colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
9,091 Commits 141 Branches 1 Tag
a72bc90e901b8801c881c99a162348bdacc18e1c
Commit Graph

9091 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Colin
7ac4a6f060 refactor: bunpen: namespace: simplify the error paths 2024-08-30 13:10:00 +00:00
Colin
1d79f3eacc papers: ship in place of Zathura as the default pdf viewer 2024-08-30 12:53:05 +00:00
Colin
e5263915b9 refactor: namespace: leverage errors::ext::swallow where easily applicable 2024-08-30 12:42:28 +00:00
Colin
29cabd2ac4 bunpen: refactor: cleanup error checking impl 2024-08-30 12:23:48 +00:00
Colin
475037f9c9 bunpen: move rtext:: -> rt::ext:: 2024-08-30 12:03:23 +00:00
Colin
dab05a0f9c {check,swallow}_error: lift out of rtext into errors::ext 
the ::ext namespace is required to prevent a circular dep within the std lib
 2024-08-30 12:00:43 +00:00
Colin
d2bf8dbdbb bunpen: clone: place the clone flags behind an enum 2024-08-30 11:37:45 +00:00
Colin
3e5cb29a7d bunpen: namespace/umount: place the umount flags behind an enum 2024-08-30 11:31:12 +00:00
Colin
edeb153eb8 bunpen: namespace/mount: place the various mount flags behind an enum 2024-08-30 11:28:34 +00:00
Colin
61e8b99f72 bunpen: landlock: namespace the landlock_create_ruleset flags as well 2024-08-30 11:04:52 +00:00
Colin
566a61ca9f bunpen: landlock: namespace the different flags into enums 2024-08-30 10:57:48 +00:00
Colin
590cd36e53 bunpen: landlock: split out a helper to simplify the error handling 2024-08-30 10:33:33 +00:00
Colin
9803be75e1 bunpen: no_new_privs -> capabilities, in expectation of this file expanding in role 2024-08-30 09:43:46 +00:00
Colin
73583d19d4 programs: nix: ship nixVersions.latest 
it gives better error messages, and i'm not seeing any regressions so far
 2024-08-30 09:37:56 +00:00
Colin
19e2e37105 mpv: sandbox with bunpen instead of bwrap 
it's far enough along to be actually working; though i likely give it a few more in-namespace capabilities than it really needs
 2024-08-29 20:14:30 +00:00
Colin
f26f13ddf3 bunpen: bind "safe"-ish /de items 2024-08-29 20:13:37 +00:00
Colin
9c69666646 bunpen: expose a new /tmp to the sandbox 2024-08-29 20:13:20 +00:00
Colin
4f6b1b0a69 bunpen: bind a sandboxed /proc 2024-08-29 20:12:42 +00:00
Colin
bc1453f675 bunpen: mount /proc in the namespace, if pids are sandboxed 2024-08-29 16:47:02 +00:00
Colin
353057af23 bunpen: namespace: perform the first fork required for pid namespacing 2024-08-29 14:54:08 +00:00
Colin
7f5b55bc2a bunpen: simplify: share resources with the CLI parsing to avoid duplication 2024-08-29 14:17:42 +00:00
Colin
452ee68926 bunpen: lay the plumbing for future pid isolation 2024-08-29 14:13:38 +00:00
Colin
a2fa3727cc sane_sysvol: fix use of uninitialized volstr 
hey, that lua language server is pretty neat ^_^
 2024-08-29 11:43:19 +00:00
Colin
1676ef77ad bunpen: configure logging ASAP 
this avoids dumping undesired spam to the console during the autodetect phase
 2024-08-29 11:41:08 +00:00
Colin
39a7c1a6d9 bunpen: namespace: improve docs around path edgecases 2024-08-29 11:27:01 +00:00
Colin
d91e1d51c1 bunpen: handle intermediary symlinks when binding 2024-08-29 11:17:35 +00:00
Colin
f6d4dcaabb bunpen: fix outdated docs for namespace path binding 2024-08-29 11:10:37 +00:00
Colin
963a0ee56c mpv: setup profiles by which to tune youtube quality preferences and debanding 2024-08-29 10:17:53 +00:00
Colin
3e9e1168b4 bunpen: landlock: fix landlock access mode for unix sockets 
the inode type for a socket is a superset of the inode type for a directory, so the bitmasking logic was wrong
 2024-08-28 13:27:36 +00:00
Colin
14929c1102 programs: plum --bunpen-autodetect into modules/programs API 2024-08-28 11:37:18 +00:00
Colin
35848ece02 bunpen: implement --bunpen-autodetect 2024-08-28 11:35:58 +00:00
Colin
38ee8be785 bunpen: refactor: dont exit directly when parsing args, but return an error and let main do that 2024-08-27 22:28:06 +00:00
Colin
b3ea0ff2b3 bunpen: remove dead options i wont ever implement 2024-08-27 22:12:54 +00:00
Colin
e5cdd53537 bunpen: implement --bunpen-debug=n for more controlled logging 2024-08-27 20:48:26 +00:00
Colin
fb894bb7a5 bunpen: treelogger: implement log depth filtering 2024-08-27 20:36:31 +00:00
Colin
2ffacf0e44 bunpen: lay groundwork for a better logger 2024-08-27 20:36:31 +00:00
Colin
7dbe64e52f bunpen: preserve environment across exec boundary 2024-08-27 20:36:31 +00:00
Colin
b9fc61e627 modules/programs: plumb bunpen's home/run path binds 2024-08-27 20:36:31 +00:00
Colin
99de056048 bunpen: namespace: restore the working directory (if possible) after entering the mount namespace 2024-08-27 20:36:31 +00:00
Colin
469b9b9223 bunpen: prefer os::getpwd instead of relying on the PWD env var 2024-08-27 20:36:31 +00:00
Colin
2f6e54f331 bunpen: support --bunpen-home-path, --bunpen-run-path 
still needs to be integrated into modules/programs
 2024-08-27 20:36:31 +00:00
Colin
29886d7f10 servo: sftpgo: allow read-only media access via password auth 2024-08-27 13:52:40 +00:00
Colin
861014bca3 nixpkgs: fix patch hashes 2024-08-27 13:44:42 +00:00
Colin
3417a9fd3f sanebox: remove the portal logic, and delegate it to manual handling by those few apps which truly need special casing 
it's a questionable responsibility to give to the sandbox itself (unless i also have the sandbox do things like dbus proxying, someday). and it will make the bunpen implementation simpler
 2024-08-27 11:00:15 +00:00
Colin
83ef250a34 neovim: fix lints 2024-08-26 20:47:18 +00:00
Colin
59ba9e4853 neovim: disable ltex-ls plugin 2024-08-26 20:46:32 +00:00
Colin
3994beaa01 hosts/moby: disable the very heavy-weight LSPs (rust, typescript) 2024-08-26 17:17:10 +00:00
Colin
93159485fa neovim: integrate LSP for lua, LaTeX, html, markdown, nix, OpenSCAD, Rust, js/TypeScript :) 2024-08-26 16:49:00 +00:00
Colin
e1f5a55bca neovim: enable bash and python language servers 2024-08-26 14:06:49 +00:00
Colin
ea2739f86c neovim: enable "which-key" plugin 2024-08-26 14:06:49 +00:00