|
|
db7767c679
|
assorted: remove some no-longer-needed sandbox.wrapperType = "inplace" declarations
|
2024-08-15 10:32:22 +00:00 |
|
|
|
74acfeadd5
|
programs/assorted: clarify sandbox.enable = false situation
|
2024-08-12 10:27:41 +00:00 |
|
|
|
e7d5a61014
|
libcap: split into separate capsh and captree programs, and sandbox the latter
|
2024-08-12 10:13:50 +00:00 |
|
|
|
fc826a3503
|
libcap: patch in captree locally rather than via a nixpkgs patch that would force mass rebuilds
|
2024-08-12 09:39:43 +00:00 |
|
|
|
f0b0d15ad7
|
evtest: ship
|
2024-08-11 06:26:58 +00:00 |
|
|
|
cbe71868ef
|
newsflash: deploy
|
2024-08-09 10:25:53 +00:00 |
|
|
|
c695f7a979
|
foliate: ship
|
2024-08-08 21:08:51 +00:00 |
|
|
|
4525df58e0
|
rsyslog: disable
|
2024-08-08 07:40:59 +00:00 |
|
|
|
6dad290cd5
|
duplicity: purge
|
2024-08-07 01:33:31 +00:00 |
|
|
|
d45ea622d1
|
servo: disable email-based registration gating
|
2024-08-06 21:39:32 +00:00 |
|
|
|
c706a19836
|
landlock-sandboxer: rename the binary, so that it can be included on PATH without collisions
|
2024-08-05 22:59:14 +00:00 |
|
|
|
e25dd98f6c
|
spot/spotify: disable
i don't use spotify atm
|
2024-08-05 00:47:59 +00:00 |
|
|
|
0906d76f83
|
libcap_ng: ship
|
2024-08-03 23:27:53 +00:00 |
|
|
|
2b3278eb7f
|
/mnt/$host/home: layer bwrap sandboxing after the drop-privileges passoff
|
2024-08-03 17:11:11 +00:00 |
|
|
|
949a52dee1
|
activationScripts.notifyActive: be quiet about sane-deadlines/sane-sysload
|
2024-08-02 01:11:19 +00:00 |
|
|
|
6aa6c0020c
|
lightning-cli: fix sandboxing
|
2024-08-01 19:59:23 +00:00 |
|
|
|
4ddd4191bc
|
nixpkgs: 2024-07-28 -> 2024-07-29
|
2024-07-30 15:50:04 +00:00 |
|
|
|
6a9fd04437
|
bitcoin-cli: split into own file, and fix broken path to config file when running as user
|
2024-07-29 03:42:52 +00:00 |
|
|
|
666744bda3
|
bitcoin-cli,lightning-cli: ship as own package instead of shipping the whole daemon
|
2024-07-29 03:42:52 +00:00 |
|
|
|
ba09fbeec9
|
bitcoind: fix sandboxing
|
2024-07-29 03:42:52 +00:00 |
|
|
|
0bfaead177
|
sane-deadlines: only show on physical login, not ssh
|
2024-07-29 03:42:52 +00:00 |
|
|
|
1b93dbe12c
|
sane-sysload: show on remote login
|
2024-07-29 03:42:52 +00:00 |
|
|
|
3a6a5ffe01
|
rsyslog: persist logs
|
2024-07-28 01:54:14 +00:00 |
|
|
|
19fd45211f
|
sane-secrets-unlock: remove from ~/.profile and make it an s6 service
more reliable, in practice
|
2024-07-26 22:18:32 +00:00 |
|
|
|
874b7aecfa
|
persist: rename "cryptClearOnBoot" to "ephemeral"
|
2024-07-25 12:11:46 +00:00 |
|
|
|
b21002207a
|
programs: ship exiftool
|
2024-07-23 17:19:50 +00:00 |
|
|
|
3c8b3f2d04
|
programs: add "nix"
this allows me to get it to shup up about so-called 'non-free' packages
|
2024-07-22 10:46:31 +00:00 |
|
|
|
72a78c5f3e
|
nicotine-plus: re-enable
|
2024-07-19 12:44:09 +00:00 |
|
|
|
c0c2aa00f3
|
lgtrombetta-compass: ship
|
2024-07-18 16:40:17 +00:00 |
|
|
|
326e71f7b1
|
sanebox: landlock: restrict net access where applicable
|
2024-07-18 11:54:10 +00:00 |
|
|
|
532d3c13f6
|
eza: sandbox with landlock instead of bwrap
|
2024-07-18 11:43:58 +00:00 |
|
|
|
9f26ad40f9
|
mimetype: sandbox (and remove unneeded mimeopen)
|
2024-07-18 11:43:45 +00:00 |
|
|
|
c72e66a901
|
curl: sandbox
|
2024-07-16 07:23:32 +00:00 |
|
|
|
e868e28ed9
|
sc-im: ship
|
2024-07-14 03:45:18 +00:00 |
|
|
|
a8bcfaed53
|
youtube-tui: ship
|
2024-07-14 02:39:38 +00:00 |
|
|
|
56032bc040
|
python-repl: include pykakasi, unidecode
|
2024-07-10 04:42:11 +00:00 |
|
|
|
46bf7c5ac9
|
nixpkgs: 2024-07-06 -> 2024-07-07
|
2024-07-08 05:38:44 +00:00 |
|
|
|
49c3bf0f34
|
zfs: split into zfs-tools program
this lets me sandbox it without building an entire extra copy of zfs
|
2024-07-07 02:54:33 +00:00 |
|
|
|
065aba0996
|
zfs: fix sandboxed build
|
2024-07-07 02:39:49 +00:00 |
|
|
|
9f642980fd
|
zfs: sandbox
|
2024-07-07 02:31:33 +00:00 |
|
|
|
1ad933ad9c
|
bitcoind: sandbox
|
2024-07-07 02:21:14 +00:00 |
|
|
|
3487303216
|
clightning: sandbox
|
2024-07-07 01:18:55 +00:00 |
|
|
|
b74e797b13
|
clightning-sane: sandbox
|
2024-07-07 01:15:04 +00:00 |
|
|
|
64610a5806
|
clightning-sane: define as sane.programs
|
2024-07-07 00:57:51 +00:00 |
|
|
|
46806e36f0
|
stop shipping some unused programs
|
2024-07-06 03:02:17 +00:00 |
|
|
|
8f46bd5497
|
hping: sandbox
|
2024-07-05 23:13:40 +00:00 |
|
|
|
2c3239da8b
|
mesa-demos (glxgears): sandbox
|
2024-07-05 23:12:46 +00:00 |
|
|
|
5ebaaf46a2
|
hping: ship
it's a handy net debugging tool
|
2024-07-05 00:51:06 +00:00 |
|
|
|
110c440697
|
programs: soundconverter: fix sandboxing
|
2024-07-04 10:33:51 +00:00 |
|
|
|
a234e57d89
|
nixpkgs: 2024-07-01 -> 2024-07-02
|
2024-07-03 09:08:53 +00:00 |
|
