dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
598,505 Commits 3 Branches 0 Tags 4.3 GiB
60fbf92c10
Commit Graph

18365 Commits

Author SHA1 Message Date
github-actions[bot]
60fbf92c10
Merge master into staging-next 2024-03-16 18:01:00 +00:00
Pol Dellaiera
5ebdb3eda7
Merge pull request #296465 from Janik-Haag/networkmanager-ensure-profiles 
nixos/networkmanager: ensure-profiles, make sure networkmanager is running
 2024-03-16 18:46:12 +01:00
Janik H.
847a53742c
nixos/networkmanager: ensure-profiles, make sure networkmanager is running 2024-03-16 18:11:58 +01:00
Guillaume Girol
119099506c
Merge pull request #292477 from nu-nu-ko/nixos-komga-hardening 
nixos/komga: add service hardening and misc format changes.
 2024-03-16 17:34:45 +01:00
Martin Weinelt
fe8d02e2bc
Merge pull request #296180 from mweinelt/pretix 
pretix: init at 2024.2.0
 2024-03-16 17:28:20 +01:00
Martin Weinelt
b05a529fd6
nixos/pretix: init 2024-03-16 14:50:56 +01:00
Bobby Rong
3b48b3aaa9
Merge pull request #289062 from bobby285271/upd/mate 
MATE 1.28
 2024-03-16 21:38:24 +08:00
github-actions[bot]
9db4d84312
Merge master into staging-next 2024-03-16 12:01:19 +00:00
Pol Dellaiera
4285a30496
Merge pull request #295837 from abysssol/ollama-env-vars 
nixos/ollama: add option to set environment variables
 2024-03-16 08:02:55 +01:00
github-actions[bot]
7006358e6a
Merge master into staging-next 2024-03-16 00:02:02 +00:00
Pol Dellaiera
21456ee2a7
Merge pull request #296183 from laalsaas/etebase-server-fix 
etebase-server: create required tmpdir
 2024-03-15 22:08:15 +01:00
Maximilian Bosch
0d17fd9524
Merge pull request #292473 from networkException/fix-synapse-unix-socket-permissions 
nixos/matrix-synapse: allow synapse to write to directories of unix socket paths
 2024-03-15 18:53:04 +00:00
github-actions[bot]
00729a3d21
Merge master into staging-next 2024-03-15 18:01:19 +00:00
laalsaas
1d4c8cb0ff etebase-server: create required tmpdir 2024-03-15 16:52:21 +01:00
Peder Bergebakken Sundt
3399de5396
Merge pull request #295342 from pbsds/spotifyd-url-1710255988 
nixos/spotifyd: update configuration documentation url
 2024-03-15 13:03:01 +01:00
github-actions[bot]
4aac48ff7f
Merge master into staging-next 2024-03-15 06:01:09 +00:00
Bobby Rong
9254f99be6
Merge pull request #296019 from bobby285271/upd/budgie 
nixos/budgie: Fix default fonts
 2024-03-15 08:35:12 +08:00
github-actions[bot]
2bffd64e73
Merge master into staging-next 2024-03-15 00:01:59 +00:00
Bobby Rong
f7f3a3ec53
nixos/budgie: Fix default fonts 
Always install noto fonts and hack font.
 2024-03-15 07:56:02 +08:00
Ilan Joselevich
09078fd022
Merge pull request #295932 from Kranzes/nextcloud 
nixos/nextcloud: remove opcache.enable_cli=1
 2024-03-14 21:36:09 +02:00
Ilan Joselevich
9353fb2309
nixos/nextcloud: remove opcache.enable_cli=1 
Upstream no longer recommends enabling the opcache cli.
See the following:
 - https://github.com/nextcloud/documentation/issues/1439
 - https://github.com/nextcloud/server/pull/15468
 2024-03-14 18:36:11 +02:00
Bobby Rong
398cce395c
nixos/mate: Add enableWaylandSession option 
Make this an opt-in for now since the session is in early stage
and introduces a new set of wayfire closure.
 2024-03-14 23:34:11 +08:00
Bobby Rong
b45faa9834
nixos/mate: Add extraPanelApplets, extraCajaExtensions option 
Hopefully this is more user-friendly.
 2024-03-14 23:34:10 +08:00
Bobby Rong
a323f4f828
mate: Install mate-panel-with-applets by default 2024-03-14 23:34:06 +08:00
Bobby Rong
c87f6b5591
mate: Install caja-with-extensions by default 2024-03-14 23:34:05 +08:00
abysssol
b5e7a05bb7 nixos/ollama: add option to set environment variables 2024-03-14 04:21:36 -04:00
github-actions[bot]
f4c4bfc9fc
Merge master into staging-next 2024-03-13 18:00:53 +00:00
Sandro
db55012fa3
Merge pull request #291455 from SuperSandro2000/hydra-starman-worker 2024-03-13 13:57:12 +01:00
github-actions[bot]
cecf050e96
Merge master into staging-next 2024-03-13 12:01:25 +00:00
Pol Dellaiera
55251f1ffc
Merge pull request #295547 from Janik-Haag/unbound 
nixos/unbound: drop networkmanager since it doesn't support unbound anymore
 2024-03-13 10:33:52 +01:00
Janik H.
4147e50f18
nixos/unbound: drop networkmanager since it doesn't support unbound anymore 2024-03-13 09:50:56 +01:00
Pol Dellaiera
c35c016e5d
Merge pull request #295529 from Janik-Haag/networkmanager-drop-unbound 
nixos/networkmanager: drop unbound form dns servers
 2024-03-13 09:04:58 +01:00
Pol Dellaiera
6710011819
Merge pull request #295199 from blakesmith/gotosocial_14_2 
gotosocial 0.14.1 -> 0.14.2
 2024-03-13 08:53:37 +01:00
Janik H.
a97e56ae28
nixos/networkmanager: drop unbound form dns servers 
upstream dropped unbound in 5da17c689b
 2024-03-13 08:31:52 +01:00
éclairevoyant
e7db1f299c
nixos/scrutiny: fix timer not auto-starting 2024-03-12 22:25:54 -04:00
Blake Smith
b0529146b9 nixos/gotosocial: add blakesmith as a maintainer 2024-03-12 21:13:22 -05:00
annalee
8e038835fe
Merge remote-tracking branch 'upstream/master' into staging-next 2024-03-13 00:38:07 +00:00
Jörg Thalheim
721c6579d2
Merge pull request #295407 from Stunkymonkey/nixos-murmur-registerPassword-fix 
nixos/murmur: fix writing registerPassword to config
 2024-03-12 22:47:26 +01:00
Fabián Heredia Montiel
da8768347e
Merge pull request #293950 from DCsunset/nixos-hoogle 
nixos/hoogle: add extraOptions
 2024-03-12 14:57:30 -06:00
Felix Buehler
1e22e7d75e nixos/murmur: fix writing registerPassword to config 2024-03-12 21:19:24 +01:00
github-actions[bot]
6b78f024b2
Merge staging-next into staging 2024-03-12 18:01:46 +00:00
Peder Bergebakken Sundt
285d2dcf3c nixos/spotifyd: update configuration documentation url 2024-03-12 16:07:48 +01:00
Sandro Jäckel
b07cdeb1b3
nixos/plasma6: move out of x11 
This release focuses on wayland, lets give that justice
 2024-03-12 10:49:42 +01:00
github-actions[bot]
06e5eb63d3
Merge staging-next into staging 2024-03-11 18:01:53 +00:00
emilylange
08c37ba899 nixos/lldap: set service UMask=0027 and StateDirectoryMode=0750 
While `/var/lib/lldap` isn't technically accessible by unprivileged
users thanks to `DynamicUser=true`, a user might prefer and change it to
`DynamicUser=false`.

There is currently also a PR open that intends to make `DynamicUser`
configurable via module option.

As such, `jwt_secret_file`, if bootstrapped by the service start
procedure, might be rendered world-readable due to its permissions
(`0644/-rw-r--r--`) defaulting to the service's umask (`022`) and
`/var/lib/lldap` to `0755/drwxr-xr-x` due to `StateDirectoryMode=0755`.

This would usually be fixed by using `(umask 027; openssl ...)` instead
of just `openssl ...`.

However, it was found that another file (`users.db`), this time
bootstrapped by `lldap` itself, also had insufficient permissions
(`0644/-rw-r--r--`) inherited by the global umask and would be left
world-readable as well.

Due to this, we instead change the service's to `027`.

And to lower the impact for already bootstrapped files on existing
instances like `users.db`, set `StateDirectoryMode=0750`.
 2024-03-11 17:34:29 +01:00
emilylange
61a651e362 nixos/lldap: bootstrap jwt_secret if not provided 
If not provided, lldap defaults to `secretjwtsecret` as value which is
hardcoded in the code base.

See https://github.com/lldap/lldap/blob/v0.5.0/server/src/infra/configuration.rs#L76-L77

This is really bad, because it is trivially easy to generate an admin
access token/cookie as attacker, if a `jwt_secret` is known.
 2024-03-11 17:34:29 +01:00
Sandro
869ec01e56
Merge pull request #294286 from SuperSandro2000/unbound-remote-config-check 2024-03-11 16:06:31 +01:00
WilliButz
a2c0efbf5e
Merge pull request #274307 from thillux/esdm-1.0.1 
esdm: update module after 1.0.1 changes
 2024-03-11 15:11:05 +01:00
Markus Theil
36f1c0c2b3 nixos/esdm: simplify module 
ESDM 1.0.1 fixed bugs related to Linux compatibility layer with CUSE.

During these fixes, the compatibility layer was simplified behind a
target in order to start the necessary services together or none of
them (services.esdm.linuxCompatServices).

Furthermore, a small helper was added to ESDM 1.0.1 in order to deal
with resume/suspend/hibernate (FUSE needs to be unblocked).

Removed options are marked.

Signed-off-by: Markus Theil <theil.markus@gmail.com>
 2024-03-11 14:28:26 +01:00
github-actions[bot]
339816cfdf
Merge staging-next into staging 2024-03-11 12:01:42 +00:00