ef66d2ec72
sane-sandboxed: add support for landlock backend
2024-01-27 03:39:26 +00:00
64878bee67
sane-sandboxed: add SANE_SANDBOX_PREPEND, SANE_SANDBOX_APPEND env vars
2024-01-26 09:14:18 +00:00
c4874c85b1
bubblewrap: debugging
2024-01-26 09:13:00 +00:00
7f002b8718
programs: sane-sandboxed: implement --sane-sandbox-cap for capabilities setting
2024-01-24 06:34:11 +00:00
824630f7d1
programs: sandboxing: document /dev/dri a bit more
2024-01-24 05:28:27 +00:00
57105c6861
sane-sandboxed: autodetect: handle file:/// URIs
2024-01-24 05:00:08 +00:00
3758044e7b
sane-sandboxed: better handle "--"
2024-01-24 04:59:24 +00:00
bfaf098c31
sane-sandboxed: fix handling of --
(which previously smushed arguments)
2024-01-24 02:52:01 +00:00
089f86d5e4
programs: make /usr/bin/env available in the sandbox
...
enables KOReader to run
2024-01-24 01:48:02 +00:00
bdd70f8fa2
sane-sandboxed: ignore the executable path when autodetecting media
2024-01-23 16:32:06 +00:00
bfd5630e21
programs: sandbox: omit media dirs by default, and implement --sane-sandbox-autodetect for programs which are liable to load data from paths
2024-01-23 15:48:12 +00:00
576d2c32f0
programs: support secrets even when sandboxed
2024-01-23 14:57:33 +00:00
25739ec2ba
programs: sane-sandboxed: avoid reading firejail profiles when the backend isnt firejail
...
this should provide a marginal perf gain
2024-01-23 14:57:33 +00:00
f148334b58
programs: port extraFirejailConfig to extraConfig
2024-01-23 14:57:33 +00:00
3a6ee8708e
programs: sane-sandboxed: dont error if network mountpoints are offline
2024-01-23 13:13:31 +00:00
983bf93d8f
programs: sane-sandboxed: make the profile handle arguments with spaces
2024-01-23 12:47:25 +00:00
40cc8f5d1c
programs: sane-sandboxed: make more debuggable
2024-01-23 12:27:23 +00:00
cce03a5dc8
programs: sandbox: use --dev-bind-try for root paths; fixes mpv on moby
2024-01-23 12:18:32 +00:00
98dfc3aa5a
programs: sandbox: allow all programs to access media
...
hopefully this is just a stopgap
2024-01-23 11:36:58 +00:00
27b56b1a12
programs: sane-sandbox: implement a cleaner debugshell and test API
2024-01-23 11:19:52 +00:00
6e9220d2bb
programs: allow programs to specify "sandbox.method = "bwrap"" for bubblewrap sandboxing
2024-01-23 10:44:13 +00:00
0ddcfcaa23
sane-sandboxed: retrieve profiles from /share/sane-sandboxed/profiles so they can be customized without mass rebuilds
2024-01-23 08:01:23 +00:00
a4cb6645b4
programs: indirect firejail access through sane-sandboxed
2024-01-23 04:02:31 +00:00
2492ed2ca7
programs: introduce a sane-sandboxed helper
...
not yet used, but will be soon
2024-01-23 02:29:33 +00:00
f49d2a1e0e
programs: split "makeSandboxed" into its own file
2024-01-23 01:23:14 +00:00
0dc3f4f7f2
modules/programs: move to subdir
...
this will help me factor out helpers
2024-01-23 01:02:04 +00:00
d5901afb8e
programs: firejail: specify profile via : (clarifies to firejail that its an identifier and not a path); invoke firejail via name instead of absolute path
2024-01-22 23:58:54 +00:00
8bf41ea858
programs: fix missing newline in firejail config concatenation
2024-01-22 13:11:47 +00:00
df861a3ef0
programs: firejail: inject custom firejail config through /etc/firejail
...
this improves rebuild times, and makes it easier for packages to inject their own free-form config
2024-01-22 11:12:18 +00:00
60547204a8
sane.programs: firejail: support wrapping "runCommand" packages
2024-01-22 09:16:25 +00:00
dd35136ac0
firejail: fix so /run/wrappers are available inside a jail
2024-01-22 07:18:50 +00:00
0f3f0933b1
mpv: sandbox with firejail
2024-01-22 03:50:28 +00:00
9ecd0adcbe
firefox: sandbox with firejail
...
TODO: get it so open-in-mpv launches an mpv that has access to ~/.config/mpv
i guess this is the 'firejail url problem'
2024-01-21 23:59:15 +00:00
ad92a2e158
programs: abort when no firejail profile is found for a program.
...
in the future, i can whitelist specific binaries to omit their firejail
profiles.
2024-01-21 04:32:49 +00:00
5f5891d241
programs: apply firejail profile to programs which are net isolated
2024-01-21 04:28:48 +00:00
992194a1f0
programs: achieve network sandboxing without "sane-vpn do"
2024-01-21 03:51:12 +00:00
bad6a7bfee
programs: implement "default vpn" with native nix code instead of sane-vpn
2024-01-21 01:04:31 +00:00
66d5e204be
vpn: enforce "id" restrictions
2024-01-21 00:57:46 +00:00
ce35330923
vpn.nix: factor into a proper module
...
this will allow for better integration with 'sane.programs'
2024-01-21 00:49:34 +00:00
59187a0ec0
programs: allow running binaries in a netns-style firejail
2024-01-20 11:11:12 +00:00
fd0723169f
nix-serve: fix coredump loop
2024-01-19 21:34:45 +00:00
43a8ca90a7
feeds: add Cat and Girl
2024-01-16 19:12:25 +00:00
a5c6e41622
feeds: subscribe to POD OF JAKE
2024-01-14 05:20:28 +00:00
812a02bc6b
feeds: add The Dollop podcast
2024-01-14 00:49:29 +00:00
70f059eaac
feeds: subscribe to Jack Stauber
2024-01-13 16:43:41 +00:00
e2a43ddfa0
servo: clightning: allow group members to run lightning-cli
2024-01-11 15:59:32 +00:00
cecb114810
clightning: harden
2024-01-04 18:47:40 +00:00
7378d6c5b2
bitcoind: host behind tor
2024-01-04 16:25:49 +00:00
43498c62f9
clightning: integrate with tor
2024-01-03 18:29:16 +00:00
41ae86f40f
servo: enable clightning
2024-01-03 13:56:42 +00:00
3e52956a3a
servo: clightning: integrate, but do not enable
2024-01-02 18:32:34 +00:00
28d0a72c62
define (but dont activate) a clighting bitcoin service
2024-01-02 14:29:52 +00:00
822653ec10
feeds: vitalik.ca -> vitalik.eth.limo
2024-01-01 03:48:06 +00:00
68502ca944
feeds: add webcurious.co.uk link aggregator
2024-01-01 03:46:52 +00:00
d18e94ea87
feeds: subscribe to linmob.net
2023-12-14 22:20:30 +00:00
3467a5df48
feeds: subscribe Origin Stories
2023-12-13 22:31:58 +00:00
694dd59e27
feeds: subscribe bitsaboutmoney
2023-12-13 22:29:22 +00:00
69bc219efa
ports: fix systemd RandomizedDelaySec typo
2023-12-12 02:14:27 +00:00
4c5fb74c7d
feeds: subscribe to kosmosghost
2023-12-11 04:55:47 +00:00
008a6192d4
mpv: associate with https://youtube.com/ ...
2023-12-11 04:52:49 +00:00
f7a318c937
modules/users: fix services to specify PATH with correct precedence
2023-12-10 15:18:26 +00:00
01de6f84cf
feeds: subscribe to Louis Rossmann
2023-12-09 08:14:16 +00:00
2d06401f3c
feeds: subscribe to Tom Scott
2023-12-06 16:19:37 +00:00
2db56f2499
feeds: subscribe to TheB1M
2023-12-06 16:18:03 +00:00
63ea6d7002
feeds: subscribe to Exurb1a
2023-12-06 16:16:29 +00:00
3e2523cc2c
feeds: subscribe to Cold Fusion
2023-12-06 16:15:25 +00:00
ad3f5e305e
feeds: subscribe to Vox
...
don't @ me
2023-12-06 16:13:08 +00:00
aa5b9e3db3
user services: wrap with user PATH
...
notably, this alllows Fractal to open links with the preferred browser
2023-12-06 16:09:07 +00:00
46123719e9
feeds: subscribe to Vihart
2023-12-06 16:09:07 +00:00
16bce990c6
feeds: subscribe to PolyMatter
2023-12-06 16:09:07 +00:00
d55e387187
feeds: subscribe to Vsauce
2023-12-06 16:09:06 +00:00
e75c3375dc
feeds: subscribe to Channel5 News
2023-12-06 16:08:50 +00:00
b1c7cb367a
feeds: subcsribe to hbomberguy
2023-12-06 15:47:39 +00:00
d63d660ec2
feeds: subscribe to ContraPoints
2023-12-06 15:45:43 +00:00
9704dcc997
feeds: add support for video; subscribe to videos in gpodder
2023-12-06 15:36:05 +00:00
80875d6312
feeds: subscribe to Technology Connections
2023-12-06 15:35:38 +00:00
4cc5eed884
feeds: subscribe to srslywrong.com
2023-12-05 04:25:25 +00:00
8f9c9efca1
feeds: econlib: update feed URL
2023-11-26 02:17:36 +00:00
1cb83032a1
feeds: postmarketOS: update feed url
2023-11-26 02:17:23 +00:00
121e86013e
feeds: add Hard Fork podcast
2023-11-23 05:57:23 +00:00
e0a1dcd51f
refactor: remove modules/data/keys.nix
2023-11-23 03:56:00 +00:00
758281f772
modules/feeds: remove unused parameter
2023-11-23 03:37:18 +00:00
23f4b2e2e4
nixserve: dependency-inject the pubkey
...
this is in modules/ dir; shouldn't have that kind of data in it
2023-11-23 02:14:18 +00:00
2d65282643
nixremote: define the user as part of the nixserve module
2023-11-23 02:08:45 +00:00
77a0a36bb8
enable remote-building for lappy/moby
2023-11-23 01:59:37 +00:00
3ff9c0ad0c
add a "nixremote" user for remote bulding (experimental; builds arent actually enabled yet)
2023-11-23 01:27:28 +00:00
52b59bcde8
feeds: add Mic92 (nix dev)
2023-11-19 10:55:51 +00:00
91c2f6fc95
implement sane.programs.slowToBuild and {moby,desko,lappy}-light targets
...
i'm not sure this is the exact right abstraction, but it's a starting point
2023-11-18 22:06:42 +00:00
ad495301c0
feeds: add Jeff Geerling
2023-11-18 00:23:58 +00:00
cd79be5414
feeds: remove unused fields
2023-11-10 17:27:51 +00:00
6acd363f55
sane.persist.root-on-tmpfs -> sane.root-on-tmpfs
2023-11-09 00:15:04 +00:00
23c46079a9
image: allow configuring the sector size
2023-11-08 16:42:25 +00:00
28d4a4b065
persistence: move stores behind a byStore attr to support disabling persistence altogether (for e.g. rescue image)
2023-11-08 15:33:15 +00:00
25e314c02e
blogs: follow artemis.sh
2023-11-01 04:38:04 +00:00
6191542805
nix-serve: port 5000 -> 5001; prosody: enable proxy65 on port 5000
2023-10-20 04:48:30 +00:00
3942ae0f1b
feeds: subscribe to Benjamin Mako
2023-10-18 21:57:56 +00:00
fa65b0b92e
feeds: add Samana Harihareswara
2023-10-18 21:53:51 +00:00
697ae02797
podcasts: The Daily: port to db
2023-10-18 21:37:12 +00:00
ab35a46e5f
podcasts: sub Tech Wont Save Us, Trash Future
2023-10-18 21:35:36 +00:00
90b1215a89
s/types.string/types.str/
2023-10-17 22:46:02 +00:00
827d9626d6
ports: actually forward ovpns
ports into the root namespace
2023-10-17 09:42:13 +00:00
5cfde63d5d
wowlan: document theory on wake failure
2023-10-11 10:01:15 +00:00
6dd1d5759b
wowlan: document a new failure mode/workaround
2023-10-10 21:33:34 +00:00
2de947d96e
wowlan: move the implementation into sxmo_suspend.sh instead of a systemd service
2023-10-10 09:26:48 +00:00
85e5d30b0f
wowlan module: port to rtl8723cs-wowlan python script
2023-10-10 08:34:02 +00:00
114df5efab
wowlan: enable CONFIG_ARP_KEEP_ALIVE (experimental)
2023-10-10 05:24:57 +00:00
a9ddfb2752
WIP: sxmo: port to systemd
2023-10-09 00:25:03 +00:00
4682ca32e2
wowlan: document another failure
2023-10-09 00:25:03 +00:00
cf553b1386
wowlan: more documentation
2023-10-08 00:00:26 +00:00
e40cbaf1cf
wowlan: document more about disconnections detection
2023-10-07 21:51:33 +00:00
19b8c0c923
wowlan: document known issues
2023-10-07 21:29:55 +00:00
e5125065d6
eg25-control: add a timeout to how long a power-on can take
2023-10-07 04:27:14 +00:00
6c6e1ee84b
moby: add gps-related services to the "dialout" group
2023-10-03 01:01:06 +00:00
43fc050eed
feeds: subscribe to FasterThanLime
2023-09-29 18:23:14 +00:00
bdf049d9e4
moby: wowlan: also wake on ARP requests (experimental)
2023-09-28 20:55:18 +00:00
9205e076c5
modules/wowlan: move options to "ipv4" attrset for future protocol expansion
2023-09-28 20:09:04 +00:00
ebbef901c1
wowlan: document VPN shortcomings
2023-09-27 01:32:50 +00:00
1ef203ee07
wowlan: docs: caveats
2023-09-27 01:30:06 +00:00
ca645ed23d
wowlan: remove the version/ip header length match
2023-09-27 01:26:51 +00:00
742ed50960
moby: configure wake-on-lan
2023-09-27 01:04:53 +00:00
21838afc0d
feeds: subscribe to turnoff.us
2023-09-25 23:09:56 +00:00
de12a2200e
feeds: add amosbbatto
2023-09-25 12:09:38 +00:00
083bdad88f
feeds: update metadata for all
...
this should fix a couple broken feeds whose URL changed, but most changes here are inconsequential
2023-09-24 12:25:04 +00:00
2f7655e1c1
eg25-control: don't auto-start GPS on boot
...
this also means we don't power the modem on boot
this is OK to do now that i have a toggle in swaync for GPS
2023-09-15 16:55:27 +00:00
71c01795f4
moby: eg25-control-freshen-agps: fix to actually run hourly
2023-09-15 07:35:05 +00:00
2291c89dbc
moby: eg25-control: fixup perms & add service that DLs new agps data when stale
2023-09-15 04:47:12 +00:00
1546304b4e
eg25-control: run as own user
...
its perms might still need adjustment so that it can control modem power and write to mmcli
2023-09-15 03:54:01 +00:00
a0c2ed38e6
eg25-control: allow finer-grained service control
2023-09-15 01:38:50 +00:00
9ad1be40b2
persist: stores: crypt: remove unrecognized nodev flag
2023-09-13 06:07:04 +00:00
910d0fa59e
persist: remove the nosuid flag since gocryptfs cant parse it here
2023-09-13 05:13:43 +00:00
7bef6b4089
modules: users/programs: cleaner option passthrough
2023-09-12 05:44:53 +00:00
8011e78e21
persist: cryptClearOnBoot: note rare (but predictable) bug during redeploy
2023-09-12 04:58:56 +00:00
3e33313bf0
programs: add a "services" option which forwards into the user config
2023-09-12 04:44:07 +00:00
6138291a8d
users: add a "services" option via which to configure per-user systemd services
2023-09-12 04:43:23 +00:00
6addf5a3b2
fs: symlink: add an option by which to control the symlink target name
2023-09-12 04:41:32 +00:00
0da8d282fe
feeds: add Andrew Heaton - Political Orphanage
2023-09-09 02:33:48 +00:00
51ecf1b54b
sxmo: fix sxmo_hook_init.sh -> sxmo_hook_start.sh
2023-09-05 17:31:33 +00:00
f62c844aaf
modules: fs: allow symlink target to be a path
2023-09-05 17:21:02 +00:00
68bce9c8b7
ports: if they fail to forward, retry after some interval
2023-09-01 00:30:32 +00:00
ded5d94d69
modules: fs: add a "text" type to populate static text files when symlinks wont do
2023-08-31 12:56:30 +00:00
ff39fc5d95
ports: make upnp service files more human-readable
2023-08-31 01:02:48 +00:00
1c7997e1ef
rename eg25-control-defaults.service -> eg25-control
2023-08-28 08:03:14 +00:00
5d349ce042
moby: init GPS during boot
2023-08-22 04:53:40 +00:00
17b90fc697
eg25-manager: configure without modemmanager support
2023-08-17 08:34:32 +00:00
ef881b1392
podcasts: subscribe to Useful Idiots
2023-08-16 22:03:40 +00:00
debea8fa5b
podcasts: subscribe to Behind the Bastards
2023-08-16 21:58:51 +00:00
8a9acbaeea
podcasts: subscribe to We're Not Wrong
2023-08-16 21:58:07 +00:00
8869ec7bca
podcasts: subscribe to omegatau
2023-08-16 21:54:55 +00:00
4ec947d549
eg25-manager: set RestartSec to make the restart loops less painful
2023-08-16 09:09:13 +00:00
db99043753
eg25-manager.service: remove modem_power module & point to the right UART
2023-08-15 10:46:18 +00:00
664b21e5f1
enable eg25-manager (experimental)
2023-08-10 07:27:38 +00:00
8dc568d52e
ship mate.engrampa as archive manager (after getting it to cross compile)
2023-08-07 03:43:37 +00:00
dcf97b70e1
programs: use the declPackageSet
helper
2023-08-02 21:20:50 +00:00
1ba877b325
upnp-forward: add a timeout to the unit
...
especially, this lets the target die, and the timer restart, when the UPNP stuff hangs
2023-07-31 11:06:04 +00:00
9ca8c74ed7
feeds: add wireshark podcast
2023-07-31 00:11:47 +00:00
f59da7ad0f
feeds: add minding our way
2023-07-28 01:14:28 +00:00
183457444c
feeds: add Ezra Klein show
2023-07-28 01:08:19 +00:00
28a91723b8
feeds: add Atlas Obscura podcast
2023-07-28 01:06:15 +00:00
535bbd2c0b
sane.{programs,user}.fs: pass fs values onto sane.fs unmerged
...
notably, this allows ~/.config/zsh/.zshrc to be specified by more than one location, and for the values to not overwrite one another
2023-07-18 11:25:27 +00:00
11a4b7006e
upnp-forwards: fix timer to actually run every hour
2023-07-18 09:54:06 +00:00
23e95ba2ba
modules: fs: symlink.text: allow specifying it multiple times
2023-07-18 02:17:25 +00:00
ebcc0c269e
trust-dns: remove from this repo
...
it's fully upstreamed into nixpkgs now
2023-07-16 12:27:23 +00:00
8788a8c67a
servo: upnp-forwards.timer: fix to invoke upnp-forwards.target instead of upnp-forwards.service
2023-07-15 22:08:55 +00:00
088286d8f7
mime: support multiple implementors of the same association, with different priorities
2023-07-15 10:11:31 +00:00
55d64eb598
programs: factor out a sane.programs.<foo>.mime
schema
2023-07-15 08:44:18 +00:00
44b15ba8ed
users: apply default permissions to any user who goes through the sane.users module
2023-07-14 23:56:01 +00:00
e38bf42506
trust-dns: migrate module to nixpkgs repo
2023-07-13 09:57:11 +00:00
8b3521d08f
fixup sxmo persistence (prev two commits don't build
2023-07-13 07:17:09 +00:00
4a7398da2f
trust-dns: finish hardening
2023-07-13 01:33:31 +00:00
8e94d77b0f
ports: create a separate systemd service per port forward
...
this allows one failed forward to not take down all forwards
2023-07-11 01:56:59 +00:00
f765e3d030
sane-ip-check: also store the upnp gateway
2023-07-11 00:55:04 +00:00
452260f7c7
trust-dns: don't run as root
2023-07-10 09:00:37 +00:00
b648aca505
trust-dns: link to docs in service file
2023-07-10 08:12:07 +00:00
8c4af55f82
trust-dns: apply some hardening (still need more)
2023-07-10 08:00:45 +00:00
23fb37a3e9
fs: have nodes require
their parent instead of the weaker want
...
this may fix it so spurious (failed) mounts of ~/private *don't* create a bunch of directories that later cause a real mount to be impossible
2023-07-10 05:58:30 +00:00
db72f5e11f
fs: generated.script.scriptArgs -> generated.command
2023-07-08 11:15:23 +00:00
8753e5e0c6
fs: remove legacy generated.script.script
option
2023-07-08 11:15:23 +00:00
558b35fee0
prepare fs.generated.script users to not assume a shell
2023-07-08 11:15:23 +00:00
3ce2716fbe
fs: factor out the ensureSymlink/ensureDir/ensurePerms scripts
2023-07-08 10:35:10 +00:00
e9293dbe07
fs: fix raciness that was causing ensure-xyz
services to run multiple times per boot
2023-07-08 09:08:59 +00:00
f18d624fd9
fs: avoid creating a new script for every fs entry
2023-07-08 09:00:49 +00:00
8f57394cd2
persist: create the backing path as a dependency of the VFS path
2023-07-08 02:08:18 +00:00
01b8a28a52
programs.fs: remove extraneous wantedBeforeBy
clause
...
it's provided by `sane.user.fs`
2023-07-08 02:06:44 +00:00
b42207882e
programs.persist: fix to allow any options that underlying persist allows
2023-07-08 02:06:18 +00:00
0a519eddb4
persist: allow persisting of individual files, not just directories
...
i actually do already, with ~/.ssh/id_ed25519 -- it works only as a fluke
2023-07-08 01:31:14 +00:00
acf89a041e
modules/programs: cleanup with
statements
2023-07-03 07:55:05 +00:00
9340d5f391
programs: remove explicit default definitions
2023-07-03 07:49:44 +00:00
9f1d61c781
programs: remove quadratic behavior
2023-07-03 07:16:24 +00:00
83e48eabad
WIP: decrease quadratic operations in modules/programs.nix
2023-07-03 07:04:57 +00:00
9b9273b725
programs: call out some quadratic behavior; i can try to fix it in the future
2023-07-03 06:41:48 +00:00
ccaff668c1
sane-lib: path: fix from
bug; tidy
2023-07-03 05:28:53 +00:00
9777e5f83c
trust-dns: rework the module to be more suitable for upstreaming
...
still need to do hardening and docs
2023-07-02 08:21:33 +00:00
3df165593c
web browser: set $BROWSER environment variable
...
this gets used as fallback by e.g. xdg-email
2023-06-30 08:50:58 +00:00
dbd312e9bd
guest: enable access to shelvacu
2023-06-29 09:11:22 +00:00
68cda2006b
cleanup/refactor users
2023-06-28 03:46:29 +00:00
6676935ee1
feeds: add The Linux Experiment
2023-06-28 03:05:45 +00:00
40ec4d6ce0
programs: allow programs to ship system-level environment variables
2023-06-27 10:24:48 +00:00
0751e748ea
feeds: add PostmarketOS podcast
2023-06-25 22:22:32 +00:00
ec3a7067b6
modules/programs.nix: fix eval error when a program is suggestedBy multiple enabled packages
2023-06-23 02:05:26 +00:00
3d56117d65
gocryptfs: remove "defaults" flag
2023-06-10 23:21:42 +00:00
1724ac60e5
feeds: update URL for The Intercept
2023-06-10 23:08:51 +00:00
bf168c7f0f
feeds: update URL for Deconstructed
2023-06-10 22:59:44 +00:00
4fd4efa22f
DNS: split the zone generation out of trust-dns
...
this is in preparation for upstreaming parts of this into nixpkgs
2023-06-08 00:32:28 +00:00
c44f69a01f
modules/services/dyn-dns: specifc sane-ip-check* more irectly
2023-06-07 08:00:43 +00:00
adbc2a76c3
modules/ports.nix: specify sane-ip-port-forward more directly
2023-06-07 08:00:43 +00:00
d6bde02dfe
feeds: update URL for Acquired podcast
2023-06-01 00:04:54 +00:00
d07bb03936
feeds: update URL/title for _ACQ2_
2023-05-31 23:57:08 +00:00
1ab2f42ff4
feeds: update URL for _The Portal_
2023-05-31 23:54:46 +00:00
287817056f
refactor: sane.services.wan-ports -> sane.ports
2023-05-31 04:25:39 +00:00
5cc7ced859
dns: rework so that we branch to the LAN v.s. WAN results based on source IP of the query -- not interface.
...
this simplifies the UPnP forwards and the OVPN routing
2023-05-31 00:56:52 +00:00
4dc5378b3e
dns: give different results based on which port the request arrives from
...
WAN and VPN requests are served by local port 1053 and `wan.uninsane.org`.
LAN requests are served by port 53 and `servo.lan.uninsane.org`.
i'm not *super* fond of this. a recursive resolver of uninsane.org via the VPN will only ever get WAN addresses (broken).
we may prefer to do IP-based responses, maybe via the same Linux firewall rules that forward from VPN namespace to root namespace
2023-05-30 12:00:30 +00:00
35c9f2bf60
servo: enable UPnP port forwarding timer
2023-05-28 20:38:24 +00:00
c1ddddddc0
ports: hide behind services.sane.wan-ports
...
later i will use this to enable UPnP on relevant ports
2023-05-26 23:28:30 +00:00
7e402ce974
dyn-dns: obtain IP address via UPnP
2023-05-26 22:40:50 +00:00
ace9d71d0e
nix-serve: fix typo
2023-05-18 11:07:51 +00:00
fb427e55e8
secrets: define these by crawling the repo to decrease duplication
2023-05-14 09:50:01 +00:00
318efe09e2
secrets: split desko.yaml into one-secret-per-file
2023-05-14 02:29:30 +00:00
9d6629ad12
feeds: subscribe tuxphones.com
2023-05-12 07:45:42 +00:00
59a2259105
feeds: add theregister.com
2023-05-09 22:53:06 +00:00
51c7ccd782
feeds: subscribe Morning Brew
2023-05-08 21:50:59 +00:00
74ed7bff11
programs: remove wantedBy
from the fs, and make it implicit
2023-05-08 21:41:02 +00:00
89f28e63b4
fs: leave a note about trying lazyAttrs
2023-05-08 09:50:10 +00:00
f89f136041
sane.programs: allow per-program config (and port web-browser to use that)
2023-05-08 09:49:58 +00:00
2450bb6f06
refactor package layout to conform better with NUR expectations
2023-05-02 01:27:51 +00:00
44195a7d87
programs: ship /home secrets correctly
2023-04-26 03:46:18 +00:00
9c09d03e5c
programs: add per-program secrets
2023-04-26 00:19:33 +00:00
1f2c9a9a5e
refactor hosts/common/home to use sane.programs
API
2023-04-24 07:22:33 +00:00
337fb9e9d9
sane.programs: allow programs to define files, as per sane.fs
2023-04-24 06:49:56 +00:00
e7f02c057e
steam: integrate into sane.programs, and enable for lappy
2023-04-23 23:21:08 +00:00
b11759a0a6
Merge branch 'master' of git.uninsane.org:colin/nix-files
2023-04-18 06:10:47 +00:00
6af0d54e7b
matrix: re-enable signal bridge
2023-04-18 06:10:17 +00:00
f87c115f7c
RSS: subscribe to JMP.chat
2023-04-18 05:50:47 +00:00
bf3e0ad790
feeds: subscribe to capitol hill seattle blog
2023-04-03 07:01:51 +00:00
a09736e60b
RSS: add Poorly Drawn Lines (comic)
2023-03-28 23:03:10 +00:00
bdfdcfd164
RSS: add... unpronouncable hacker :P
2023-03-28 23:03:06 +00:00
adf72fc9d4
modules/fs: escape shell args
2023-03-22 19:52:04 +00:00
f1b47e5de9
RSS: (re-)subscribe to UnNamed Reverse Engineering Podcast
2023-03-21 01:23:36 +00:00
3c6c466d87
RSS: subscribe to ACQ2 / Acquired 2 podcast
2023-03-21 01:02:11 +00:00
16bf03d8be
RSS: subscribe Maggie Killjoy/Cool People Who Did Cool Stuff
2023-03-21 00:56:10 +00:00
ca1015d579
feeds: add This Week In Rust
2023-03-16 11:02:37 +00:00
c5c1378f59
trust-dns: properly quote TXT records
2023-03-14 11:34:48 +00:00
0cf4c3ff80
feeds: add thisweek.gnome.org
2023-03-11 10:30:29 +00:00
dc1cd7a9a5
sane.persist: make it default-true for my hosts
2023-03-11 08:36:14 +00:00
eae8ef11c8
feeds: subscribe to MAPS
2023-03-08 23:35:45 +00:00
edf21e6837
feeds: subscribe to Daniel Huberman podcast
2023-03-08 23:09:24 +00:00
0ecc08b49d
feeds: subscribe to LessWrong Curated
2023-03-08 22:52:08 +00:00
6eb8191514
feeds: subscribe to Aaron Scott / textfiles.com
2023-03-08 09:41:27 +00:00
017aa335b1
servo: dyn-dns: have getIp
command use a fallback
2023-02-21 11:25:34 +00:00
e0a6f8ea4a
flake: add host-pkgs.<host>.<pkg>
output
...
this builds packages precisely as they are defined by the given host.
significant for testing whether a cross-compiled host builds things
correctly, for example.
2023-02-05 19:34:32 +00:00
7ce0c34f43
sway: specify dependent packages more idiomatically, and fix bug where phosh wasn't actually shipping its dependents
2023-02-04 00:43:00 +00:00
afb006f6ec
programs: port last users & remove the old packages.nix
2023-02-03 05:26:57 +00:00
a76cf03232
remove unused "enableDevPkgs" option
2023-02-03 05:18:38 +00:00
9c24f24306
programs: port GUI apps to new config system
2023-02-03 05:08:52 +00:00
736999eea6
programs: port console packages to new config system
2023-02-03 04:24:17 +00:00
979ed38506
programs: make system
be some type of meta-program/package
2023-02-03 04:03:22 +00:00
46285852d0
modules: add a sane.programs
interface which i can use going forward in place of sane.packages
2023-02-03 03:38:23 +00:00
0e756d5064
packages: add sox
sound converter
2023-02-02 10:23:01 +00:00
a52ead5aec
nit: document what "foliate" application is
2023-02-02 00:21:07 +00:00
a0861edc5f
packages: enable kitty on servo to fix login error
2023-01-31 06:43:02 +00:00
5f24e029af
persist stores: make private/crypt support backing stores that aren't /nix/persist
2023-01-31 03:38:41 +00:00
98b542332b
persist: crypt store: make paths overridable
2023-01-31 03:36:15 +00:00
70b62e9f76
persist stores: define the path for private
at the host level
2023-01-31 03:29:53 +00:00
7c81df00df
move nixcache.nix from modules -> hosts/modules
2023-01-30 11:25:46 +00:00
854977c3aa
move duplicity
out of modules -> hosts
2023-01-30 11:11:42 +00:00
3653776399
cleanup: modules/users.nix: allow explicitly setting home
, if needed
2023-01-30 11:06:47 +00:00
e4bff9b5ef
refactor: persist: remove dead code
2023-01-30 10:51:41 +00:00
ec22c128e0
remove reference to /home/colin from modules/persist
2023-01-30 10:48:32 +00:00
77cc560052
use sane.user.persist instead of sane.persist.home
2023-01-30 10:35:03 +00:00
c1f3fc502d
sane.users.<user>.persist: forward to sane.persist.home
2023-01-30 10:34:36 +00:00
4d3248d315
lib: mkTypedMerge: fix to work with recursive attrsets
2023-01-30 10:33:59 +00:00
a1a711190f
refactor: make use of sane.user
2023-01-30 09:13:43 +00:00
ee9a2b320d
add a sane.user option which is shorthand for the default user
2023-01-30 08:53:40 +00:00
870afec07e
add which is shorthand to define a fs entry inside that user's home
2023-01-30 08:32:55 +00:00
216c812f7b
remove config.sane.home-manager.enable as it was always set anyway
2023-01-30 02:10:12 +00:00
f66de76b76
disable home-manager
2023-01-30 01:54:57 +00:00
427ee669c5
refactor: home.packages: move out of home-manager
2023-01-30 01:53:59 +00:00
8e81b5827c
remove dead sane.home-manager.windowManager
option
2023-01-30 01:51:36 +00:00
cb3e7623ae
refactor: modules/gui/default.nix: fold into hosts/modules/gui/default.nix
2023-01-30 01:49:51 +00:00
a9cf619a14
plasma: move modules/gui/plasma.nix -> hosts/modules/gui/plasma.nix
2023-01-30 01:44:32 +00:00
02100ed1a2
plasma-mobile: move modules/gui/plasma-mobile.nix -> hosts/modules/gui/plasma-mobile.nix
2023-01-30 01:43:33 +00:00
ae22865099
gnome: move modules/gui/gnome.nix -> hosts/modules/gui/gnome.nix
2023-01-30 01:42:12 +00:00
6c85c6ecd8
handbrake: disable on aarch64-linux
2023-01-30 01:40:12 +00:00
161bbc1159
phosh: move out of modules/gui/phosh.nix -> hosts/modules/gui/phosh.nix
2023-01-30 01:39:20 +00:00
443100daa4
sway: move out of home-manager
2023-01-29 08:11:52 +00:00
ed70e045cb
waybar: fix by specifying bars as list instead of attrs (wtf home-manager?)
2023-01-29 08:07:03 +00:00
fd19802e91
WIP: fixup sway bugs
2023-01-28 12:25:12 +00:00
d84846e293
refactor: sway: port away from home-manager
2023-01-28 11:13:54 +00:00
1958c1f36b
refactor: port waybar config out of home-manager
2023-01-28 09:58:18 +00:00
67299ebfd7
nix-index: move out of home-manager -> nixos
2023-01-28 09:44:32 +00:00
adecfbaea4
refactor: home-manager: remove dead sysconfig
hack
2023-01-28 09:31:09 +00:00
e0a3979b65
refactor: mimeapps: port from home-manager -> nixos
2023-01-28 09:23:41 +00:00
4d84ca0878
refactor: xdg.conf: move out of home-manager
2023-01-28 03:57:35 +00:00
1ae8ab2550
refactor: ~/.cache/nix-index: persist in common/users.nix instead of home-manager
2023-01-28 03:48:37 +00:00
ed1380ba70
libreoffice config: move out of home-manager
2023-01-28 03:45:51 +00:00
e1b8d3ccc3
zsh: move out of home-manager
2023-01-28 03:40:26 +00:00
392ad7c674
zsh: port from home-manager to nixos
2023-01-28 03:39:13 +00:00
4026334e51
neovim: move out of home-manager
2023-01-28 00:20:40 +00:00
2269016736
neovim: port to nixos config instead of home-manager
2023-01-28 00:19:48 +00:00
f2c61d64b7
mpv: move out of home-manager
2023-01-27 08:12:37 +00:00
840c2feba5
mpv: specify config by sane.fs instead of home-manager
2023-01-27 08:11:59 +00:00
4603f0fd8e
kitty: move out of home-manager
2023-01-27 08:09:03 +00:00
64704d361b
kitty: configure via sane.fs instead of home-manager
2023-01-27 08:08:22 +00:00
7df18686e0
git: move out of home-manager
2023-01-27 07:57:42 +00:00
aee928dac0
git: populate with sane.fs instead of home-manager
2023-01-27 07:55:38 +00:00
76c0c3dc6a
vlc: move out of home-manager
2023-01-27 07:34:07 +00:00
796988bdeb
sublime-music: move out of home-manager
2023-01-27 07:33:23 +00:00
31d28ccf23
ssh: move out of home-manager
2023-01-27 07:19:04 +00:00
a298678622
splatmoji: move out of home-manager
2023-01-27 07:18:13 +00:00
32eb3b1998
newsflash: move out of home-manager
2023-01-27 07:17:27 +00:00
7a726b8d08
keyring: move out of home-manager
2023-01-27 07:15:45 +00:00
3edbb1c873
gpodder: move out of home-manager
2023-01-27 07:12:29 +00:00
d94687e8cc
gfeeds: move out of home-manager
2023-01-27 07:11:31 +00:00
641ffc3452
firefox: move out of home-manager
2023-01-27 07:09:10 +00:00
fa8016db67
aerc: migrate out of home-manager directory
2023-01-27 07:08:03 +00:00
42c2d93306
firefox: persist just the ~/.mozilla/firefox/default profile dir
2023-01-27 01:52:00 +00:00
f6f8d0e19d
sane-lib.fs: new wantedDir
helper
2023-01-27 01:51:35 +00:00
8ad4d8a4f9
nits: fix comments/improve docs
2023-01-27 00:00:50 +00:00
6006b84f9e
moby: disable metamask
2023-01-26 23:35:57 +00:00
d6f87c7ee7
formatting: firefox: sort addons by name/attr
2023-01-26 23:31:46 +00:00
028d78437b
firefox: make all addons externally configurable
2023-01-26 23:30:56 +00:00
0539bb8fd5
firefox: factor out the addons a little
2023-01-26 23:17:06 +00:00
b358cbe02a
feeds: rifters: port to db
2023-01-26 00:07:29 +00:00
64cd562824
feeds: IEEE spectrum: port to db
2023-01-26 00:05:50 +00:00
749f59a4af
feeds: palladium: port to db
2023-01-26 00:04:17 +00:00
77d5ff623e
feeds: Profectus: port to db
2023-01-26 00:02:55 +00:00
6386abb8c6
feeds: SemiAccurate: port to db
2023-01-26 00:01:28 +00:00
28f8434c53
feeds: vitalik.ca: port to db
2023-01-26 00:00:16 +00:00
30fafb4837
feeds: sagacious suricata: port to db
2023-01-25 23:59:23 +00:00
c7205ed668
feeds: bunnie juang: port to db
2023-01-25 23:58:43 +00:00
c69c6612fe
feeds: Daniel Janus: port to db
2023-01-25 23:57:53 +00:00
6951b277ad
feeds: ian henry: port to db
2023-01-25 23:57:00 +00:00
1167c9bd0c
feeds: bitbashing: port to db
2023-01-25 23:56:22 +00:00
8537fe411b
feeds: idiomdrottning: port to db
2023-01-25 23:55:36 +00:00
1fb2ddbecc
feeds: jefftk: port to db
2023-01-25 23:52:00 +00:00
27608cb8c7
feeds: pomeroyb: port to db
2023-01-25 23:51:12 +00:00
33ee59e80d
feeds: miniature-calendar: port to db
2023-01-25 23:49:52 +00:00
edacc28e4a
feeds: smbc: port to db
2023-01-25 23:45:49 +00:00
99780e30bc
feeds: pbfcomics: port to db
2023-01-25 23:45:16 +00:00
140dd05bd1
feeds: xkcd: port to db
2023-01-25 23:44:06 +00:00
c35bc92ac9
feeds: Sean Carrol/Preposterous Universe: port to db
2023-01-25 23:40:55 +00:00
16b92f98e7
feeds: put a num on it: port to db
2023-01-25 23:38:58 +00:00
576b63da9c
feeds: sideways view: port to db
2023-01-25 23:35:39 +00:00
e434add20d
feeds: Overcoming Bias: port to db
2023-01-25 23:34:30 +00:00
d288086aa2
feeds: roots of progress: port to db
2023-01-25 23:32:53 +00:00
e9c0f692d8
feeds: gwern: port to db
2023-01-25 23:32:11 +00:00
5a75d0f56b
feeds: richardcarrier: port to db
2023-01-25 23:29:58 +00:00
a222cf18a3
feeds: port slimemoldtimemold to db
2023-01-25 23:29:17 +00:00
45b9ee763b
feeds: applied divinity studies: port to db
2023-01-25 23:28:23 +00:00
50a2196495
feeds: unintended consequences: port to db
2023-01-25 23:27:15 +00:00
e4419ffad4
feeds: stpeter.im: port to db
2023-01-25 23:26:23 +00:00