks the systemd backend (though easily fixable if wanted)
2024-03-21 17:16:11 +00:00
5c9c7f8073
modules/users/s6-rc: add per-service logging
2024-03-21 17:16:11 +00:00
218072b2fe
refactor: modules/users/s6-rc.nix
2024-03-21 17:16:11 +00:00
d4f217a4f5
refactor: modules/users/s6-rc.nix
2024-03-21 17:16:11 +00:00
40f6f88a64
users/services: s6: remove broken log
stuff
...
apparently the /log shorthand is only applicable to base `s6-supervise`,
and not `s6-rc`. "pipeline"s are the s6-rc equivalent:
<https://wiki.gentoo.org/wiki/S6-rc#Longrun_pipelining >
2024-03-21 17:16:11 +00:00
fbbb09322a
users/services: s6-rc: support ExecStopPost option
2024-03-21 17:16:11 +00:00
e7153ce4a1
users/services: remove ExecStartPre option
2024-03-21 17:16:11 +00:00
b13e7c38c7
users/services: remove script
option
2024-03-21 17:16:11 +00:00
1417497001
users/services: remove serviceConfig.Type option
2024-03-21 17:16:11 +00:00
db12e03f64
users/services: remove oneshot
service type
2024-03-21 17:16:11 +00:00
dee4866737
users/services: remove ConditionEnvironment
option
2024-03-21 17:16:11 +00:00
81a6c53c26
users/services: remove RemainAfterExit option
2024-03-21 17:16:11 +00:00
9afd9725d1
users: services: remove no-longer-needed Restart
and RestartSec
options
2024-03-21 17:16:11 +00:00
452619dbfc
s6: log when a service starts up
...
it still seems to be all logging into a single file though?
2024-03-21 17:16:11 +00:00
8bedc860ae
s6: add some minimal logging
...
the root s6 call seems to be doing some logging, notably feedbackd; still don't know where the other logs are going
2024-03-21 17:16:11 +00:00
cbecdc4a95
s6: use exec
in the run
trampoline, to forward file descriptors and keep a cleaner process tree
2024-03-21 17:16:11 +00:00
e1001f57c5
modules/users: remove no-longer-need environment
option
2024-03-21 17:16:11 +00:00
2336767059
port service manager to s6
...
still a lot of cleanup to do (e.g. support dbus service types), but it boots to a usable desktop
2024-03-21 17:16:11 +00:00
05b37669e3
s6-rc: fix service run
file to have expected format
2024-03-21 17:16:11 +00:00
ea9768c6ab
modules/users: prototype s6 integration: ~/.config/s6/{sources,compiled}
2024-03-21 17:16:11 +00:00
38353dbc29
modules/users: remove unused requiredBy
service option
2024-03-21 17:16:11 +00:00
ef4a8e1989
modules: users: split services -> fs mapping into own systemd.nix
file
2024-03-21 17:16:11 +00:00
acc9a9cb48
modules/users: make it a directory
2024-03-21 17:16:11 +00:00
70b5c57b50
modules/programs: enforce (or rather document) a stricter schema
...
this should make it easier to switch to a different service manager
2024-03-21 17:16:01 +00:00
c28ac38652
modules/users: refactor to remove inherit
s
2024-03-21 17:16:01 +00:00
3c43fba878
feeds: add NativLang per Ben's rec
2024-03-14 07:53:19 +00:00
b25df1d997
sane-sandboxed: fix capabilities example
2024-03-14 01:36:46 +00:00
288d57e5d5
feeds: subscribe to pmOS blog
2024-03-13 23:20:45 +00:00
4510352c07
sane-sandboxed: implement --sane-sandbox-no-portal flag
2024-03-13 04:49:48 +00:00
430592632c
sane-sandboxed: add a help message
2024-03-13 04:49:48 +00:00
56aca78d84
make-sandboxed: also sandbox the .lib
output of a package
2024-03-13 04:49:48 +00:00
30d49dc3c3
feeds: update Anish's URL
2024-03-09 20:51:15 +00:00
8e0031e770
feeds: update Byrne Hobart's feed URL
2024-03-09 20:49:01 +00:00
c453dbac8e
lwn.net: update feed URL
2024-03-09 20:42:03 +00:00
90e3c33536
feeds: subscribe to slatecave.net
2024-03-06 22:40:57 +00:00
8029744c90
modules/programs: don't expose *all* of /run/secrets/home to every program
...
this was actually causing a lot of bwrap errors because that directory's not user-readable
turns out any program which already uses programs.xyz.secrets gets the /run/secrets mounts for free via symlink following
2024-03-02 18:51:39 +00:00
a45e42910d
make-sandboxed: generalize runCommand patch to handle any derivation, called with or without callPackage
2024-03-02 07:11:45 +00:00