Commits
Signed-off-by: dawn <dawn@tangled.org>
Signed-off-by: dawn <dawn@tangled.org>
slirp4netns has a bug where it will break host devices on root user
if this is enabled. so to avoid this, let's disable it. the sandboxing
doesn't matter here because slirp4netns runs next to spindle anyway
so if slirp is compromised you have bigger issues, and seccomp is still
enabled, and if you really care your spindle should be a hardened
systemd service anyway.
Signed-off-by: dawn <dawn@tangled.org>
Signed-off-by: dawn <dawn@tangled.org>
Signed-off-by: dawn <dawn@tangled.org>
Signed-off-by: dawn <dawn@tangled.org>
Signed-off-by: dawn <dawn@tangled.org>
We can't trust `content-length` since blob might be gzipped. use `size`
from `getEntry` output instead.
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>
spindle,shuttle,nix: add an alpine microvm image
spindle/microvm: allow user defined binary caches in workflows
shuttle,nix/microvm: get rid of the hacky nix config parsing / rendering, use nix directly so we can access module options
spindle/engine: generalize scheduler out of microvm, make it work-conserving with aging and per-user fairness
spindle/microvm: add resource budget limits and optional cgroup enforcement
Signed-off-by: dawn <dawn@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Signed-off-by: Anirudh Oppiliappan <x@icyphox.sh>
Signed-off-by: eti <eti@eti.tf>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Signed-off-by: Seongmin Lee <git@boltless.me>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Signed-off-by: oppiliappan <me@oppi.li>
- move pages.ParseWith to blog.parseLayout
- blog now builds against a new layouts/blogbase instead of inheriting
appview's base layout
Signed-off-by: oppiliappan <me@oppi.li>
- Add unit and integration tests for sandbox and path behavior
- Define a RuleSpec to construct Landlock ruleset
- Enforce $HOME/.config/git/config for git config (was previously
granting the entirety of $HOME)
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
the target URL for a notif was previously calculated in the template, we
now have this in models.NotificationWithEntity.
Signed-off-by: oppiliappan <me@oppi.li>
- /focus/begin: begin focus mode
- /focus/end: end focus mode
- /focus/next: mark read & move to next focus item
Signed-off-by: oppiliappan <me@oppi.li>
notifications are marked as read when the underlying URL is visited.
this now happens only when *outside* focus mode. when inside focus mode,
the notif is only marked as read on hitting the `next` button on the
focus pill.
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: oppiliappan <me@oppi.li>
down the line, BaseParams will include a bit more data, such as focus
status.
Signed-off-by: oppiliappan <me@oppi.li>
the popover showed on mouseover over the parent div, but the hx request
was fired on the <a> tag inside the div. if you managed to move the
mouse into an area where the div was present but the <a> was not
present, you could trigger a popover but not an hx request, causing the
loader to spin indefinitely.
we now do all events on the same element to prevent this bug.
Signed-off-by: oppiliappan <me@oppi.li>
we already have the profile popover.
Signed-off-by: oppiliappan <me@oppi.li>
when hitting mark-all-read, due to full page refresh, any page title
would be replaced with "notifications". this patch fixes that by
avoiding full page redirect.
Signed-off-by: oppiliappan <me@oppi.li>
slirp4netns has a bug where it will break host devices on root user
if this is enabled. so to avoid this, let's disable it. the sandboxing
doesn't matter here because slirp4netns runs next to spindle anyway
so if slirp is compromised you have bigger issues, and seccomp is still
enabled, and if you really care your spindle should be a hardened
systemd service anyway.
Signed-off-by: dawn <dawn@tangled.org>
spindle,shuttle,nix: add an alpine microvm image
spindle/microvm: allow user defined binary caches in workflows
shuttle,nix/microvm: get rid of the hacky nix config parsing / rendering, use nix directly so we can access module options
spindle/engine: generalize scheduler out of microvm, make it work-conserving with aging and per-user fairness
spindle/microvm: add resource budget limits and optional cgroup enforcement
Signed-off-by: dawn <dawn@tangled.org>
Signed-off-by: Seongmin Lee <git@boltless.me>
Lewis: May this revision serve well! <lewis@tangled.org>
the popover showed on mouseover over the parent div, but the hx request
was fired on the <a> tag inside the div. if you managed to move the
mouse into an area where the div was present but the <a> was not
present, you could trigger a popover but not an hx request, causing the
loader to spin indefinitely.
we now do all events on the same element to prevent this bug.
Signed-off-by: oppiliappan <me@oppi.li>