|
|
15d668f1ca
|
file: sandbox with bunpen
|
2024-09-03 02:48:13 +00:00 |
|
|
|
147efe0a9e
|
dig: sandbox with bunpen
|
2024-09-03 02:47:32 +00:00 |
|
|
|
d11f3152d0
|
cargo,rust-analyzer: sandbox with bunpen
|
2024-09-03 02:46:54 +00:00 |
|
|
|
8a2a41ecc9
|
bash-language-server: sandbox with bunpen
|
2024-09-03 02:44:10 +00:00 |
|
|
|
ab15d2a991
|
programs: replace gnome-disk-utility with gparted
the latter *appears* to work better when sandboxed
|
2024-09-02 12:02:32 +00:00 |
|
|
|
48fccebd1e
|
iptables: temporarily disable sandbox
it was overrestrictive
|
2024-09-01 21:24:19 +00:00 |
|
|
|
38c6ecefa6
|
programs: ship camera debugging tools
|
2024-09-01 11:31:10 +00:00 |
|
|
|
b4f921ab04
|
programs: tangram: disable (i dont use it)
|
2024-08-31 07:13:39 +00:00 |
|
|
|
1d79f3eacc
|
papers: ship in place of Zathura as the default pdf viewer
|
2024-08-30 12:53:05 +00:00 |
|
|
|
93159485fa
|
neovim: integrate LSP for lua, LaTeX, html, markdown, nix, OpenSCAD, Rust, js/TypeScript :)
|
2024-08-26 16:49:00 +00:00 |
|
|
|
e1f5a55bca
|
neovim: enable bash and python language servers
|
2024-08-26 14:06:49 +00:00 |
|
|
|
afd0ec09a1
|
nixfmt-rfc-style: ship
|
2024-08-26 14:06:49 +00:00 |
|
|
|
ae8e9267c4
|
nixpkgs: 0-unstable-2024-08-21 -> 0-unstable-2024-08-25
|
2024-08-26 08:15:49 +00:00 |
|
|
|
5f35eaccd9
|
programs/host: sandbox with bunpen instead of landlock
this just acts as a good proof-of-concept / testing it in the wild
|
2024-08-23 16:00:31 +00:00 |
|
|
|
9b11b64349
|
haredoc: ship
|
2024-08-22 09:00:14 +00:00 |
|
|
|
f834f551ed
|
assorted: clarify why i use wrapperType = inplace when sandboxing
|
2024-08-15 21:01:42 +00:00 |
|
|
|
140b61a944
|
slic3r: ship
|
2024-08-15 10:32:22 +00:00 |
|
|
|
db7767c679
|
assorted: remove some no-longer-needed sandbox.wrapperType = "inplace" declarations
|
2024-08-15 10:32:22 +00:00 |
|
|
|
74acfeadd5
|
programs/assorted: clarify sandbox.enable = false situation
|
2024-08-12 10:27:41 +00:00 |
|
|
|
e7d5a61014
|
libcap: split into separate capsh and captree programs, and sandbox the latter
|
2024-08-12 10:13:50 +00:00 |
|
|
|
fc826a3503
|
libcap: patch in captree locally rather than via a nixpkgs patch that would force mass rebuilds
|
2024-08-12 09:39:43 +00:00 |
|
|
|
f0b0d15ad7
|
evtest: ship
|
2024-08-11 06:26:58 +00:00 |
|
|
|
cbe71868ef
|
newsflash: deploy
|
2024-08-09 10:25:53 +00:00 |
|
|
|
c695f7a979
|
foliate: ship
|
2024-08-08 21:08:51 +00:00 |
|
|
|
4525df58e0
|
rsyslog: disable
|
2024-08-08 07:40:59 +00:00 |
|
|
|
6dad290cd5
|
duplicity: purge
|
2024-08-07 01:33:31 +00:00 |
|
|
|
d45ea622d1
|
servo: disable email-based registration gating
|
2024-08-06 21:39:32 +00:00 |
|
|
|
c706a19836
|
landlock-sandboxer: rename the binary, so that it can be included on PATH without collisions
|
2024-08-05 22:59:14 +00:00 |
|
|
|
e25dd98f6c
|
spot/spotify: disable
i don't use spotify atm
|
2024-08-05 00:47:59 +00:00 |
|
|
|
0906d76f83
|
libcap_ng: ship
|
2024-08-03 23:27:53 +00:00 |
|
|
|
2b3278eb7f
|
/mnt/$host/home: layer bwrap sandboxing after the drop-privileges passoff
|
2024-08-03 17:11:11 +00:00 |
|
|
|
949a52dee1
|
activationScripts.notifyActive: be quiet about sane-deadlines/sane-sysload
|
2024-08-02 01:11:19 +00:00 |
|
|
|
6aa6c0020c
|
lightning-cli: fix sandboxing
|
2024-08-01 19:59:23 +00:00 |
|
|
|
4ddd4191bc
|
nixpkgs: 2024-07-28 -> 2024-07-29
|
2024-07-30 15:50:04 +00:00 |
|
|
|
6a9fd04437
|
bitcoin-cli: split into own file, and fix broken path to config file when running as user
|
2024-07-29 03:42:52 +00:00 |
|
|
|
666744bda3
|
bitcoin-cli,lightning-cli: ship as own package instead of shipping the whole daemon
|
2024-07-29 03:42:52 +00:00 |
|
|
|
ba09fbeec9
|
bitcoind: fix sandboxing
|
2024-07-29 03:42:52 +00:00 |
|
|
|
0bfaead177
|
sane-deadlines: only show on physical login, not ssh
|
2024-07-29 03:42:52 +00:00 |
|
|
|
1b93dbe12c
|
sane-sysload: show on remote login
|
2024-07-29 03:42:52 +00:00 |
|
|
|
3a6a5ffe01
|
rsyslog: persist logs
|
2024-07-28 01:54:14 +00:00 |
|
|
|
19fd45211f
|
sane-secrets-unlock: remove from ~/.profile and make it an s6 service
more reliable, in practice
|
2024-07-26 22:18:32 +00:00 |
|
|
|
874b7aecfa
|
persist: rename "cryptClearOnBoot" to "ephemeral"
|
2024-07-25 12:11:46 +00:00 |
|
|
|
b21002207a
|
programs: ship exiftool
|
2024-07-23 17:19:50 +00:00 |
|
|
|
3c8b3f2d04
|
programs: add "nix"
this allows me to get it to shup up about so-called 'non-free' packages
|
2024-07-22 10:46:31 +00:00 |
|
|
|
72a78c5f3e
|
nicotine-plus: re-enable
|
2024-07-19 12:44:09 +00:00 |
|
|
|
c0c2aa00f3
|
lgtrombetta-compass: ship
|
2024-07-18 16:40:17 +00:00 |
|
|
|
326e71f7b1
|
sanebox: landlock: restrict net access where applicable
|
2024-07-18 11:54:10 +00:00 |
|
|
|
532d3c13f6
|
eza: sandbox with landlock instead of bwrap
|
2024-07-18 11:43:58 +00:00 |
|
|
|
9f26ad40f9
|
mimetype: sandbox (and remove unneeded mimeopen)
|
2024-07-18 11:43:45 +00:00 |
|
|
|
c72e66a901
|
curl: sandbox
|
2024-07-16 07:23:32 +00:00 |
|
