a9810e7343
re-ship linux 6.7 to lappy/desko/servo
...
now that landlock-sandboxer builds against the correct linux headers,
this can actually work.
2024-02-01 13:54:44 +00:00
4f352c5725
landlock-sandboxer: build against headers which match the sandboxer source
2024-02-01 13:53:39 +00:00
17f35a3619
linux-megous: 6.6.0 -> 6.7.2
2024-02-01 12:51:53 +00:00
89d4f3eec3
nixpkgs: 2024-01-29 -> 2024-02-01
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/aa476d3e0de89aeb67950a1bc76b4fd576c24505' (2024-01-29)
→ 'github:nixos/nixpkgs/06002f375e1d20f1481abcb696a50f232202e7ac' (2024-02-01)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/a31b9bd76009c73a2f932fbdaa7145ac4a79544f' (2024-01-29)
→ 'github:nixos/nixpkgs/fbba9b8f0b6364928f60ef1b97e686b569cdb64e' (2024-02-01)
```
2024-02-01 11:32:36 +00:00
44419d71a5
lemmy-lemonade: init at 2023.10.29
2024-02-01 11:32:07 +00:00
02e597a862
fractal-nixified: 5 -> 6
2024-02-01 10:57:01 +00:00
00f995aec9
fixup landlock-sandboxer to work well for all systems
...
downgrade lappy/desko/servo back to default linux; zfs doesn't support latest
build landlock-sandboxer against the specific kernel being deployed; it's less noisy that way
2024-01-31 21:19:10 +00:00
368eb2c29b
programs: git: whitelist more repo roots
2024-01-31 21:17:48 +00:00
5f793523d1
ship linux 6.7 to lappy/desko/servo
2024-01-31 20:33:15 +00:00
33bee7ac2e
unl0kr: be a little more robust against bad password entry
2024-01-31 20:32:26 +00:00
84af8aca3c
unl0kr: remove debugging code
2024-01-31 20:10:57 +00:00
a0f00313a7
moby: disable signal-desktop autostart
2024-01-31 20:09:03 +00:00
6603115192
moby: disable getty auto-login
...
i think this interacts badly with unl0kr style logins, though
honestly kinda hard to tell if that was a fluke or real.
2024-01-31 19:47:24 +00:00
ac968e1589
sxmo: allow the option to disable greeter entirely
2024-01-31 19:46:37 +00:00
2d4fc4f274
landlock-sandboxer: build against latest compatible linux
2024-01-31 17:45:46 +00:00
1d72e13a98
sxmo: launch via unl0kr by default
2024-01-31 17:40:36 +00:00
d9667653e7
docs: sway: point out that one can launch sway directly from a TTY
2024-01-31 16:29:27 +00:00
8c6bf07102
todo.md: sync
2024-01-31 16:28:56 +00:00
634520a1e9
unl0kr: fix cross compilation
2024-01-31 16:23:55 +00:00
13be5a1731
unl0kr: fix LOGIN_TIMEOUT to be infinite
2024-01-31 15:43:30 +00:00
30288cd67f
user: add CAP_NET_ADMIN,CAP_NET_RAW even outside of systemd session
...
in fact, *only* outside of systemd session because they broke ambient caps in 255
2024-01-31 15:42:43 +00:00
87e2509af4
doc: cozy: mention that upstream has merged the patch i apply
2024-01-31 15:36:54 +00:00
8736ca478b
programs: firefox: allow access to servo image-macros
2024-01-31 15:36:09 +00:00
cb3960fb21
programs: git: fix access to ~/private/knowledge
2024-01-31 15:35:21 +00:00
6e24a1ff28
programs: re-enable sops
2024-01-31 15:30:15 +00:00
91eae95b32
modules.gui.gnome: fix build
2024-01-31 15:29:49 +00:00
f5c88853ee
sway: replace "greetd" with "unl0kr"-based login process
2024-01-31 15:20:27 +00:00
0009e5ca4c
programs: sandboxing: use wrapperType="wrappedDerivation" where applicable
2024-01-29 15:21:16 +00:00
0403d5c03e
nixpkgs: 2024-01-28 -> 2024-01-29
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/a86d1125195505d4ea8997b12507b9c623511256' (2024-01-28)
→ 'github:nixos/nixpkgs/aa476d3e0de89aeb67950a1bc76b4fd576c24505' (2024-01-29)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/f58fe0f36dbbef39b3f5ec8542a02dece7c9559b' (2024-01-28)
→ 'github:nixos/nixpkgs/a31b9bd76009c73a2f932fbdaa7145ac4a79544f' (2024-01-29)
```
2024-01-29 13:49:54 +00:00
db6ba61429
programs: sandbox more apps with wrapperType=wrappedDerivation
2024-01-29 13:45:57 +00:00
881d2f79ed
modules/programs: add "unchecked" passthru to aid debugging
2024-01-29 13:36:01 +00:00
47abdfb831
modules/programs: patch dbus-1 files to use sandboxed binaries
2024-01-29 13:09:43 +00:00
3831c6f087
TODO: fold
2024-01-29 13:07:44 +00:00
d3f7a036ce
ripgrep: move options out of assorted.nix into its own file
2024-01-29 12:57:56 +00:00
0454abacd9
komikku: sandbox
2024-01-29 12:56:08 +00:00
4f8d476ebf
modules/programs: patch old /nix/store paths in .desktop files
2024-01-29 12:56:08 +00:00
1cb2c5225f
programs: use wrapperType=wrappedDerivation where possible
2024-01-29 12:07:04 +00:00
7af970f38c
modules/programs: extend wrapperType="wrappedDerivation" to handle common share/ items
2024-01-29 11:59:38 +00:00
6f86e61a00
firefox: fix build
...
zip was giving some complaints... i'm not sure why, i think it still works
2024-01-29 09:57:35 +00:00
3ea3776281
nixpkgs: 2024-01-27 -> 2024-01-28
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/ef4dd61b7d53af44b060473308c50fa3b34d5681' (2024-01-27)
→ 'github:nixos/nixpkgs/a86d1125195505d4ea8997b12507b9c623511256' (2024-01-28)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/c002c6aa977ad22c60398daaa9be52f2203d0006' (2024-01-27)
→ 'github:nixos/nixpkgs/f58fe0f36dbbef39b3f5ec8542a02dece7c9559b' (2024-01-28)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/4606d9b1595e42ffd9b75b9e69667708c70b1d68' (2024-01-24)
→ 'github:Mic92/sops-nix/73bf36912e31a6b21af6e0f39218e067283c67ef' (2024-01-28)
• Updated input 'sops-nix/nixpkgs-stable':
'github:NixOS/nixpkgs/a1982c92d8980a0114372973cbdfe0a307f1bdea' (2024-01-12)
→ 'github:NixOS/nixpkgs/9a333eaa80901efe01df07eade2c16d183761fa3' (2024-01-22)
```
2024-01-29 09:57:35 +00:00
a7eb8dd6fa
nixpkgs: 2024-01-22 -> 2024-01-27
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/dceddd03df4f840ea28c65887c199495793fb322' (2024-01-22)
→ 'github:nixos/nixpkgs/ef4dd61b7d53af44b060473308c50fa3b34d5681' (2024-01-27)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/8cccce637e19577815de54c5ecc3132dff965aee' (2024-01-22)
→ 'github:nixos/nixpkgs/c002c6aa977ad22c60398daaa9be52f2203d0006' (2024-01-27)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/ae171b54e76ced88d506245249609f8c87305752' (2024-01-21)
→ 'github:Mic92/sops-nix/4606d9b1595e42ffd9b75b9e69667708c70b1d68' (2024-01-24)
```
this breaks sway login for lappy. not obvious why.
2024-01-29 09:57:35 +00:00
c1a1f51ca2
git: fix git-upload-pack (used on the remote when doing git pull)
2024-01-29 09:57:27 +00:00
32824cfade
modules/programs: sandbox in a manner that's more compatible with link-heavy apps like busybox, git, etc
2024-01-29 09:56:30 +00:00
51fc61b211
sane-sandboxed: cleanup
2024-01-29 09:14:43 +00:00
7b9795ea3d
modules/programs: implement embedWrapper
option
2024-01-29 09:13:49 +00:00
5f3e481fe4
sane-sandboxed: refactor and avoid passing duplicate/subpaths into the sandbox
2024-01-29 07:15:02 +00:00
86219d7006
sane-sandboxed: simplify: consolidate homePaths and rootPaths into just "paths"
2024-01-29 05:43:10 +00:00
381da74e6c
users: enable pam_cap for "login" program
2024-01-28 17:55:19 +00:00
24c70c3683
feeds: switch acoup.blog to the database type feed
...
at some point my feed script became capable of understanding his RSS :)
2024-01-28 12:37:38 +00:00
bfec531fa2
sandbox a bunch more apps
2024-01-28 11:43:05 +00:00