|
|
864e75afce
|
sanebox: purge
|
2024-10-29 05:59:01 +00:00 |
|
|
|
30cd1c06ba
|
findutils: remove sandboxing, it doesnt make sense
|
2024-10-17 21:46:36 +00:00 |
|
|
|
ef4bda2b41
|
sane-wipe: fix sandboxing
|
2024-10-05 08:43:04 +00:00 |
|
|
|
ec11d681ee
|
sane-private-unlock: init
this presents a simpler unlock mechanism than my previous unl0kr script
|
2024-10-05 06:55:26 +00:00 |
|
|
|
9d1bb05e49
|
refactor: remove unused sane-private-* scripts or move them into scripts/
|
2024-10-05 06:03:14 +00:00 |
|
|
|
0744237c13
|
programs: fix most service invokers (sway, nwg-panel, etc) to use systemd
|
2024-10-03 03:20:05 +00:00 |
|
|
|
31615340a7
|
programs/assorted: remove explicit (and extraneous) sandbox.method = "bunpen" declarations
|
2024-09-21 23:35:06 +00:00 |
|
|
|
ea3eaf048e
|
programs: sandbox with bunpen *by default*; manually opt out or opt to a different sandboxer where required
|
2024-09-21 23:00:49 +00:00 |
|
|
|
f14dbf13b1
|
sane-find-dotfiles: sandbox with bunpen
|
2024-09-11 02:07:57 +00:00 |
|
|
|
a0a34cc62e
|
sane-bt-add: sandbox with bunpen (only minimally tested)
|
2024-09-11 02:07:33 +00:00 |
|
|
|
89b9f693e5
|
sane-bt-rm: sandbox with bunpen
|
2024-09-11 02:07:19 +00:00 |
|
|
|
909beec420
|
sane-reclaim-disk-space: fix sandboxing
|
2024-09-10 19:35:42 +00:00 |
|
|
|
ad57f1537a
|
sane-ip-check: sandbox with bunpen
|
2024-09-03 19:19:24 +00:00 |
|
|
|
0535d97191
|
sane-wipe: sandbox with bunpen
|
2024-09-03 18:30:30 +00:00 |
|
|
|
e62c1fe63f
|
sane-secrets-dump: sandbox with bunpen
|
2024-09-03 15:00:04 +00:00 |
|
|
|
66f00088f1
|
sane-tag-media: sandbox with bunpen
|
2024-09-03 14:58:48 +00:00 |
|
|
|
d474d159ac
|
sane-shutdown,sane-reboot: sandbox with bunpen
|
2024-09-03 14:55:55 +00:00 |
|
|
|
68dfd64ee3
|
sane-which: sandbox with bunpen
|
2024-09-03 14:16:40 +00:00 |
|
|
|
179c6697e6
|
sane-reclaim-{boot,disk}-space: sandbox with bunpen
|
2024-09-03 14:16:14 +00:00 |
|
|
|
9301a84e1c
|
sane-bt-{search,show}: sandbox with bunpen
|
2024-09-03 14:13:40 +00:00 |
|
|
|
6dad290cd5
|
duplicity: purge
|
2024-08-07 01:33:31 +00:00 |
|
|
|
0bfaead177
|
sane-deadlines: only show on physical login, not ssh
|
2024-07-29 03:42:52 +00:00 |
|
|
|
19fd45211f
|
sane-secrets-unlock: remove from ~/.profile and make it an s6 service
more reliable, in practice
|
2024-07-26 22:18:32 +00:00 |
|
|
|
d905af6cd1
|
ship sane-private-unlock-remote as a cron job to lappy/desko
|
2024-07-26 20:54:27 +00:00 |
|
|
|
6f1173e45a
|
sops-gpg-adapter: port to nix-shell
|
2024-07-24 08:28:13 +00:00 |
|
|
|
0460a419c5
|
sane-vpn: use DHCP DNS servers when use specifies none -- instead of 1.1.1.1
|
2024-07-24 03:05:37 +00:00 |
|
|
|
9efa5bb209
|
sane-tag-music -> sane-tag-media, and formally support pdf
|
2024-07-23 17:42:25 +00:00 |
|
|
|
b21002207a
|
programs: ship exiftool
|
2024-07-23 17:19:50 +00:00 |
|
|
|
3ce2b44b7d
|
sane-private-change-passwd: remove
use `gocrypt --passwd /nix/persist/private` instead
|
2024-07-21 21:48:31 +00:00 |
|
|
|
a56795ff79
|
sane-tag-music: fix sandboxing to support renaming
|
2024-07-11 19:12:55 +00:00 |
|
|
|
9ced7bd3b5
|
sane-secrets-unlock: fix sandboxing (create directory before entering the sandbox)
|
2024-07-07 00:53:08 +00:00 |
|
|
|
a77816e9de
|
refactor: sane-scripts: use whitelistDbus where available
|
2024-07-06 03:07:21 +00:00 |
|
|
|
0fd8dc2a01
|
sane-scripts.stop-all-servo: sandbox (correctly, i hope)
|
2024-07-04 12:44:28 +00:00 |
|
|
|
a75a341b56
|
sane-wipe: fix so pkill is available
|
2024-06-28 04:39:39 +00:00 |
|
|
|
7e490f5c07
|
remove lingering references to sxmo
|
2024-05-27 00:38:30 +00:00 |
|
|
|
6a15434cc6
|
net/vpn: remove the bridge devices from my VPN setup
|
2024-05-26 01:18:30 +00:00 |
|
|
|
a5e1a804c9
|
sane-vpn: port to sanebox/pasta (no more firejail)
|
2024-05-25 10:09:10 +00:00 |
|
|
|
7c3ad85d75
|
sane-bt-add: fix sandboxing
|
2024-04-03 09:48:21 +00:00 |
|
|
|
eadb2057d9
|
sane-wipe: port from systemd -> s6
|
2024-03-28 23:15:05 +00:00 |
|
|
|
5f4e421ab9
|
sane-wipe: fix sandboxing
|
2024-03-06 05:11:24 +00:00 |
|
|
|
40e30cf2f8
|
programs: make sandbox.wrapperType default to "wrappedDerivation" and remove everywhere i manually set that
|
2024-02-28 17:39:00 +00:00 |
|
|
|
b302113fc0
|
modules/programs: require manual definition; don't auto-populate attrset
this greatly decreases nix eval time
|
2024-02-28 13:35:09 +00:00 |
|
|
|
f9888fe8d6
|
programs: sane-private-init: sandbox
|
2024-02-25 16:46:10 +00:00 |
|
|
|
036145e6ba
|
programs: sane-private-change-passwd: sandbox
note that this is entirely untested
|
2024-02-25 16:35:13 +00:00 |
|
|
|
c788596c45
|
programs: sane-private-do: grant net access
crucial for e.g. sane-private-do git push
|
2024-02-25 08:25:13 +00:00 |
|
|
|
6865331b48
|
programs: sandbox sane-scripts.private-do
|
2024-02-25 05:41:27 +00:00 |
|
|
|
24d1d13d0a
|
programs: simplify sandboxing of file browsers/etc now that private data lives on a different mount
|
2024-02-23 07:06:29 +00:00 |
|
|
|
d9901aa161
|
programs: sane-secrets-*: sandbox
|
2024-02-20 23:31:39 +00:00 |
|
|
|
be2098c18a
|
programs: sane-vpn: sandbox
|
2024-02-20 23:05:24 +00:00 |
|
|
|
bb569b1668
|
sane-vpn: port away from systemd so that i can use it as an ordinary user (no sudo)
|
2024-02-20 22:21:02 +00:00 |
|
