6eb2a3d67f
programs: handbrake: sandbox with bwrap
2024-02-05 22:28:15 +00:00
ddc41bc9d8
programs: pavucontrol/pwvucontrol: sandbox with bwrap
2024-02-05 22:15:48 +00:00
7d833ebf76
programs: kdenlive: sandbox with bwrap
2024-02-05 22:07:37 +00:00
bfc0eadfaa
programs: hitori: sandbox with bwrap
2024-02-05 21:52:57 +00:00
ff1cbcc16b
programs: gnome-clocks,gnome-calendar: sandbox with bwrap
2024-02-05 21:46:27 +00:00
9a8d8a20bd
programs: frozen-bubble: persist data and sandbox with bwrap
2024-02-05 21:32:58 +00:00
cd1d22e7b9
programs: gnome-calculator: sandbox with bwrap
2024-02-05 20:58:38 +00:00
2c0e93826d
programs: gimp: sandbox with bwrap
2024-02-05 20:53:05 +00:00
cab346f3ad
programs: delfin: sandbox with bwrap
2024-02-05 20:44:47 +00:00
a2decaff9c
programs: bemenu: sandbox with landlock
2024-02-05 18:41:52 +00:00
8ef9f7a485
epiphany: persist dconf settings; reduce sandboxer errors
2024-02-05 18:31:38 +00:00
12846732b9
programs: blanket: sandbox with bwrap
2024-02-05 18:26:21 +00:00
e84079e84c
programs: firefox: allow sandbox access to ~/dev
2024-02-05 18:17:49 +00:00
45ffd9246d
programs: brave: sandbox with bwrap
2024-02-05 18:17:28 +00:00
ed3935318d
feeds: subscribe to non-paywalled Matt Levine
2024-02-05 16:41:38 +00:00
6d1eae2200
programs: gnome-2048: sandbox with bwrap
2024-02-05 08:26:06 +00:00
293eab8225
koreader: use modern openssl
2024-02-04 20:05:02 +00:00
abdbb83e10
koreader: replace vendored dependencies with their nixpkgs equivalents much more effectively
...
the old method was still causing everything to be re-compiled within koreader, rather than linking against the nix store.
decreases build time to about 3m on a desktop
2024-02-04 19:39:32 +00:00
dc74bca06a
programs: vim: add private/knowledge to sandbox
2024-02-03 23:53:53 +00:00
42523b75a8
programs: gdb: disable sandboxing
2024-02-03 23:53:34 +00:00
111946eb1d
programs: vim, imagemagick: fix sandboxing to consider uncreated files
2024-02-03 14:07:53 +00:00
14b20fd9c2
programs: komikku: fix sandboxing
2024-02-03 00:52:17 +00:00
2df1b20f02
programs: epiphany: simplify the sandboxing
2024-02-03 00:44:23 +00:00
2f9fad503c
programs: fix sandboxing errors for programs which create files (notably: ffmpeg)
2024-02-03 00:17:54 +00:00
cd0a046776
dovecot: remove dead code
2024-02-02 20:47:55 +00:00
27edee0bbf
dovecot2: fix sieves
2024-02-02 20:47:20 +00:00
56734fe5da
mpv: add /dev/dri to the sandbox
2024-02-02 19:18:30 +00:00
3c96f6d418
programs: koreader: enable DRI in the sandbox, and use wrappedDerivation
2024-02-02 17:22:57 +00:00
86b23e8183
programs: fractal: enable DRI in sandbox
2024-02-02 17:19:35 +00:00
065d045640
fix so sway inherits program env vars
2024-02-02 15:36:06 +00:00
d3eaa69261
lappy/desko: auto-start signal-desktop
2024-02-02 14:22:08 +00:00
6151eee8d5
programs (assorted): fix wantedBy = "default.target" to be more specific
...
now GUI apps aren't stuck in a restart loop until sway starts
in particular, signal-desktop can actually be autostarted
2024-02-02 14:21:57 +00:00
483a1d1780
sway: signal on launch to systemd that the graphical-session.target is ready
...
this allows auto-launching of other services which require a compositor (i.e. messaging apps)
2024-02-02 14:20:30 +00:00
2824671bde
tune nix deploy parameters (specifically for moby)
...
this is experimental; hard to understand immediately how significant are the effects
2024-02-02 00:50:25 +00:00
efcaef2c35
lappy/desko/servo: downgrade kernel 6.7 -> 6.6 (latest supported by zfs)
2024-02-01 16:21:46 +00:00
25707eb79e
servo: address deprecation warning: dovecot2.sieveScripts -> sieve.scripts
2024-02-01 15:47:56 +00:00
09923b60ea
moby: disable desko as nixcache
2024-02-01 15:41:43 +00:00
3100189172
purge supercap
...
i no longer have access to dispatch build jobs to it :((((
2024-02-01 15:36:37 +00:00
715ac42f13
remove samba from closure
...
current samba hangs during configurePhase. this is not the first time samba has failed to build. nor the third. purge it.
2024-02-01 15:28:40 +00:00
a9810e7343
re-ship linux 6.7 to lappy/desko/servo
...
now that landlock-sandboxer builds against the correct linux headers,
this can actually work.
2024-02-01 13:54:44 +00:00
00f995aec9
fixup landlock-sandboxer to work well for all systems
...
downgrade lappy/desko/servo back to default linux; zfs doesn't support latest
build landlock-sandboxer against the specific kernel being deployed; it's less noisy that way
2024-01-31 21:19:10 +00:00
368eb2c29b
programs: git: whitelist more repo roots
2024-01-31 21:17:48 +00:00
5f793523d1
ship linux 6.7 to lappy/desko/servo
2024-01-31 20:33:15 +00:00
33bee7ac2e
unl0kr: be a little more robust against bad password entry
2024-01-31 20:32:26 +00:00
84af8aca3c
unl0kr: remove debugging code
2024-01-31 20:10:57 +00:00
a0f00313a7
moby: disable signal-desktop autostart
2024-01-31 20:09:03 +00:00
6603115192
moby: disable getty auto-login
...
i think this interacts badly with unl0kr style logins, though
honestly kinda hard to tell if that was a fluke or real.
2024-01-31 19:47:24 +00:00
ac968e1589
sxmo: allow the option to disable greeter entirely
2024-01-31 19:46:37 +00:00
1d72e13a98
sxmo: launch via unl0kr by default
2024-01-31 17:40:36 +00:00
d9667653e7
docs: sway: point out that one can launch sway directly from a TTY
2024-01-31 16:29:27 +00:00
13be5a1731
unl0kr: fix LOGIN_TIMEOUT to be infinite
2024-01-31 15:43:30 +00:00
30288cd67f
user: add CAP_NET_ADMIN,CAP_NET_RAW even outside of systemd session
...
in fact, *only* outside of systemd session because they broke ambient caps in 255
2024-01-31 15:42:43 +00:00
8736ca478b
programs: firefox: allow access to servo image-macros
2024-01-31 15:36:09 +00:00
cb3960fb21
programs: git: fix access to ~/private/knowledge
2024-01-31 15:35:21 +00:00
6e24a1ff28
programs: re-enable sops
2024-01-31 15:30:15 +00:00
91eae95b32
modules.gui.gnome: fix build
2024-01-31 15:29:49 +00:00
f5c88853ee
sway: replace "greetd" with "unl0kr"-based login process
2024-01-31 15:20:27 +00:00
0009e5ca4c
programs: sandboxing: use wrapperType="wrappedDerivation" where applicable
2024-01-29 15:21:16 +00:00
db6ba61429
programs: sandbox more apps with wrapperType=wrappedDerivation
2024-01-29 13:45:57 +00:00
d3f7a036ce
ripgrep: move options out of assorted.nix into its own file
2024-01-29 12:57:56 +00:00
0454abacd9
komikku: sandbox
2024-01-29 12:56:08 +00:00
1cb2c5225f
programs: use wrapperType=wrappedDerivation where possible
2024-01-29 12:07:04 +00:00
6f86e61a00
firefox: fix build
...
zip was giving some complaints... i'm not sure why, i think it still works
2024-01-29 09:57:35 +00:00
c1a1f51ca2
git: fix git-upload-pack (used on the remote when doing git pull)
2024-01-29 09:57:27 +00:00
381da74e6c
users: enable pam_cap for "login" program
2024-01-28 17:55:19 +00:00
24c70c3683
feeds: switch acoup.blog to the database type feed
...
at some point my feed script became capable of understanding his RSS :)
2024-01-28 12:37:38 +00:00
bfec531fa2
sandbox a bunch more apps
2024-01-28 11:43:05 +00:00
de11edffa5
programs/assorted: remove more unused programs
2024-01-28 11:34:33 +00:00
e536e3c718
programs/assorted.nix: remove unused tree-sitter package
2024-01-28 11:03:09 +00:00
17d14dbac2
programs/assorted.nix: uninstall some programs i don't frequently use
2024-01-28 10:40:57 +00:00
94981ef335
vim: sandbox
2024-01-28 10:39:08 +00:00
3cd244be76
git: sandbox with bwrap
2024-01-28 10:36:19 +00:00
7da979503b
bubblewrap: explicitly disable sandboxing
2024-01-27 17:20:40 +00:00
3b32c26026
zsh: explicitly disable sandboxing
2024-01-27 17:20:24 +00:00
cad25306e7
alacritty: explicitly disable sandbox
2024-01-27 17:20:11 +00:00
4d7414c941
programs: introduce and use "autodetectCliPaths" nix config
2024-01-27 17:19:48 +00:00
b29b8bdec7
wireshark: specify capabilities via sandbox.capabilities config
2024-01-27 17:12:40 +00:00
02b6e17449
nicotine-plus: disable
...
now i have no firejail programs; no more setuid wrapper in /run/wrappers :)
2024-01-27 15:37:43 +00:00
770db96ec6
go2tv: sandbox with bwrap
2024-01-27 15:31:08 +00:00
ff356fdd49
playerctl: sandbox with bwrap
2024-01-27 15:18:56 +00:00
eec89e2cc1
librewolf: sandbox with bwrap
2024-01-27 15:16:53 +00:00
d69d8f64f3
tor-browser: sandbox with bwrap; remove useHardenedMalloc patch
2024-01-27 15:04:22 +00:00
4ee2562202
programs: tidy: prefer "sandbox.extraHomePaths" over "fs" for external deps
2024-01-27 14:54:17 +00:00
08b1ece56e
programs: gnome-weather: sandbox with bwrap
2024-01-27 14:53:38 +00:00
b22c2e094c
koreader: sandbox with bwrap
2024-01-27 14:39:22 +00:00
b40775f97c
koreader-from-src: document FTP configuration
2024-01-27 14:39:02 +00:00
100ddad40e
wike: link to issue about state directory
2024-01-27 14:27:02 +00:00
1bde38bf72
cozy: sandbox with bwrap
2024-01-27 13:11:22 +00:00
0a25ef544f
wike: sandbox with bwrap
2024-01-27 12:29:58 +00:00
79ee47bada
firefox: get away with linking slightly less into the sandbox
2024-01-27 11:41:18 +00:00
be06e61bfb
programs: geary: fix sandboxing
...
this is an UGLY one. geary itself uses bwrap, and that fails if it's sandboxed AT ALL in landlock (i.e. even with just / landlocked as RW).
maybe this has to do with what landlock-sandboxer considers 'read/write' to be, and there's actually more file ops i need to enable on /
2024-01-27 11:28:08 +00:00
dae7785ee2
wireshark: remove dead code
2024-01-27 09:04:08 +00:00
27f3b2bd76
firefox: allow ~/tmp and ~/Pictures access
2024-01-27 06:00:46 +00:00
3e6278fa21
wireshark: sandbox with landlock instead of firejail
...
and remove the SUID wrapper, yay!
2024-01-27 04:44:21 +00:00
8ecb17ed3e
programs: enable libcap_ng/netcap
2024-01-26 09:13:20 +00:00
c4874c85b1
bubblewrap: debugging
2024-01-26 09:13:00 +00:00
563a75e9b2
users: launch entire systemd --user namespace with cap_net_admin, cap_net_raw
...
this should make sandboxing wireshark *much* easier, and same with things which require net namespaces, in the future
2024-01-25 15:05:35 +00:00
79e2bd2913
epiphany: sandbox with bwrap
...
this is the first app which *requires* DRI/DRM to function correctly. maybe this effects anything webkitgtk (like wike)?
2024-01-24 06:25:20 +00:00
95161b55cd
spot: sandbox with bwrap
2024-01-24 05:47:04 +00:00
d91759068c
element-desktop: sandbox with bwrap
2024-01-24 05:37:46 +00:00
c23c496066
programs: tuba: sandbox with bwrap
...
it complains "Fontconfig error: No writable cache directories"
seeeeeveral times. not sure if that's new or not. no obvious
consequences.
2024-01-24 05:34:10 +00:00
f8e8d23857
vlc: sandbox with bwrap instead of firejail
2024-01-24 05:19:20 +00:00
8484bb7978
docs: mime: document how to show the nix mime associations
2024-01-24 05:00:35 +00:00
0e99b296bc
animatch: remove the (unused) .config directory
2024-01-24 02:18:58 +00:00
d0e1241bd1
animatch: fix to run on wayland w/o Xwayland, and enable bwrap sandbox
2024-01-24 01:43:33 +00:00
c1a0a08b76
gtkcord4: sandbox with bwrap
2024-01-24 00:12:12 +00:00
e8748ce0a0
servo: lemmy: pict-rs: port the media-enable-full-video -> media-video-allow-audio CLI flag
2024-01-23 17:12:13 +00:00
7cf9b342cc
gpodder: fixup GPODDER_DOWNLOAD_DIR to be more friendly to sandboxing
2024-01-23 16:44:47 +00:00
8739851f48
evince: port sandbox from firejail to bwrap
2024-01-23 16:44:13 +00:00
d945b43f6b
signal-desktop: switch sandbox from firejail -> bwrap
2024-01-23 16:42:48 +00:00
7722acecee
sway: obtain deps via "config.sane.programs", so that i get the sandboxed version of e.g. splatmoji
2024-01-23 16:32:42 +00:00
571a0a9d06
gui: disable unused abaddon app
2024-01-23 16:30:06 +00:00
ccf4f66dd9
programs: dialect: sandbox with bubblewrap
2024-01-23 16:23:14 +00:00
b38e5403a5
splatmoji: sandbox
2024-01-23 16:01:27 +00:00
09af041745
g4music: ensure it can access the Music dir in its sandbox
2024-01-23 16:00:21 +00:00
cb5131746f
programs: audacity: sandbox with bubblewrap
2024-01-23 15:59:50 +00:00
bfd5630e21
programs: sandbox: omit media dirs by default, and implement --sane-sandbox-autodetect for programs which are liable to load data from paths
2024-01-23 15:48:12 +00:00
026f5dee4d
programs: g4music: sandbox with bwrap
2024-01-23 15:06:45 +00:00
b59be8338a
firefox: fix up sandboxing of ssh/sops
2024-01-23 14:57:57 +00:00
ab4bbc2224
programs: remove explicit firejail installation; let sane.programs decide when to install it sys-wide
2024-01-23 14:57:33 +00:00
156fcd1bf2
aerc: enable bwrap sandbox
2024-01-23 14:57:33 +00:00
bb63a594ab
conky: fixup needed paths for bwrap
2024-01-23 14:57:33 +00:00
f148334b58
programs: port extraFirejailConfig to extraConfig
2024-01-23 14:57:33 +00:00
da537ea8ea
fractal: switch from firejail -> bwrap
2024-01-23 14:13:09 +00:00
18d224dc34
dino: switch from firejail to bwrap
2024-01-23 14:12:52 +00:00
38fd171713
spotify: sandbox with bwrap instead of firejail
2024-01-23 12:12:56 +00:00
84c78d9256
conky: sandbox with bwrap instead of firejail
2024-01-23 12:11:22 +00:00
973203d85e
programs: mpv: sandbox with bwrap instead of firejail
2024-01-23 11:37:37 +00:00
f9174dd2aa
programs: firefox: sandbox with bwrap instead of firejail
2024-01-23 11:37:19 +00:00
0bed4d0ada
mpv: disable firejail sandboxing (it fails on moby)
2024-01-23 01:01:21 +00:00
f3e8af3fdb
doc: libreoffice: mention "still" v.s. "fresh" variants
2024-01-23 01:00:34 +00:00
af542ec05f
docs: gnome-keyring: point out that system gnome-keyring doesn't inherit my sandboxing
2024-01-23 01:00:06 +00:00
399a1d2052
steam: use wrapped package as system steam
2024-01-23 00:59:23 +00:00
bb6e5611d4
docs: conky: point out that un-sandboxed conky is used by sxmo-utils
2024-01-23 00:58:56 +00:00
c11f5a1401
wireshark: fix security.wrappers when wireshark is disabled
2024-01-22 23:58:04 +00:00
5b220f3fec
wireshark: enable firejail isolation
2024-01-22 13:12:10 +00:00
df861a3ef0
programs: firejail: inject custom firejail config through /etc/firejail
...
this improves rebuild times, and makes it easier for packages to inject their own free-form config
2024-01-22 11:12:18 +00:00
d6754b6cac
evince: sandbox with firejail
2024-01-22 10:20:29 +00:00
b03d7f7fb0
geary: test the firejail profile; it's not ready
2024-01-22 10:04:18 +00:00
008b186479
audacity: test the firejail profile; it's not ready
2024-01-22 10:04:03 +00:00
914f9b3703
vlc: sandbox with firejail
2024-01-22 09:47:24 +00:00
ed7ec4a371
conky: sandbox with firejail
2024-01-22 09:31:00 +00:00
2d338201a5
signal-desktop: sandbox with firejail
...
TODO: fix URL opening / xdg-open
2024-01-22 09:30:34 +00:00
a8aad1f98f
dino: sandbox with firejail
...
TODO: fix URL opening / xdg-open
2024-01-22 09:30:13 +00:00
2d06b93118
fractal: sandbox with firejail
...
TODO: seems this broke link opening? (xdg-open?)
2024-01-22 09:28:50 +00:00
60547204a8
sane.programs: firejail: support wrapping "runCommand" packages
2024-01-22 09:16:25 +00:00
3d763a0021
tor-browser-bundle-bin -> tor-browser
...
upstream nixpgs just has tor-browser-bundle-bin as an alias for tor-browser
2024-01-22 08:13:37 +00:00
ad474873e2
dovecot: fix unparseable config
...
upstream/nixpkgs is doing some shit, ugh
2024-01-22 08:09:37 +00:00
0f3f0933b1
mpv: sandbox with firejail
2024-01-22 03:50:28 +00:00
f8440e3811
go2tv: allow more ports through the firewall
2024-01-22 03:50:04 +00:00
9ecd0adcbe
firefox: sandbox with firejail
...
TODO: get it so open-in-mpv launches an mpv that has access to ~/.config/mpv
i guess this is the 'firejail url problem'
2024-01-21 23:59:15 +00:00
cf475c4696
nicotine-plus: remove distro-specific symlink
2024-01-21 03:56:33 +00:00
ce35330923
vpn.nix: factor into a proper module
...
this will allow for better integration with 'sane.programs'
2024-01-21 00:49:34 +00:00
59187a0ec0
programs: allow running binaries in a netns-style firejail
2024-01-20 11:11:12 +00:00
03fbf42680
servo: lemmy: pict-rs: fix broken CLI argument
2024-01-20 03:15:06 +00:00
7d670facd4
feeds: sort
2024-01-19 21:38:45 +00:00
61e5704fd6
feeds: unsub LW
...
too verbose, and too many of y'all turned into authoritarians
2024-01-19 21:38:14 +00:00
fd0723169f
nix-serve: fix coredump loop
2024-01-19 21:34:45 +00:00
a725d42bf5
ip_forward: consolidate the options to fix servo build
2024-01-19 21:34:18 +00:00
c03cea2d4e
net/vpn.nix: cleanup dead code
2024-01-19 09:58:13 +00:00
f43d6bff92
route VPN traffic such that i can configure any app to selectively use the VPN
...
e.g. firejail --net=br-ovpnd-us-mi --noprofile --dns=46.227.67.134 getent ahostsv4 uninsane.org
2024-01-19 09:54:01 +00:00
43a8ca90a7
feeds: add Cat and Girl
2024-01-16 19:12:25 +00:00
7d504892be
servo: dovecot: fix broken sieve
2024-01-16 06:28:25 +00:00
d7a2bf9d26
servo: remove networking.useDHCP=false override
...
seems likely that the change to systemd-networkd renamed the ethernet interface, and so eth0.useDHCP wasn't right. this change seems to restore networking
2024-01-16 06:09:19 +00:00
851c15aa6d
vpn: port ovpnd connections to use systemd-network
...
this should allow better integration with e.g. systemd-run, in future
2024-01-16 03:20:40 +00:00
c45898f903
WIP: wg-dev
2024-01-15 04:15:17 +00:00
0efec20904
hosts/common/net/vpn: remove unused "extraOptions" argument
2024-01-15 03:52:31 +00:00
5b9c58dbc6
hosts/common: use servo-style dns on all machines
...
it'll be handy as i want to place individual applications inside VPNs/namespaces
2024-01-15 01:16:22 +00:00
a7964c4f0c
hosts/common: net: split upnp config into own file
2024-01-15 01:12:09 +00:00
006a7e9f72
consolidate net-related stuff into hosts/common/net/ directory
2024-01-15 01:11:13 +00:00
3856710faf
net: annotate the UPNP rule
2024-01-15 01:08:10 +00:00
6cbc0bedf3
ddns-he (HurricaneElectric): remove
...
it's unused for a year
2024-01-15 00:55:10 +00:00
fbc0c7615a
ddns-afraid (afraid.org): remove
...
it's unused for a year
2024-01-15 00:54:41 +00:00
34bcdb5128
firefox: disable kinetic scrolling
2024-01-14 20:34:14 +00:00
a5c6e41622
feeds: subscribe to POD OF JAKE
2024-01-14 05:20:28 +00:00
02e03227d8
servo: try to integrate peerswap with clightning, but it fails
2024-01-14 04:33:12 +00:00
812a02bc6b
feeds: add The Dollop podcast
2024-01-14 00:49:29 +00:00
27898ecdc8
feeds: unsubscribe from Louis Rossman
...
his channel is kinda just the same idea played over and over
2024-01-14 00:36:52 +00:00
1c2324cca4
servo: clightning-sane: status command: show profits from fees
2024-01-13 16:43:49 +00:00
70f059eaac
feeds: subscribe to Jack Stauber
2024-01-13 16:43:41 +00:00
bac72be730
servo: clightning-sane: status command: show in/out payment sums
2024-01-13 15:53:48 +00:00
99858c1384
servo: clightning-sane: centralize metric reporting, fix so we blacklist our own channels less frequently
2024-01-13 04:47:20 +00:00
103a300e77
servo: clightning-sane: implement an autobalance subcommand
2024-01-13 03:04:24 +00:00
6b5cdd7508
servo: clightning-sane: log before we give up
2024-01-13 01:10:52 +00:00
2f1e354400
servo: clightning-sane: drop caches after so many failures
2024-01-12 23:54:06 +00:00
585a87130c
servo: clightning-sane: remove unused loop_once_with_retries method
2024-01-12 23:31:30 +00:00
0e68533776
servo: clightning-sane: introduce parallelism
2024-01-12 23:30:52 +00:00
882cc5bfd0
servo: clightning-sane: rename Balancer -> LoopRouter
2024-01-12 21:36:20 +00:00
91847a9a8e
servo: clightning-sane: factor "loop" action into own subroutine
2024-01-12 21:28:20 +00:00
5c649ff216
servo: clightning-sane: include peer_id in status --full
2024-01-12 20:56:00 +00:00
abdd224211
servo: clightning-sane: increase CLTV 9->18
2024-01-12 20:55:32 +00:00
0c72c59190
servo: clightning-sane: handle closed channels in status listing
2024-01-12 20:28:57 +00:00
432170a69e
servo: clightning-sane: rename ppm in/out to theirs/mine
2024-01-12 19:31:39 +00:00
805b37a9a5
servo: clightning-sane: add a --full option for more info
2024-01-12 19:24:50 +00:00
87a0bda011
servo: clightning-sane: perform rebalance operation in a loop
2024-01-12 19:17:07 +00:00
5d2c6e1978
servo: clightning-sane: mark channels which cant be rebalanced freely
2024-01-12 18:43:58 +00:00
abafbd811b
servo: clightning-sane: minor bugfixes
2024-01-12 18:30:49 +00:00
aca50d9946
servo: clightning-sane: add a "status" subcommand
2024-01-12 17:42:44 +00:00
bd4f4dab81
servo: clightning-sane: factor out a subcommands interface
2024-01-12 15:42:12 +00:00
aebd11ea82
alacritty: port config: yaml to toml
2024-01-12 03:24:55 +00:00
cec21375a5
servo: disable mautrix-signal
2024-01-12 03:24:55 +00:00
913403aac6
servo: clightning-sane: tidy
2024-01-12 01:25:56 +00:00
432a66bf5f
servo: clightning: initialize a script for rebalancing with peers
2024-01-11 23:11:33 +00:00
e2a43ddfa0
servo: clightning: allow group members to run lightning-cli
2024-01-11 15:59:32 +00:00
8644e6705a
servo: decrease ZFS cache size
2024-01-11 00:20:52 +00:00
3295ae3b74
servo: clightning: update config
2024-01-09 16:13:08 +00:00
e63438bedf
feeds: disable The Linux Experience
2024-01-09 00:45:18 +00:00
37583d8c9c
clightning: tune fees, logging
2024-01-06 18:08:51 +00:00
62b3863722
servo: clightning: enable experimental features
2024-01-06 09:13:17 +00:00
b11f03bd18
servo: clightning: docs
2024-01-05 22:09:32 +00:00
63620fa058
servo: clightning: node personalization and docs
2024-01-04 21:55:13 +00:00
4ce93f74c6
wob: add debug logging
2024-01-04 17:07:47 +00:00
09b806d7a7
go2tv: document youtube workarounds
2024-01-04 16:26:25 +00:00
2f31100c3f
servo: ship go2tv
2024-01-04 16:25:50 +00:00
ca3f97ec51
docs: go2tv: elaborate seeking limitations
2024-01-04 16:25:49 +00:00
7378d6c5b2
bitcoind: host behind tor
2024-01-04 16:25:49 +00:00
276de5d662
tor: fix /var/lib/tor directory permissions
2024-01-04 16:25:49 +00:00
6f449cf35f
clightning: document some places to find nodes for channels
2024-01-04 16:25:49 +00:00
daf046861c
wob: implement as part of sway instead of exclusive to sxmo
2024-01-04 13:08:20 +00:00
43498c62f9
clightning: integrate with tor
2024-01-03 18:29:16 +00:00
22f5853741
firefox: remove unused functions
2024-01-03 14:59:59 +00:00
fe217f6667
firefox: disable ctrl+shift+c shortcut more broadly
2024-01-03 14:59:27 +00:00
41ae86f40f
servo: enable clightning
2024-01-03 13:56:42 +00:00
6d52c8ecf8
servo: split tor/i2p into own files
2024-01-03 13:56:14 +00:00
75b649543a
firefox: enable ctrl-shift-c-should-copy extension
2024-01-03 13:42:58 +00:00
041855dbc7
zsh: fix broken <del> and <ctrl>+<arrow> keybindings
2024-01-03 13:07:29 +00:00
3e52956a3a
servo: clightning: integrate, but do not enable
2024-01-02 18:32:34 +00:00
d8f4158bc6
servo: consolidate blockchains under cryptocurrencies directory
2024-01-02 18:16:58 +00:00
36638e80a3
bitcoin: add myself as an authenticated rpcuser
2024-01-02 18:11:46 +00:00
6471524f4a
programs: zecwallet-lite: move to own file
2024-01-01 15:17:51 +00:00
3efecb9560
sxmo_hook_block_suspend: re-introduce exponential backoff
2024-01-01 13:03:26 +00:00
8d0707699c
mpv/vlc: associate with flv video type
2024-01-01 11:48:18 +00:00
318774a2a0
sxmo_suspend: fix that "sxmo_jobs periodic_blink" would hang post-wakeup
2024-01-01 11:48:03 +00:00
b14e997a43
sxmo: remove sxmo_hook_screenoff.sh override
...
generally, i can get away with the defaults and patch my alternative into sxmo_suspend.sh more reliably/simply
2024-01-01 10:33:24 +00:00
b949438be5
sxmo_suspend.sh: stop, and resume, the sxmo LED blinking
...
then later i can remove the custom screenoff hook
2024-01-01 10:01:48 +00:00
6ee9e8e405
sxmo_hook_screenoff: decrease the blink frequency even more
...
if i was smarter i'd just disable the periodic blinking right before entering sleep
2024-01-01 07:24:08 +00:00
09ee8e6efc
sxmo_hook_block_suspend: forward only to the next script, not all next scripts
2024-01-01 07:01:09 +00:00
49527edaa9
sxmo_suspend.sh: fix rtcwake to use sudo
2024-01-01 06:38:43 +00:00
92d193ffe3
sxmo_hook_block_suspend: fix recursion counter
2024-01-01 06:19:30 +00:00
6fe195e2dd
sxmo: block suspend if go2tv is active
2024-01-01 04:56:39 +00:00
6d8b6c61a2
feeds: sort
2024-01-01 03:56:25 +00:00
822653ec10
feeds: vitalik.ca -> vitalik.eth.limo
2024-01-01 03:48:06 +00:00
68502ca944
feeds: add webcurious.co.uk link aggregator
2024-01-01 03:46:52 +00:00
103d11a87c
net: fix broken firewall/ipset setup
2023-12-31 14:25:36 +00:00
a4fe002607
sway: always render KOReader titlebar
2023-12-30 11:57:33 +00:00
f9361af41c
go2tv: remove firewall fix and allow SSDP at the iptables layer
2023-12-30 06:16:17 +00:00
4ad209020a
disable chatty (doesnt cross compile)
2023-12-30 05:34:02 +00:00
b0ddb1b31c
conky: use the same percent symbol even in battery_estimate
2023-12-28 17:43:34 +00:00
70ee98736a
conky/battery_estimate: handle the static state better
2023-12-28 17:35:33 +00:00
5de06cef35
conky: fix text substitutions
2023-12-28 17:07:29 +00:00
4f3706622c
conky/battery_estimate: render stylized
2023-12-28 03:05:27 +00:00
104e76de47
conky/battery_estimate: render h/m indicators as superscript
2023-12-28 01:53:43 +00:00
1df99978bb
conky/battery_estimte: select icon based on battery percentage
2023-12-28 01:11:51 +00:00
3846322f12
conky/battery_estimate: support new-style Thinkpad batteries
2023-12-28 00:41:23 +00:00
623b2c6611
conky/battery_estimate: add debugging
2023-12-28 00:35:48 +00:00
cb4d73f959
nixpkgs: 2023-12-23 -> 2023-12-26
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/2125288b9266cde9e3333a6787525bc151918742' (2023-12-23)
→ 'github:nixos/nixpkgs/0db7618e46243d3710ff2b8040aca5f6e0102900' (2023-12-26)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/d8aba6fe4067abdd8b1a7f398f2b90f21c608530' (2023-12-23)
→ 'github:nixos/nixpkgs/d956588517edbcde71781bd8ac3a9947a9fc55a6' (2023-12-26)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/f7db64b88dabc95e4f7bee20455f418e7ab805d4' (2023-12-18)
→ 'github:Mic92/sops-nix/e523e89763ff45f0a6cf15bcb1092636b1da9ed3' (2023-12-24)
• Updated input 'sops-nix/nixpkgs-stable':
'github:NixOS/nixpkgs/a19a71d1ee93226fd71984359552affbc1cd3dc3' (2023-12-17)
→ 'github:NixOS/nixpkgs/7790e078f8979a9fcd543f9a47427eeaba38f268' (2023-12-23)
```
2023-12-27 00:34:48 +00:00
58febf51bd
remove most useDHCP=false settings
...
networking.useDHCP was deprecated, and then later undeprecated: it's safe to keep it defaulted
2023-12-24 02:17:06 +00:00
237c493252
slskd: fix Restart option
2023-12-23 10:23:17 +00:00
18e7acd9e7
slskd: restart even on non-failure exit
2023-12-23 05:39:22 +00:00
9e24fba5ee
document that loupe is an image viewer
2023-12-21 22:58:23 +00:00
12edd60969
nixpkgs: bump 2023-12-21
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/459873d8d6492b492ca7f9b03d5a50117099abfa' (2023-12-21)
→ 'github:nixos/nixpkgs/63fbe1a992e6030fbf444ac9d6b629ec76ab86ad' (2023-12-21)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/38bbf09b10659db891af01288bd99a5e8e8d7861' (2023-12-21)
→ 'github:nixos/nixpkgs/490828bce1b0cdfe328adc7f6280a519d7e68ed4' (2023-12-21)
```
2023-12-21 20:03:06 +00:00
dbb6773634
audacity: disable first-run splashscreen
2023-12-21 04:08:05 +00:00
245a0544bc
audacity: ship w/o the webkitgtk dependency
2023-12-21 03:10:38 +00:00
b6a45656af
gui: add planify app
2023-12-19 22:31:14 +00:00
f618925190
gui: ship openscad
2023-12-19 08:04:20 +00:00
68ae723543
nixos-prebuild: disable
2023-12-19 01:58:59 +00:00
e4123759f5
nginx: only auto-index /share
2023-12-19 00:12:27 +00:00
5e727a83b3
slskd: disable debug logging
2023-12-18 18:09:58 +00:00
8d49c423ca
transmission: disable debug logging
2023-12-18 17:58:04 +00:00
efb2815fa5
uninsane.org: simplify the /share routing (and generalize it to other subdirectories)
2023-12-18 06:03:49 +00:00
1063a89541
powerbutton/lid-switch: tune the desired actions
2023-12-17 21:08:16 +00:00
fd0f709d50
git: remove a/ b/ prefixes from diffs
2023-12-17 20:48:31 +00:00
5edd10c332
move kiwix data to /var/lib/kiwix and persist
2023-12-16 03:05:15 +00:00
5c36ee79be
kiwix: wikipedia snapshot: 2022-05 -> 2023-11
2023-12-16 01:54:34 +00:00
b2bf9d63a3
mpv: don't assume xdg-terminal-exec is on PATH
2023-12-16 00:43:43 +00:00
bcac00d766
mpv: uosc: add a "cast" option to the menu
2023-12-16 00:39:36 +00:00
c256d7ded5
koreader: implement copy-to-clipboard
2023-12-15 20:53:04 +00:00
7ba39ea831
koreader: document how to configure
2023-12-15 20:05:06 +00:00
28f90e4421
sxmo: lengthen voldown hold time before revealing terminal
2023-12-15 19:12:26 +00:00
728604e036
gui hosts: ship delfin
2023-12-15 08:44:32 +00:00
a933f8b512
delfin: persist server settings
2023-12-15 08:17:07 +00:00
ef8a8bc246
go2tv: document known-good format matrix
2023-12-15 03:22:03 +00:00
136ddda055
nautilus: enable the A/V pane
2023-12-15 02:57:25 +00:00
5fbf2166f1
moby: enable go2tv/catt
2023-12-15 02:33:18 +00:00
ba7bc3bd03
go2tv: docs: show that some mp4s work w/o transcoding
2023-12-15 02:32:44 +00:00
311412c5ee
go2tv: configure firewall as needed
2023-12-15 00:50:58 +00:00
d18e94ea87
feeds: subscribe to linmob.net
2023-12-14 22:20:30 +00:00
6a548366cd
sway: enable gvfs to support remote filesystems
2023-12-14 21:59:42 +00:00
54d2e875f6
koreader: disable image-based feeds; text only
2023-12-14 20:51:09 +00:00
c5cc0e90a3
wob: theme
2023-12-14 20:49:48 +00:00
50ce8da68c
sxmo: remove sxmo-set-permissions job. upstream refactored it to not exist and they use doas now instead
2023-12-14 19:17:38 +00:00
3449bfc2a9
sxmo: bonsai: tune timings: powerhold: 1000ms -> 900ms; volhold: 400ms -> 600ms
...
this should improve: (1) awkwardly long power hold until window is killed, (2) accidentally seeking the media player when i meant to only adjust volume
2023-12-14 19:12:08 +00:00
f763448d6f
go2tv: docs: firewall
2023-12-14 10:56:07 +00:00
deb828e98a
programs: enable go2tv
2023-12-14 10:39:33 +00:00
cbca41accf
permit moby to ssh into my devices
2023-12-14 10:35:36 +00:00
ac22e07388
sxmo: bring wob service in-house
2023-12-14 10:33:33 +00:00
cb0d9e077b
programs: enable catt
2023-12-14 08:41:16 +00:00
58105e9b62
fix open-in-mpv extension
2023-12-14 07:26:50 +00:00
32fb79d43d
dino: auto-start
2023-12-14 01:57:32 +00:00
f129afdae8
flare-signal: document linking/registration issue
2023-12-14 01:56:54 +00:00
29cde5e724
firefox: support Element and Nheko URIs
2023-12-13 23:14:04 +00:00
3467a5df48
feeds: subscribe Origin Stories
2023-12-13 22:31:58 +00:00
694dd59e27
feeds: subscribe bitsaboutmoney
2023-12-13 22:29:22 +00:00
540b3e4af2
firefox: auto-dispatch mpv:// URI handlers
2023-12-13 21:41:06 +00:00
e0211646b2
firefox: extraNativeMessagingHosts -> nativeMessagingHosts
2023-12-13 21:34:59 +00:00
94dcb0f08a
firefox: ship open-in-mpv extension
2023-12-13 21:34:34 +00:00
0b38ed2f2a
firefox: docs: clarify fxCast behavior
2023-12-13 20:58:45 +00:00
15622251ef
firefox: define the fx_cast addon
2023-12-13 20:51:57 +00:00
4eb79a4a5c
gui: ship pwvucontrol
2023-12-13 20:43:16 +00:00
bb1ceaed12
gui: disable newsflash
...
it doesn't cross compile. also, gnome-feeds would be a better implementation if i can get the package updated
2023-12-13 16:27:18 +00:00
508257da87
newsflash: enable podcasts/videos; document
2023-12-13 03:45:07 +00:00
fadcf7d7c1
mpv: youtube: associate with another URL variant
2023-12-13 03:44:57 +00:00
7f43360120
newsflash: enable
2023-12-13 03:06:08 +00:00
f9a8389f58
gui: switch from gthumb to loupe for image viewing
2023-12-13 02:29:43 +00:00
1119726c64
docs: koreader: dictionary installation
2023-12-12 20:56:46 +00:00
85d9c11733
sxmo: add an option to disable wob
2023-12-12 19:00:43 +00:00
6d41f1f1db
sxmo: re-enable audio
...
SXMO_NO_AUDIO disables too much. i just want to not launch the daemons, and customizing sxmo_hook_start is enough for that
2023-12-12 18:59:31 +00:00
83d402eb77
nixos-prebuild: fix typo
2023-12-12 18:39:46 +00:00
089f676c4a
gui: switch back to gthumb; loupe does not cross compile yet
2023-12-12 08:44:08 +00:00
d2012b4e40
notejot: fix store typo
2023-12-12 07:55:18 +00:00
a319017567
gui: switch from gthumb to loupe
2023-12-12 07:38:13 +00:00
a669c9c88b
gui: add Loupe image viewer specialization
2023-12-12 07:36:21 +00:00
8391e500c9
gui: handheld: ship notejot
2023-12-12 07:31:00 +00:00
5f27c8fddf
servo: nixos-prebuild: cleanup garbage better
2023-12-12 06:47:47 +00:00
a4ae41e627
servo: nixos-prebuild: dont ship jobs to other builders
2023-12-12 06:44:08 +00:00
4f45adb063
gui: disable slic3r
2023-12-12 02:16:06 +00:00
e6b16624c3
ntfy-waiter: fix port typo in service description
2023-12-12 02:15:01 +00:00
e87d2f545c
sftpgo: fix systemd after/wants typo
2023-12-12 02:14:45 +00:00
e4f1cfb53f
servo: deploy a service which periodically rebuilds my nix config to populate the cache
2023-12-12 02:13:59 +00:00
688b4edf13
mpv: handle shorthand youtu.be URLs too
2023-12-11 16:19:51 +00:00
4c5fb74c7d
feeds: subscribe to kosmosghost
2023-12-11 04:55:47 +00:00
ad82bb2630
mimeo: fix infinite loop when dispatching non-specialized http/s URLs
2023-12-11 04:52:49 +00:00
008a6192d4
mpv: associate with https://youtube.com/ ...
2023-12-11 04:52:49 +00:00
f044fcb584
gnome-frog: fix cross compilation
2023-12-11 03:27:46 +00:00
9e2c0a7112
megapixels: simplify zbar fix
2023-12-11 03:27:29 +00:00
abbd28a634
git: add an "amend" alias
2023-12-10 17:01:58 +00:00
a7d3ac95aa
nginx: uninsane.org: redirect common feed URIs to the canonical feed
2023-12-10 16:31:30 +00:00
255da2b976
docs: gtkcord4: explain how to disable notif sounds
2023-12-10 16:26:26 +00:00
8cdb4aa53d
docs: feedbackd: show how to trigger a sound
2023-12-10 16:25:13 +00:00
4d5b462b2c
swaync: add rules to help with debugging
2023-12-10 16:18:55 +00:00
e0d9a59d10
nixpkgs: 2023-12-09 -> 2023-12-10
...
```
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/61b691834e5ce9590c44690e73392ee7e001d45a' (2023-12-09)
→ 'github:nixos/nixpkgs/852e0ea0e8e1bd174bf1af9706f6b855319a5f1d' (2023-12-10)
```
2023-12-10 02:13:59 +00:00
cec4b4b78e
sway: fix app_id for gtkcord4
2023-12-09 16:48:17 +00:00
7ce3cb79c9
switch from abaddon -> gtkcord4 as default discord client
2023-12-09 16:45:40 +00:00
4c553b1525
gtkcord4: fix to Default_keyring instead of login.keyring
2023-12-09 16:42:27 +00:00
84ec809fb5
gui: ship gnome.seahorse
2023-12-09 15:02:00 +00:00
01de6f84cf
feeds: subscribe to Louis Rossmann
2023-12-09 08:14:16 +00:00
1db9d4d10b
roles/build-machine: re-enable big-parallel
2023-12-08 20:20:55 +00:00
0db1e3728a
sway: dont ship custom gtk icons
...
the GNOME 45 update makes it so default adwaita icons are reliable on moby
2023-12-07 17:56:56 +00:00
366a9cea0d
fractal: ship optimized build
2023-12-07 16:39:36 +00:00
1a6ce11b07
disable binfmt emulation on my build machines
2023-12-07 13:49:07 +00:00
21be1b392e
servo: switch external storage to zfs pool
2023-12-07 08:57:26 +00:00
f5f6298284
re-enable flare-signal
2023-12-06 19:27:47 +00:00
801da9d321
cross: add a cantBinfmt
option to force a package to be built on a non-binfmt machine
2023-12-06 19:20:39 +00:00
ac3b0b873b
transmission: increase speed limits
2023-12-06 18:03:08 +00:00
9beee146f2
feeds: sort Youtube feeds
2023-12-06 16:49:40 +00:00
2d06401f3c
feeds: subscribe to Tom Scott
2023-12-06 16:19:37 +00:00
2db56f2499
feeds: subscribe to TheB1M
2023-12-06 16:18:03 +00:00
63ea6d7002
feeds: subscribe to Exurb1a
2023-12-06 16:16:29 +00:00
ad3f5e305e
feeds: subscribe to Vox
...
don't @ me
2023-12-06 16:13:08 +00:00
aa5b9e3db3
user services: wrap with user PATH
...
notably, this alllows Fractal to open links with the preferred browser
2023-12-06 16:09:07 +00:00
46123719e9
feeds: subscribe to Vihart
2023-12-06 16:09:07 +00:00
16bce990c6
feeds: subscribe to PolyMatter
2023-12-06 16:09:07 +00:00
d55e387187
feeds: subscribe to Vsauce
2023-12-06 16:09:06 +00:00
e75c3375dc
feeds: subscribe to Channel5 News
2023-12-06 16:08:50 +00:00
b1c7cb367a
feeds: subcsribe to hbomberguy
2023-12-06 15:47:39 +00:00
d63d660ec2
feeds: subscribe to ContraPoints
2023-12-06 15:45:43 +00:00
f24a0a84b5
gpodder: ship on all systems
...
it's more useful on desko/lappy now that i can ship Youtube feeds.
2023-12-06 15:36:41 +00:00
9704dcc997
feeds: add support for video; subscribe to videos in gpodder
2023-12-06 15:36:05 +00:00
80875d6312
feeds: subscribe to Technology Connections
2023-12-06 15:35:38 +00:00
afb4a88830
moby: enable dialect
2023-12-06 14:00:34 +00:00
7ff259073e
swaync: decrease mpris icon size 64 -> 48px
2023-12-05 17:01:57 +00:00
2bf10c60ee
swaynotificationcenter: fix mpris icon height even when it fails to load an icon
2023-12-05 16:57:24 +00:00
72f4b43b54
sxmo: better input mappings
2023-12-05 15:12:08 +00:00
e1ced7a7fe
sxmo_hook_inputhandler.sh: remove unused VOL_INCR_2 variable
2023-12-05 10:08:16 +00:00
f41b1cf3b5
sxmo: enable powertoggle -> volup/down for seeking even when screen is on
...
it's not currently mapped to anything else, so...
2023-12-05 10:04:01 +00:00
70693c2052
sxmo: simplify shortcuts
...
remove power -> volup DE menu map -- it's accessible via sysmenu now
replace power -> voldown terminal map with just voldown hold
2023-12-05 10:02:19 +00:00
f61d7d0f7d
sxmo: decrease power-button timeout
2023-12-05 08:54:18 +00:00
3d7ea75bfc
sxmo: simplify XDG_SESSION_TYPE fix
2023-12-05 08:50:19 +00:00
f350d7949c
sxmo: fix missing XDG_SESSION_TYPE env var
2023-12-05 08:06:14 +00:00
4cc5eed884
feeds: subscribe to srslywrong.com
2023-12-05 04:25:25 +00:00
cff4fdc5f5
feeds: unsubscribe from Daniel Huberman
2023-12-04 12:36:10 +00:00
b061aff76e
IOCTL_... errrors: track mesa 23.3.1 PR which SHOULD fix them?
2023-12-04 11:07:59 +00:00
aa46c4cb8f
chatty: remove redundant evolution-data-server override: its done in overlays/preferences.nix
2023-12-04 02:09:52 +00:00
b50d723158
servo: nginx: remove "root" in uninsane share path
2023-12-03 15:53:29 +00:00
14739af1b9
servo: nginx: dont follow symlinks in the /share directory
2023-12-03 15:51:01 +00:00
747511c6a8
waybar: link to a better playerctl integration
2023-12-03 15:19:55 +00:00
9e51d7f150
sane-wipe-*: consolidate into one sane-wipe binary
2023-12-03 14:25:35 +00:00
0c0e7881b1
signal-desktop: document a known bug
2023-12-03 13:58:30 +00:00
2f23d916f5
sxmo: disable xwayland
2023-12-03 13:03:57 +00:00
d413f4a782
gtkcord4: partially re-enable
2023-12-03 13:01:52 +00:00
c2080cfe1e
sway: position Signal on the correct desktop even when run without Xwayland
2023-12-03 13:00:29 +00:00
c687d059c5
signal-desktop: support wayland even when running as a service
2023-12-03 13:00:29 +00:00
0ba012fd7c
guis: ship vulkan-tools
2023-12-03 13:00:29 +00:00
b43a693a1e
nginx: render directory listings for uninsane.org/share
2023-12-03 09:00:45 +00:00
6f4072efdd
servo: enable bitcoind
2023-12-03 08:49:24 +00:00
8772aaec65
zfs: dont ship on moby
2023-12-03 00:58:49 +00:00
a9f932408c
servo: add zfs dataset
2023-12-02 17:38:00 +00:00
416c2f2f39
feeds: remove Hard Fork
2023-12-01 15:35:15 +00:00
589f86010f
fix that servo had too low of a inotify watch limit for wan.txt path unit to work
2023-12-01 13:18:05 +00:00
76a7c19996
waybar-sxmo-status: fix volume
2023-12-01 12:51:55 +00:00