|
|
2203d6db59
|
cleanup: remove XDG_SESSION_TYPE, XDG_VTNR from global environment
|
2024-07-25 15:26:24 +00:00 |
|
|
|
874b7aecfa
|
persist: rename "cryptClearOnBoot" to "ephemeral"
|
2024-07-25 12:11:46 +00:00 |
|
|
|
cf8e9f798d
|
persist/crypt: simplify the fileSystems definitions
turns out you can just declare your own fs type, that's cool
|
2024-07-25 12:11:46 +00:00 |
|
|
|
70d4925483
|
gps-share: dont launch until after the modem is actually powered on
|
2024-07-24 11:15:44 +00:00 |
|
|
|
225c8de7a2
|
trust-dns: fix dyn-dns reactor (trust-dns-lan does not exist)
|
2024-07-24 07:18:29 +00:00 |
|
|
|
34e770c5f5
|
sanebox: fix missing dependency on iptables/iproute2
|
2024-07-24 03:32:12 +00:00 |
|
|
|
db292850b0
|
modules/programs: fix sandbox.net = "vpn" option
|
2024-07-19 12:44:09 +00:00 |
|
|
|
8e6272bafd
|
static-nix-shell: better enforce that all nix-shell deps are specified
|
2024-07-19 12:21:10 +00:00 |
|
|
|
a1de7a4afd
|
users: configure XDG_SESSION_TYPE during shell setup
|
2024-07-18 00:15:29 +00:00 |
|
|
|
0b7d8310df
|
trust-dns: patch resolver to handle more edge-case domains (api.mangadex.org., m.wikipedia.org., ...)
|
2024-07-17 15:28:41 +00:00 |
|
|
|
8472320629
|
sane-vpn: route DNS through the VPN's server
|
2024-07-17 02:00:05 +00:00 |
|
|
|
132798be23
|
sanebox: ensure sanebox is always on the PATH of sandboxed binaries
|
2024-07-16 07:24:42 +00:00 |
|
|
|
514cfe7b0b
|
feeds: subscribe to "Better Offline" podcast
|
2024-07-12 01:20:00 +00:00 |
|
|
|
46bf7c5ac9
|
nixpkgs: 2024-07-06 -> 2024-07-07
|
2024-07-08 05:38:44 +00:00 |
|
|
|
6824080f6b
|
avahi: fix broken sandboxing
|
2024-07-06 03:08:36 +00:00 |
|
|
|
3c53bca156
|
vpn: log a message whenever the endpoint is updated
only as i'm actively working in this area. hopefully this log message can be less noisy in the future
|
2024-07-06 03:03:38 +00:00 |
|
|
|
5048bd8d70
|
sanebox: fix that pasta-sandboxed programs would fail compile-time sandboxing test
|
2024-07-05 20:41:28 +00:00 |
|
|
|
a12aa02655
|
sane.programs: provide sandbox.net = "vpn.wg-home" to tunnel through my home ISP
|
2024-07-05 20:18:34 +00:00 |
|
|
|
6d66a5dbf8
|
vpn: add a service to auto-refresh wireguard endpoints
|
2024-07-05 20:06:16 +00:00 |
|
|
|
5d80e298b5
|
wg-home: deploy so as to be compatible with sane-vpn (e.g., route *WAN* traffic through it)
|
2024-07-05 18:45:26 +00:00 |
|
|
|
823f8f2be3
|
feeds: subscribe to FLOSS Weekly
|
2024-07-04 13:34:48 +00:00 |
|
|
|
e72f9be1bf
|
feeds: subscribe to Sharp Tech
|
2024-07-04 13:23:36 +00:00 |
|
|
|
24ed242bac
|
servo: fix warning for getExe and iptables
|
2024-07-04 12:43:02 +00:00 |
|
|
|
e82feb9f71
|
make-sandboxed: migrate to binary wrapper
|
2024-07-03 19:35:56 +00:00 |
|
|
|
4839a40205
|
make-sandboxed: use makeWrapper proper, rather than rolling my own
i can't use the _binary_ wrapper unless i use a fully-qualified path to 'sanebox' or hide it behind something like /usr/bin/env
|
2024-07-03 17:54:38 +00:00 |
|
|
|
e9c51eddb3
|
feeds: subscribe to Matt Stoller
|
2024-07-01 07:33:41 +00:00 |
|
|
|
9b8c461ce9
|
dont treat python packages specially: lift all python packages out of python-packages/ subdir; remove pyPkgs arg from static-nix-shell.mkPython3
|
2024-06-27 11:28:17 +00:00 |
|
|
|
f54f1c57bc
|
avahi: integrate with nss
now i can resolve .local hosts, via glibc, e.g. 'getent hosts <host>.local'
|
2024-06-27 06:18:48 +00:00 |
|
|
|
98d6439f2a
|
modules/warnings: add a way to bypass module-level assertions as well
|
2024-06-27 06:17:53 +00:00 |
|
|
|
5d1c52d0bc
|
feeds: add buttondown.email
|
2024-06-24 17:05:10 +00:00 |
|
|
|
845dba3ca5
|
modules/vpn: fix deprecation warnings
|
2024-06-22 03:35:41 +00:00 |
|
|
|
09a615ee62
|
netns: factor the netns setup/teardown into distinct services, rather than trying to piggyback network-local-commands
idk what network-local-commands is about, nor network-pre.target.
network-pre.target doesn't seem to actually be wanted by anything (?)
|
2024-06-18 10:36:08 +00:00 |
|
|
|
f9091c0b0c
|
netns: ensure that network.target depends on network-pre.target (why doesnt it by default?)
this should fix that servo tries to start wg-ovpns before the netns is configured
|
2024-06-18 09:07:40 +00:00 |
|
|
|
39a39e763d
|
trust-dns: hack to substitute ANATIVE before anything else
|
2024-06-17 22:44:43 +00:00 |
|
|
|
0d99293b2f
|
servo: split the doof/ovpns netns config into its own module
a big thing this gets me is that the attributes (like IP addresses) are now accessible via 'config' an i won't have to hardcode them so much
|
2024-06-17 09:25:10 +00:00 |
|
|
|
b0ee12ba7b
|
modules/users: export HOME in environment.d because some services (nwg-panel) need it
|
2024-06-16 06:01:20 +00:00 |
|
|
|
c50a4d1d71
|
static-nix-shell: fix mkBash scripts to actually be invokable from the CLI
they need the `bash` package! how did this work before?
|
2024-06-15 07:42:04 +00:00 |
|
|
|
330a64d820
|
feeds: add xorvoid.com
|
2024-06-13 04:46:12 +00:00 |
|
|
|
6d1db1ee67
|
feeds: update metadata
|
2024-06-13 03:03:15 +00:00 |
|
|
|
46e9d5f758
|
programs: fix s6 deps when dbus isnt enabled
|
2024-06-12 07:11:41 +00:00 |
|
|
|
11cdac0357
|
mobile-nixos: import by fetchFromGitHub instead of via flake
|
2024-06-07 21:15:54 +00:00 |
|
|
|
1dd10450f2
|
modules/image: remove extraneous sane.image.enable option
|
2024-06-07 07:42:47 +00:00 |
|
|
|
52a0e8cf53
|
modules/hal/samsung: init
this can be used to get baseline support for samsung exynos5 chromebook
i should probably rename it, in time
|
2024-06-07 07:33:46 +00:00 |
|
|
|
d75f59ba06
|
modules/image: increase the default boot partition size from 512 MiB -> 1024 MiB
|
2024-06-07 07:29:50 +00:00 |
|
|
|
aa0a395353
|
nit: fix image output to be a file, not an item inside a folder
|
2024-06-07 07:28:56 +00:00 |
|
|
|
3aa2ece59b
|
modules/programs: convert lib.optionalAttrs to mkIf
this allows stuff to be lazier
|
2024-06-07 07:26:07 +00:00 |
|
|
|
45e121eb1c
|
make-sandboxed: preserve meta.mainProgram
|
2024-06-01 20:01:24 +00:00 |
|
|
|
f0128b9496
|
apply patch for when trust-dns is renamed to hickory-dns
|
2024-06-01 17:07:44 +00:00 |
|
|
|
cb1d5d53c6
|
feeds: add mintcast podcast
|
2024-06-01 16:28:42 +00:00 |
|
|
|
36f4fa3018
|
checkSandboxed: fix so that cross-built scripts can be checked again
how did this work earlier? does lappy have binfmt enabled??
|
2024-06-01 13:24:41 +00:00 |
|
