d6754b6cac
evince: sandbox with firejail
2024-01-22 10:20:29 +00:00
b03d7f7fb0
geary: test the firejail profile; it's not ready
2024-01-22 10:04:18 +00:00
008b186479
audacity: test the firejail profile; it's not ready
2024-01-22 10:04:03 +00:00
914f9b3703
vlc: sandbox with firejail
2024-01-22 09:47:24 +00:00
ed7ec4a371
conky: sandbox with firejail
2024-01-22 09:31:00 +00:00
2d338201a5
signal-desktop: sandbox with firejail
...
TODO: fix URL opening / xdg-open
2024-01-22 09:30:34 +00:00
a8aad1f98f
dino: sandbox with firejail
...
TODO: fix URL opening / xdg-open
2024-01-22 09:30:13 +00:00
2d06b93118
fractal: sandbox with firejail
...
TODO: seems this broke link opening? (xdg-open?)
2024-01-22 09:28:50 +00:00
60547204a8
sane.programs: firejail: support wrapping "runCommand" packages
2024-01-22 09:16:25 +00:00
3d763a0021
tor-browser-bundle-bin -> tor-browser
...
upstream nixpgs just has tor-browser-bundle-bin as an alias for tor-browser
2024-01-22 08:13:37 +00:00
ad474873e2
dovecot: fix unparseable config
...
upstream/nixpkgs is doing some shit, ugh
2024-01-22 08:09:37 +00:00
dd35136ac0
firejail: fix so /run/wrappers are available inside a jail
2024-01-22 07:18:50 +00:00
cfe6e9c20a
nixpkgs: 2024-01-19 -> 2024-01-22
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/331c78971299375240001d946861951b6cc98176' (2024-01-19)
→ 'github:nixos/nixpkgs/dceddd03df4f840ea28c65887c199495793fb322' (2024-01-22)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/bbec4099302591a41304d360e3bab805e5ccc0be' (2024-01-19)
→ 'github:nixos/nixpkgs/8cccce637e19577815de54c5ecc3132dff965aee' (2024-01-22)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/87755331580fdf23df7e39b46d63ac88236bf42c' (2024-01-15)
→ 'github:Mic92/sops-nix/ae171b54e76ced88d506245249609f8c87305752' (2024-01-21)
```
2024-01-22 04:05:59 +00:00
0f3f0933b1
mpv: sandbox with firejail
2024-01-22 03:50:28 +00:00
f8440e3811
go2tv: allow more ports through the firewall
2024-01-22 03:50:04 +00:00
829460a076
todo: update firejail/sandboxing tasks
2024-01-22 02:04:32 +00:00
9ecd0adcbe
firefox: sandbox with firejail
...
TODO: get it so open-in-mpv launches an mpv that has access to ~/.config/mpv
i guess this is the 'firejail url problem'
2024-01-21 23:59:15 +00:00
ad92a2e158
programs: abort when no firejail profile is found for a program.
...
in the future, i can whitelist specific binaries to omit their firejail
profiles.
2024-01-21 04:32:49 +00:00
5f5891d241
programs: apply firejail profile to programs which are net isolated
2024-01-21 04:28:48 +00:00
cf475c4696
nicotine-plus: remove distro-specific symlink
2024-01-21 03:56:33 +00:00
992194a1f0
programs: achieve network sandboxing without "sane-vpn do"
2024-01-21 03:51:12 +00:00
bad6a7bfee
programs: implement "default vpn" with native nix code instead of sane-vpn
2024-01-21 01:04:31 +00:00
66d5e204be
vpn: enforce "id" restrictions
2024-01-21 00:57:46 +00:00
ce35330923
vpn.nix: factor into a proper module
...
this will allow for better integration with 'sane.programs'
2024-01-21 00:49:34 +00:00
bdab1aa7e3
firefox-extensions: update to latest
2024-01-20 21:30:15 +00:00
080c8dbe3d
sane-bt-search: try to install some logging for a sporadic error
2024-01-20 21:19:18 +00:00
a31fe44624
sane-bt-add: handle https:// URIs which forward to magnet:
2024-01-20 21:18:58 +00:00
59187a0ec0
programs: allow running binaries in a netns-style firejail
2024-01-20 11:11:12 +00:00
03fbf42680
servo: lemmy: pict-rs: fix broken CLI argument
2024-01-20 03:15:06 +00:00
f3b2a98874
firejail: fix cross compilation
2024-01-20 03:14:32 +00:00
2e9084c9ef
nixpkgs: 2024-01-14 -> 2024-01-19; sops-nix -> 2024-01-15
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/724e39ebb9b8eda97f17d423f66fbc5a991f4f8d' (2024-01-14)
→ 'github:nixos/nixpkgs/331c78971299375240001d946861951b6cc98176' (2024-01-19)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/6c08fe3ccf437d8b26bec010fd925ddd6bb0d0d5' (2024-01-14)
→ 'github:nixos/nixpkgs/bbec4099302591a41304d360e3bab805e5ccc0be' (2024-01-19)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/70dd0d521f7849338e487a219c1a07c429a66d77' (2024-01-14)
→ 'github:Mic92/sops-nix/87755331580fdf23df7e39b46d63ac88236bf42c' (2024-01-15)
```
2024-01-20 03:14:32 +00:00
0907240fda
sane-vpn: implement the "do" command, to run a program in a netns
2024-01-19 22:55:26 +00:00
7d670facd4
feeds: sort
2024-01-19 21:38:45 +00:00
61e5704fd6
feeds: unsub LW
...
too verbose, and too many of y'all turned into authoritarians
2024-01-19 21:38:14 +00:00
fd0723169f
nix-serve: fix coredump loop
2024-01-19 21:34:45 +00:00
a725d42bf5
ip_forward: consolidate the options to fix servo build
2024-01-19 21:34:18 +00:00
c03cea2d4e
net/vpn.nix: cleanup dead code
2024-01-19 09:58:13 +00:00
f43d6bff92
route VPN traffic such that i can configure any app to selectively use the VPN
...
e.g. firejail --net=br-ovpnd-us-mi --noprofile --dns=46.227.67.134 getent ahostsv4 uninsane.org
2024-01-19 09:54:01 +00:00
43a8ca90a7
feeds: add Cat and Girl
2024-01-16 19:12:25 +00:00
dac6046828
firefox-extensions: update to latest
2024-01-16 19:10:32 +00:00
e2a6ae22dc
sxmo-utils: 2024-12-28 -> 2024-01-01
2024-01-16 19:10:08 +00:00
f2ee43d1ef
delfin: 0.2.1 -> 0.3.0
2024-01-16 19:09:50 +00:00
3d80b46570
lemoa: 0.5.0 -> 0.5.1
2024-01-16 19:09:38 +00:00
e7d383604a
signal-desktop-from-src: 6.42.0 -> 6.44.0
2024-01-16 19:09:25 +00:00
7d504892be
servo: dovecot: fix broken sieve
2024-01-16 06:28:25 +00:00
d7a2bf9d26
servo: remove networking.useDHCP=false override
...
seems likely that the change to systemd-networkd renamed the ethernet interface, and so eth0.useDHCP wasn't right. this change seems to restore networking
2024-01-16 06:09:19 +00:00
d6184a7b6d
sane-vpn: update to be compatible with newer systemd-network vpn implementation
2024-01-16 03:36:37 +00:00
851c15aa6d
vpn: port ovpnd connections to use systemd-network
...
this should allow better integration with e.g. systemd-run, in future
2024-01-16 03:20:40 +00:00
c45898f903
WIP: wg-dev
2024-01-15 04:15:17 +00:00
0efec20904
hosts/common/net/vpn: remove unused "extraOptions" argument
2024-01-15 03:52:31 +00:00