c5c37e79ac
users/services: actually remove the systemd backend
2024-03-21 17:16:11 +00:00
d2f6648bce
users/services: refactor: replace ExecStart/ExecStopPost with command/cleanupCommand
...
note that this completely breaks the systemd backend (though easily fixable if wanted)
2024-03-21 17:16:11 +00:00
5c9c7f8073
modules/users/s6-rc: add per-service logging
2024-03-21 17:16:11 +00:00
218072b2fe
refactor: modules/users/s6-rc.nix
2024-03-21 17:16:11 +00:00
d4f217a4f5
refactor: modules/users/s6-rc.nix
2024-03-21 17:16:11 +00:00
40f6f88a64
users/services: s6: remove broken log stuff
...
apparently the /log shorthand is only applicable to base `s6-supervise`,
and not `s6-rc`. "pipeline"s are the s6-rc equivalent:
<https://wiki.gentoo.org/wiki/S6-rc#Longrun_pipelining >
2024-03-21 17:16:11 +00:00
fbbb09322a
users/services: s6-rc: support ExecStopPost option
2024-03-21 17:16:11 +00:00
e7153ce4a1
users/services: remove ExecStartPre option
2024-03-21 17:16:11 +00:00
b13e7c38c7
users/services: remove script option
2024-03-21 17:16:11 +00:00
1417497001
users/services: remove serviceConfig.Type option
2024-03-21 17:16:11 +00:00
db12e03f64
users/services: remove oneshot service type
2024-03-21 17:16:11 +00:00
dee4866737
users/services: remove ConditionEnvironment option
2024-03-21 17:16:11 +00:00
81a6c53c26
users/services: remove RemainAfterExit option
2024-03-21 17:16:11 +00:00
9afd9725d1
users: services: remove no-longer-needed Restart and RestartSec options
2024-03-21 17:16:11 +00:00
452619dbfc
s6: log when a service starts up
...
it still seems to be all logging into a single file though?
2024-03-21 17:16:11 +00:00
8bedc860ae
s6: add some minimal logging
...
the root s6 call seems to be doing some logging, notably feedbackd; still don't know where the other logs are going
2024-03-21 17:16:11 +00:00
cbecdc4a95
s6: use exec in the run trampoline, to forward file descriptors and keep a cleaner process tree
2024-03-21 17:16:11 +00:00
e1001f57c5
modules/users: remove no-longer-need environment option
2024-03-21 17:16:11 +00:00
2336767059
port service manager to s6
...
still a lot of cleanup to do (e.g. support dbus service types), but it boots to a usable desktop
2024-03-21 17:16:11 +00:00
05b37669e3
s6-rc: fix service run file to have expected format
2024-03-21 17:16:11 +00:00
ea9768c6ab
modules/users: prototype s6 integration: ~/.config/s6/{sources,compiled}
2024-03-21 17:16:11 +00:00
38353dbc29
modules/users: remove unused requiredBy service option
2024-03-21 17:16:11 +00:00
ef4a8e1989
modules: users: split services -> fs mapping into own systemd.nix file
2024-03-21 17:16:11 +00:00
acc9a9cb48
modules/users: make it a directory
2024-03-21 17:16:11 +00:00
70b5c57b50
modules/programs: enforce (or rather document) a stricter schema
...
this should make it easier to switch to a different service manager
2024-03-21 17:16:01 +00:00
c28ac38652
modules/users: refactor to remove inherits
2024-03-21 17:16:01 +00:00
3c43fba878
feeds: add NativLang per Ben's rec
2024-03-14 07:53:19 +00:00
b25df1d997
sane-sandboxed: fix capabilities example
2024-03-14 01:36:46 +00:00
288d57e5d5
feeds: subscribe to pmOS blog
2024-03-13 23:20:45 +00:00
4510352c07
sane-sandboxed: implement --sane-sandbox-no-portal flag
2024-03-13 04:49:48 +00:00
430592632c
sane-sandboxed: add a help message
2024-03-13 04:49:48 +00:00
56aca78d84
make-sandboxed: also sandbox the .lib output of a package
2024-03-13 04:49:48 +00:00
30d49dc3c3
feeds: update Anish's URL
2024-03-09 20:51:15 +00:00
8e0031e770
feeds: update Byrne Hobart's feed URL
2024-03-09 20:49:01 +00:00
c453dbac8e
lwn.net: update feed URL
2024-03-09 20:42:03 +00:00
90e3c33536
feeds: subscribe to slatecave.net
2024-03-06 22:40:57 +00:00
8029744c90
modules/programs: don't expose *all* of /run/secrets/home to every program
...
this was actually causing a lot of bwrap errors because that directory's not user-readable
turns out any program which already uses programs.xyz.secrets gets the /run/secrets mounts for free via symlink following
2024-03-02 18:51:39 +00:00
a45e42910d
make-sandboxed: generalize runCommand patch to handle any derivation, called with or without callPackage
2024-03-02 07:11:45 +00:00
db89ac88f0
sane-sandboxed: add new --sane-sandbox-keep-namespace all option
2024-03-01 20:48:56 +00:00
40e30cf2f8
programs: make sandbox.wrapperType default to "wrappedDerivation" and remove everywhere i manually set that
2024-02-28 17:39:00 +00:00
812c0c8029
packages: reduce the number of packages which are using inplace sandbox wrapping
2024-02-28 17:35:40 +00:00
a4248fd5cc
make-sandboxed: don't try to wrap directories
...
whoops. test -x is true for directories
2024-02-28 16:28:25 +00:00
c380f61bea
fix "rescue" host to eval again
2024-02-28 14:19:45 +00:00
b302113fc0
modules/programs: require manual definition; don't auto-populate attrset
...
this greatly decreases nix eval time
2024-02-28 13:35:09 +00:00
6ef729bbaf
assorted: prefer runCommandLocal over runCommand where it makes sense
2024-02-27 22:26:56 +00:00
8f424dcd5a
programs: sandboxing: link /etc into sandboxed programs
...
this is crucial for e.g. swaync, to find its resource files.
maybe a good idea to link *every* package directory which i also link
into /run/current-system.
2024-02-27 22:25:17 +00:00
d5643a6a5d
assorted static-nix-shell packages: use srcRoot
2024-02-25 17:37:38 +00:00
d2df668c9e
modules/programs: sane-sandboxed: replace --sane-sandbox-keep-pidspace with --sane-sandbox-keep-namespace <pid|cgroup|ipc|uts>
2024-02-25 12:00:00 +00:00
f807d7c0a2
modules/programs: sane-sandboxed: bwrap: don't virtualize {/dev,/proc,/tmp} if explicitly asked to bind them instead
...
this is necessary for some programs which want a near-maximial sandbox, like
launchers or shells, or more specifically, `sane-private-do`.
2024-02-25 08:15:39 +00:00
6ab5dd8a8f
modules/persist: ensure that the mountpoint for the private store is created at boot
2024-02-25 07:51:24 +00:00
