da72fc9d52
bunpen: fix typo that prevented assigning caps >= 32
2024-09-02 20:36:37 +00:00
36e2f57b06
bunpen: proper capability boxing
...
the Amb/Bound sets are written as specified, and I/P set so as to be activated when we exec the wrapped program
2024-09-02 20:21:09 +00:00
bc2823d622
bunpen: better (still incomplete) capability boxing
2024-09-02 18:55:53 +00:00
8b53f97c1c
bunpen: bind the different PR_CAP* prctl syscalls
...
see 'man prctl' for additional calls, some of which were omitted because i don't expect to need them
2024-09-02 17:02:02 +00:00
712b2c38f0
firefox: disable Ctrl+W shortcut
...
finally, i can stop accidentally killing tabs when i mean to backspace
2024-09-02 15:43:12 +00:00
3212664f37
firefox: migrate extraPolicies to overrides.cfg
...
this fixes that the bookmarks policy in extraPolicies was breaking my bookmarks import
2024-09-02 15:15:00 +00:00
98c62f66dd
firefox: add duckduckgo search bookmark
2024-09-02 14:11:13 +00:00
1677f77fd6
firefox: statically define a few bookmarks
2024-09-02 14:04:47 +00:00
c5e21546ff
firefox: refactor: split addons into separate file
2024-09-02 13:57:53 +00:00
5eb597b133
programs: firefox: move to subdir
...
then i'll split it into separate files fore easier management
2024-09-02 13:41:11 +00:00
90f7953615
firefox: remove dead code
2024-09-02 13:29:11 +00:00
ab15d2a991
programs: replace gnome-disk-utility with gparted
...
the latter *appears* to work better when sandboxed
2024-09-02 12:02:32 +00:00
eba9bb3099
feeds: subscribe to Charles Stross blog
2024-09-02 11:38:47 +00:00
3deb17125d
make-sandboxed: handl polkit files when patching bin paths
2024-09-02 11:31:24 +00:00
49a38001bc
update-feed: support sites which are accessible only by www.FOO and not toplevel FOO
2024-09-02 11:30:53 +00:00
a39d705ff5
nix: fix NIXPATH to be free of symlinks
2024-09-02 11:29:58 +00:00
4328a7ddf3
modules/programs: remove unused arguments
2024-09-02 10:26:42 +00:00
1b959272a1
moby: fetch the ANX7688 patch from lkml instead of armbian
...
didn't actually deploy this, but it builds
2024-09-02 10:07:37 +00:00
9d83f4cbf7
NetworkManager: reduce hardening options which broke IPv6 link-local addressing
...
'ip -6 addr' should show an address even on networks which aren't
routable. /proc or /sys sandboxing was preventing this (with error messages logged to syslog).
2024-09-01 23:13:30 +00:00
48fccebd1e
iptables: temporarily disable sandbox
...
it was overrestrictive
2024-09-01 21:24:19 +00:00
8f4d4c97bc
avahi: ensure that mDNS responses arent blocked by rpfilter
...
this PROBABLY isnt necessary, but keep it here as i debug stuff at least
2024-09-01 21:23:52 +00:00
0419e50cc3
upnp: fix rpfilter to support IPv6, too
2024-09-01 21:21:57 +00:00
80d3ad3d0e
moby: wifi low power patch: clarify that it just mitigates, doesnt solve, the reconnections
2024-09-01 21:21:30 +00:00
3d3853d596
moby: rtw88 wifi: disable deep sleep to prevent disconnections
2024-09-01 17:37:53 +00:00
cfa60ce41c
common/fs: remove dead nfs code
2024-09-01 15:50:28 +00:00
942ca82445
assorted: hosts/common: remove unused module parameters
2024-09-01 15:49:15 +00:00
336696bb06
scripts/deploy: show the nix copy command, to aid in manual runs
2024-09-01 15:41:33 +00:00
7d75b3c736
neovim: docs: suggest alternate mappings for nvim-cmp
2024-09-01 15:38:13 +00:00
3ca2c7ec53
sane-tag-media: fix escapes in docstring
2024-09-01 14:30:53 +00:00
9d605030c3
cross: wike: push build fix to upstream nixpkgs
2024-09-01 13:44:31 +00:00
e1d678093e
ayatana, switchboard: push cross patches upstream
2024-09-01 13:16:39 +00:00
5586a3a87b
moby: document status of linux 6.11
2024-09-01 11:35:20 +00:00
38c6ecefa6
programs: ship camera debugging tools
2024-09-01 11:31:10 +00:00
c80aa813d9
neovim: ship GitMessenger plugin for git-blame-like functionality
2024-09-01 01:12:27 +00:00
4f6ea0938c
neovim: Ctrl+Space to autocomplete
2024-09-01 01:00:37 +00:00
7ed78686c2
hal/pine64: remove more commented out patches which are irrelevant to pinephone
2024-08-31 22:42:04 +00:00
96b90b84d3
linux-firmware-megous: lint
2024-08-31 21:57:33 +00:00
c32be5d170
hal/pine64: remove some commented out patches which are *definitely* irrelevant to pinephone
...
probably there are way more; i just have to make sense of the weird name scheme and be sure which sensors are/aren't on the pinephone
2024-08-31 21:50:50 +00:00
7830603ff3
cleanup: impure.nix: remove extraneous parentheses
2024-08-31 21:20:18 +00:00
98f028108e
moby: remove old way of getting the armbian patches
2024-08-31 21:09:57 +00:00
1649e9e22f
moby: remove outdated documentation
2024-08-31 21:08:08 +00:00
874ba132a8
crust-firmware-pinephone: remove unused pkgsCross input
2024-08-31 20:57:48 +00:00
1f0fa1cf2b
WIP: moby: add the modem-power dev node back
...
my eg25-control script requires it; maybe someday i'll manage modem power from userspace as well -- that should be less error prone
2024-08-31 20:54:55 +00:00
98e32fbcab
moby: add anxNNNN back to the device tree
...
i *suspect* this fixes/improves battery charging.
at least, i see the nwg-panel icon intermittently switch between
charging/not-charging, whereas before it ONLY ever showed not-charging.
2024-08-31 20:51:55 +00:00
947f2b821d
moby: reduce the set of kernel patches
...
in fact i forgot to include the patch which adds anxNNNN to the device
tree, but it still boots to graphics. battery charging i *think* DOESN'T
work (needs the dts change probably)
waiting for this to deploy; i think i removed too many, and should have kept the anxNNNN device-tree patch, but unsure
2024-08-31 19:43:42 +00:00
68478b37fe
moby: fix display for pseudo-mainline kernel
...
i'll work to reduce the patch stack... but it takes time to recompile/deploy
2024-08-31 18:20:41 +00:00
097f172e71
nixpkgs: remove no-longer-needed permittedInsecurePackages config
2024-08-31 18:19:14 +00:00
28be40a2c8
WIP: moby: enable the HDMI sound card
...
waiting on deploy; unsure if this achieves anything. but it applies and builds so why not, for now.
2024-08-31 17:10:32 +00:00
9daa12049f
WIP: moby: ship mainline linux, with a few megi patches
...
100% mainline linux boots, with WiFi and battery charging, but no display
i'm trying to select megi patches that will enable the display; haven't found that yet. may be that the config requires tweaking (e.g. SIMPLEDRM stuff)
2024-08-31 17:09:39 +00:00
b9cd911c0d
armbian-build: init
...
this repo contains (among other things) megi's kernel tree, exported as individual patches, where they can be easily cherry-picked and tracked
2024-08-31 17:03:17 +00:00
