b11c1c285c
merge: harden ephvm
2026-04-23 23:38:54 +02:00
0c17996d16
feat: tighten ephvm perms, zstd compress qcow2
...
lock /home/matej/.config to 0700 (was 0755). post-process qcow2
with parallel zstd on qcow2 v3 via qemu-img convert; smaller
image and faster decompress than the built-in qcow2-compressed.
2026-04-23 21:32:04 +00:00
9ffc640c44
feat: prune vm-guest module
...
drop services.qemuGuest.enable (unused — serial + ssh cover
everything), drop sshfs package (unused), drop boot.kernelModules
for 9p since initrd availableKernelModules autoloads on first
mount.
2026-04-23 21:30:32 +00:00
fbcded1f9d
feat: ephvm-run.sh virtio devices, require kvm
...
explicit virtio-blk-pci (cache=writeback, discard=unmap,
detect-zeroes=unmap, aio=threads), virtio-net-pci, virtio-rng-pci
for guest entropy. hard-require /dev/kvm and always pass -cpu host;
drop the tcg fallback since this host always has kvm.
2026-04-23 21:29:57 +00:00
082057226d
feat: ephvm-run.sh resilience
...
poll for real SSH banner instead of TCP accept (qemu's user-mode
nic accepts before guest sshd is listening), preserve qemu log
on abnormal exit for inspection, use a throwaway ed25519 key
since the guest accepts any key.
2026-04-23 21:29:24 +00:00
620acf68a6
feat: harden ephvm-run.sh
...
reject running as root, bind ssh hostfwd to 127.0.0.1 only,
reject commas in --mount and claude paths (prevents -virtfs csv
injection), pre-check --mount path exists, enable qemu seccomp
sandbox.
2026-04-23 21:28:51 +00:00
2fcdee5d81
feat: set XDPW_PERSIST_MODE="permanent"
2026-04-23 23:14:45 +02:00
c01f797e79
chore: bump lockfile
2026-04-22 00:10:04 +02:00
59a2bfa126
chore: update claude-code to v2.1.116
2026-04-22 00:08:31 +02:00
e486bb28b0
feat: enable hM.neovim.sidloadInitLua
2026-04-22 00:06:16 +02:00
d33fd60ce4
feat: switch from vesktop to discord
2026-04-21 23:39:57 +02:00
37428d922b
feat: add plymouth option to bootloader
2026-04-21 22:43:13 +02:00
b1cfe1e31b
feat: initrd infinite default device timeout
2026-04-21 22:42:33 +02:00
df2bc27f54
chore: blame ignore 77236af589
2026-04-21 22:11:33 +02:00
77236af589
chore: run format
2026-04-21 22:09:39 +02:00
f71d156ea8
feat: enable cache fallback
2026-04-21 10:08:08 +02:00
0c517e0957
chore: bump lockfile
2026-04-20 07:33:32 +02:00
37620c76fe
chore: bump claude-code to v2.1.114
2026-04-20 07:32:02 +02:00
ac76b8c842
feat: systemd-networkd during initrd
2026-04-16 23:36:10 +02:00
df7c4cec83
feat: bump claude-code to v2.1.112
2026-04-16 23:10:00 +02:00
5b52e41496
feat: self-package claude-code
2026-04-16 22:59:01 +02:00
a60b40eeac
feat: propagate XDG_DATA_DIRS to dbus/systemd
2026-04-15 09:45:21 +02:00
b341f7f4fc
feat: setup mime apps
2026-04-15 00:25:07 +02:00
571fb2ff99
chore: blame ignore 2204b12fad
2026-04-13 23:04:46 +02:00
2204b12fad
chore: run lint & format
2026-04-13 23:04:16 +02:00
df2ee459a1
feat: improve cache-builder service trigger
2026-04-13 11:53:41 +02:00
f7d86e7718
feat: improve ephvm ux
2026-04-13 11:48:18 +02:00
2e5eb92e32
chore: bump lockfile
2026-04-13 00:22:51 +02:00
f30b03cc04
fix: enable dhcp in initrd if no static ip
2026-04-13 00:20:36 +02:00
c7fb218511
merge: feature improvements
2026-04-12 23:33:33 +02:00
3caace87d3
refactor: update hosts and feature lists for new architecture
2026-04-12 23:33:14 +02:00
8793f97a04
feat: add udev, onepassword, bootloader, power features
2026-04-12 23:33:07 +02:00
b8509196d5
feat: merge greeter into sway, yubikey into gnupg, automount into vm-guest
2026-04-12 23:33:01 +02:00
e1d136bd2f
feat: merge desktop + desktop-minimal + calibre with sub-options
2026-04-12 23:32:55 +02:00
898751576d
feat: add zsh + git features, redesign shell
2026-04-12 23:32:47 +02:00
6770bc76a2
refactor: mkHost load-all infrastructure and convert simple features
2026-04-12 23:32:28 +02:00
3ff4583017
merge: fortress host
2026-04-10 22:51:26 +02:00
f85980190e
feat: prepare initial fortress host
2026-04-10 16:40:55 +02:00
8e5557921d
feat: prepare minimal features for fortress
2026-04-10 16:05:34 +02:00
216328927d
feat: improve dev-components with --extra
2026-04-09 17:05:33 +02:00
86e8fe7397
feat: filedrop via sftp
2026-04-09 13:44:28 +02:00
0fa91d4f40
feat: migrate home-manager to 26.05
2026-04-07 13:54:50 +02:00
07334db7ee
chore: bump lockfile
2026-04-07 13:54:44 +02:00
a08f824d0e
feat: rename steam to gaming and add prismlauncher
2026-04-07 13:28:51 +02:00
dd4fc4eff3
feat: switch to unstable channel
2026-04-05 14:43:26 +02:00
89e36c5096
chore: bump lockfile
2026-04-02 12:56:34 +02:00
c29f4d0624
merge: harmonia
2026-04-02 00:12:30 +02:00
cffd90db69
feat: add harmonia and nix-community substituters
2026-04-02 00:12:06 +02:00
7faddd053b
feat: add harmonia cache server
2026-04-02 00:11:51 +02:00
71cd268f79
feat: restructure dev-components/dev-registry with direnv
2026-04-01 22:50:00 +02:00
