15a7793f0d
bonsai: 1.0.2 -> 1.1.0
2024-02-25 01:59:01 +00:00
f714bd8281
programs: jq: sandbox
2024-02-25 01:59:01 +00:00
73b2594d9b
programs: sandboxing: distinguish between "existingFileOrParent" and "existingOrParent"
2024-02-25 01:59:01 +00:00
a55dc5332d
modules/programs: sane-sandboxed: introduce "existingOrParent" autodetect-cli option
...
some programs will want this, to create directories by name; e.g. archive managers
2024-02-25 01:48:10 +00:00
86108518da
modules/programs: sane-sandboxed: add a new "existingFile" option for the cli autodetect
2024-02-25 01:43:39 +00:00
0f1ad0f3c9
fs: auto-mount /mnt/<host>/home and enable "follow_symlinks" option
2024-02-24 16:04:04 +00:00
bcd7a6f646
nixpkgs: 2024-02-22 -> 2024-02-24
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/024149d718e25378f4decfeeb614b88208c2f700' (2024-02-22)
→ 'github:nixos/nixpkgs/a3e2b0de906a8fe0143c2783199abdc132dee56a' (2024-02-24)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/a7fa133a1e973c127e9c83e2c8e3407ae3797099' (2024-02-22)
→ 'github:nixos/nixpkgs/b66514c14e85cd7d853d6dbbf1a421ba232eff10' (2024-02-24)
```
2024-02-24 12:21:27 +00:00
92c2eb8383
nixpatches: update the icu cross fix
2024-02-24 12:14:29 +00:00
879d01ac2e
modules/ssh: note that theres a better store to place the ssh host_keys in
2024-02-24 12:14:14 +00:00
0448df51e3
modules/programs: sane-sandboxed: add a --sane-sandbox-dry-run flag
2024-02-24 12:00:58 +00:00
8e3eed7d51
modules/programs: sane-sandboxed: factor out the actual execution of the sandbox/program into the toplevel
...
this will make it easier to intercept
2024-02-24 11:57:42 +00:00
88a70b41f1
modules/programs: handle more symlink forms when calculating a program's sandbox closure
2024-02-24 11:47:39 +00:00
6f59254a22
modules/programs: fix symlink following
2024-02-24 05:36:44 +00:00
4023960dc0
README: MANUAL MIGRATION: move "plaintext" store to /nix/persist/plaintext
...
to migrate the data:
```sh
$ sudo mkdir /nix/persist/plaintext
$ sudo mv /nix/persist/{etc,home,var} /nix/persist/plaintext
$ sudo ln -s plaintext/etc /nix/persist/etc #< temporarily; if deploying over ssh
$ switch
$ reboot
$ sudo rm /nix/persist/etc #< if you did the symlink earlier
```
2024-02-23 18:02:17 +00:00
fff9f9d49a
README: MANUAL MIGRATION: move "private" store to /nix/persist/private
...
to migrate the data, first unmount `~/private` (`sane-private-lock`), then:
```sh
$ sudo mv /nix/persist/home/colin/private /nix/persist
$ switch
$ reboot
```
2024-02-23 16:01:09 +00:00
eecb98e2ee
programs: bonsai: fix eval error
2024-02-23 16:00:32 +00:00
5838603953
programs: sane-private-unlock: unbreak
...
it still doesn't work inside a sandbox, because 'mount' requires suid
2024-02-23 15:59:56 +00:00
c6ebcfe66e
servo: port legacy /var/lib users over to "method = bind" persistence
...
i may wittle these down in the future
2024-02-23 15:49:54 +00:00
d7402ae170
persist: stores: make naming more consistent
2024-02-23 14:57:20 +00:00
bd7ca20361
desko: fs: remove dead code
2024-02-23 14:45:57 +00:00
f5ef1e96ca
lappy: fs: remove dead code
2024-02-23 14:44:49 +00:00
6267e7f966
tidy up small persist/private nitpicks
2024-02-23 14:44:38 +00:00
120a41b169
persistence: split /var/log persistence into dedicated "initrd" store
2024-02-23 14:42:47 +00:00
aa0991bd6c
persistence: cleanup so it all works well with symlink-based stores
2024-02-23 13:09:44 +00:00
af2f97d61e
fs: ensure-file: don't error if the file already exists
2024-02-23 11:29:14 +00:00
5b8f13d9cc
fs: notice when a fs entry is set to two incompatible types (e.g. symlink + dir) and error
2024-02-23 11:24:32 +00:00
62b39bf01e
firefox: integrate the "persist" config into "sane.programs"
2024-02-23 11:23:41 +00:00
0d8307e877
programs: gnome-keyring: sandbox
...
and now secrets are readable again. they were broken for the last ~10 commits :)
2024-02-23 09:49:35 +00:00
9b1a2ae9bb
programs: mpv: remove useless "extraRuntimePaths = []" override
2024-02-23 09:32:19 +00:00
b8b805765b
programs: gnome-keyring-daemon: remove the SUID wrapper
...
it's not actually mandated. just, when enabled, gkd will `mlock` its
secrets into memory. but i don't use swap anyway. plus, i'll enable that
momentarily anyway (though systemd will probably not understand the
capablity)
2024-02-23 09:28:41 +00:00
84eae20765
gnome-keyring: don't integrate with PAM
...
PAM integration is only required if the keyring is encrypted on-disk
2024-02-23 09:15:30 +00:00
4a10c5f729
gnome-keyring: start as systemd service explicitly, not as implicit dbus service
2024-02-23 09:09:54 +00:00
c2696c1cd9
gnome-keyring: use sane.fs abstractions to write out the keyrings
2024-02-23 08:57:41 +00:00
c23e4dc9c7
servo: note why i use file.text instead of symlink.text here
2024-02-23 08:14:27 +00:00
ea6f45555c
gnome-keyring: simplify the scripts (untested)
2024-02-23 08:14:09 +00:00
687db545b4
gnome-keyring: move persistence and init script to sane.programs
2024-02-23 07:22:07 +00:00
24d1d13d0a
programs: simplify sandboxing of file browsers/etc now that private data lives on a different mount
2024-02-23 07:06:29 +00:00
2ada436634
home: remove ~/private symlink; move to .persist/private and add related aliases
2024-02-23 07:06:29 +00:00
e5ad0862fb
refactor: move ~/ fs definitions into hosts/common/home, not users/
2024-02-23 07:06:29 +00:00
057b9e3fed
replace links/references to ~/private/FOO with just ~/FOO
2024-02-23 07:06:29 +00:00
1bcfccf7e3
refactor: persist ~/knowledge formally instead of relying on the symlink
2024-02-23 07:06:29 +00:00
170eeeacc4
programs: dereference not just the leaf, but any part of the path, when determining a program's sandbox closure
2024-02-23 07:06:29 +00:00
a402822084
move "private" store to /mnt/persist/private instead of ~/private
...
this will allow me to add all of ~ to a sandbox without giving all of ~/private
2024-02-23 07:06:29 +00:00
80ecdcc4f9
persist: plaintext: consider "/mnt/persist/plaintext" as the logical root, and abstract away "/nix/persist"
2024-02-23 07:06:29 +00:00
0864790bb7
docs: modules/persist: document the "origin" store parameter
2024-02-23 07:06:29 +00:00
478747a96e
modules/persist: change default mounting method to symlink
...
this changes the plaintext and cryptClearOnBoot stores: private was already symlink-based.
this isn't strictly necessary: the rationale is:
1. `mount` syscall *requires* CAP_SYS_ADMIN (i.e. superuser/suid).
that's causing problems with sandboxing, particularly ~/private.
that doesn't affect other stores *yet*, but it may in the future.
2. visibility. i.e. it makes *clear* where anything is persisted.
if `realpath` doesn't evaluate to `/nix/persist`, then it's not
persisted.
2024-02-23 07:06:29 +00:00
771dc2e1ce
fs: allow common /mnt points to be mounted by me without sudo
2024-02-23 07:06:29 +00:00
4a316d4b91
bonsai: lift out of sxmo
2024-02-23 07:06:29 +00:00
0ff8154e96
icu: fix cross compilation
2024-02-23 07:04:39 +00:00
af03b3f6e8
xwayland: sandbox
2024-02-23 01:05:24 +00:00