dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
596,225 Commits 3 Branches 0 Tags 4.3 GiB
721c6579d2
Commit Graph

18312 Commits

Author SHA1 Message Date
Jörg Thalheim
721c6579d2
Merge pull request #295407 from Stunkymonkey/nixos-murmur-registerPassword-fix 
nixos/murmur: fix writing registerPassword to config
 2024-03-12 22:47:26 +01:00
Fabián Heredia Montiel
da8768347e
Merge pull request #293950 from DCsunset/nixos-hoogle 
nixos/hoogle: add extraOptions
 2024-03-12 14:57:30 -06:00
Felix Buehler
1e22e7d75e nixos/murmur: fix writing registerPassword to config 2024-03-12 21:19:24 +01:00
Sandro Jäckel
b07cdeb1b3
nixos/plasma6: move out of x11 
This release focuses on wayland, lets give that justice
 2024-03-12 10:49:42 +01:00
emilylange
08c37ba899 nixos/lldap: set service UMask=0027 and StateDirectoryMode=0750 
While `/var/lib/lldap` isn't technically accessible by unprivileged
users thanks to `DynamicUser=true`, a user might prefer and change it to
`DynamicUser=false`.

There is currently also a PR open that intends to make `DynamicUser`
configurable via module option.

As such, `jwt_secret_file`, if bootstrapped by the service start
procedure, might be rendered world-readable due to its permissions
(`0644/-rw-r--r--`) defaulting to the service's umask (`022`) and
`/var/lib/lldap` to `0755/drwxr-xr-x` due to `StateDirectoryMode=0755`.

This would usually be fixed by using `(umask 027; openssl ...)` instead
of just `openssl ...`.

However, it was found that another file (`users.db`), this time
bootstrapped by `lldap` itself, also had insufficient permissions
(`0644/-rw-r--r--`) inherited by the global umask and would be left
world-readable as well.

Due to this, we instead change the service's to `027`.

And to lower the impact for already bootstrapped files on existing
instances like `users.db`, set `StateDirectoryMode=0750`.
 2024-03-11 17:34:29 +01:00
emilylange
61a651e362 nixos/lldap: bootstrap jwt_secret if not provided 
If not provided, lldap defaults to `secretjwtsecret` as value which is
hardcoded in the code base.

See https://github.com/lldap/lldap/blob/v0.5.0/server/src/infra/configuration.rs#L76-L77

This is really bad, because it is trivially easy to generate an admin
access token/cookie as attacker, if a `jwt_secret` is known.
 2024-03-11 17:34:29 +01:00
Sandro
869ec01e56
Merge pull request #294286 from SuperSandro2000/unbound-remote-config-check 2024-03-11 16:06:31 +01:00
WilliButz
a2c0efbf5e
Merge pull request #274307 from thillux/esdm-1.0.1 
esdm: update module after 1.0.1 changes
 2024-03-11 15:11:05 +01:00
Markus Theil
36f1c0c2b3 nixos/esdm: simplify module 
ESDM 1.0.1 fixed bugs related to Linux compatibility layer with CUSE.

During these fixes, the compatibility layer was simplified behind a
target in order to start the necessary services together or none of
them (services.esdm.linuxCompatServices).

Furthermore, a small helper was added to ESDM 1.0.1 in order to deal
with resume/suspend/hibernate (FUSE needs to be unblocked).

Removed options are marked.

Signed-off-by: Markus Theil <theil.markus@gmail.com>
 2024-03-11 14:28:26 +01:00
Pierre Allix
cf625fe5f0 nixos/networkmanager: add doc about nm profiles interaction with resolvconf 2024-03-11 12:55:27 +01:00
Sandro
80ec88edec
Merge pull request #292025 from RaHoni/baculaTls 2024-03-11 12:01:19 +01:00
Florian Klink
b437b19f54 nixos/yubikey-agent: fix eval error 
This has been refactored in https://github.com/NixOS/nixpkgs/
pull/133542, but this reference wasn't updated.
 2024-03-10 19:08:23 +02:00
Pol Dellaiera
2bd0c18d98
Merge pull request #282160 from gaykitty/stargazer-debug-mode 
nixos/stargazer: add missing debugMode setting
 2024-03-10 14:31:06 +01:00
Peder Bergebakken Sundt
4a4a70ca31
Merge pull request #280836 from numinit/nebula-port-zero 
nixos/nebula: default to port 0 for hosts other than lighthouse/relay
 2024-03-10 05:01:04 +01:00
éclairevoyant
6b80044d9d
Merge pull request #294584 from MinerSebas/plasma-samba 
nixos/plasma6: Dont add samba a second time to environment.systemPackages
 2024-03-09 23:40:45 +00:00
Sandro
c86e8fd7a0
Merge pull request #133542 from fpletz/refactor/pinentry-remove-multiple-outputs 
pinentry: remove multiple outputs
 2024-03-09 23:57:27 +01:00
Bernardo Meurer
6bb56dc681
Merge pull request #294544 from lilyinstarlight/fix/fwupd-uefi-capsule-settings 2024-03-09 16:31:44 -05:00
Emily
8b7eef367c
Merge pull request #292304 from networkException/unix-socket-sliding-sync-bindaddr 
nixos/matrix-sliding-sync: improve unix socket support
 2024-03-09 20:12:48 +01:00
Lily Foster
1801583855
nixos/fwupd: fix silent failure for uefiCapsuleSettings to ever be added 
Bug was introduced in 28ea07d4e3.
 2024-03-09 12:44:46 -05:00
MinerSebas
cf3a468eee nixos/plasma6: Dont add samba a second time to environment.systemPackages 2024-03-09 17:06:25 +01:00
gaykitty
366147b86d nixos/stargazer: add missing debugMode setting 2024-03-09 11:04:27 -05:00
networkException
f0097cf1d9
nixos/matrix-sliding-sync: create runtime directory in /run/matrix-sliding-sync 
this patch enables the creation of a runtime directory with the default
mode 0755 in /run/matrix-sliding-sync to offer a simple option for
SYNCV3_BINDADDR when using unix sockets.
 2024-03-08 23:16:05 +01:00
Franz Pletz
a270c43ea1
treewide: use sensible pinentry flavor 2024-03-08 23:09:02 +01:00
Sandro Jäckel
67c1193fab
nixos/unbound: disable checkconf when remote-control is used 
Closes #293001
 2024-03-08 15:34:00 +01:00
Weijia Wang
4acc19b18c
Merge pull request #291581 from Luflosi/nixos/memcached/clarify-setting 
nixos/memcached: clarify behaviour of `enableUnixSocket`
 2024-03-08 10:25:10 +01:00
éclairevoyant
2319821137
nixos/scrutiny: default collector api endpoint port to point at web app port 2024-03-07 23:21:53 -05:00
éclairevoyant
fc5116d75c
nixos/scrutiny: clean up mkEnableOption definitions 2024-03-07 23:21:53 -05:00
éclairevoyant
ce5dbf1b7b
nixos/scrutiny: inherit lib bindings 2024-03-07 23:21:52 -05:00
éclairevoyant
4e710d5221
nixos/scrutiny: remove redundant lib.mdDoc 2024-03-07 23:21:52 -05:00
Peder Bergebakken Sundt
5f9689332a
Merge pull request #278537 from wfdewith/syncoid-permissions 
nixos/syncoid: add missing ZFS mount permission
 2024-03-08 00:11:39 +01:00
Yt
0340f82b24
Merge pull request #292873 from ghthor/tabby 
Tabby: bump 0.7.0 -> 0.8.3 and add systemd service
 2024-03-07 21:51:06 +00:00
Maximilian Bosch
3c8f4e06e6
Merge pull request #287602 from Ma27/drop-postgres-ensurePermissions 
nixos/postgresql: drop ensurePermissions option
 2024-03-07 19:50:44 +00:00
Will Owens
d9188fc882
nixos/tabby: init module 
- Enable tabby to run as a systemd service
- Document standard tabby configuration
 2024-03-07 06:29:12 -05:00
DCsunset
38261d9556 nixos/hoogle: add extraOptions 2024-03-06 22:12:41 -05:00
Sandro
e656679228
Merge pull request #286523 from MarcelCoding/listmonk 
listmonk: 2.5.1 -> 3.0.0
 2024-03-06 18:49:20 +01:00
Franz Pletz
f05e5f3a51
Merge pull request #285807 from MinerSebas/prometheus-restic-exporter 
prometheus-restic-exporter: 1.4.0 -> 1.5.0
 2024-03-06 14:35:24 +01:00
Leona Maroni
182053a2cf
Merge pull request #293595 from SuperSandro2000/git-io-remove 
treewide: stop using deprecated git.io shortlink service
 2024-03-06 11:14:14 +01:00
Sandro Jäckel
04d33b98e1
treewide: stop using deprecated git.io shortlink service 2024-03-05 22:58:29 +01:00
Sandro
911b4015d2
Merge pull request #283319 from phaer/etebase-server 
etebase: fix runtime crash due to wrong pydantic..
 2024-03-05 21:37:21 +01:00
Adam C. Stephens
a51a27a78b
Merge pull request #291554 from jnsgruk/homepage-config 
nixos/homepage-dashboard: support structured config
 2024-03-05 09:48:19 -05:00
Jon Seager
c0330351a0
nixos/homepage-dashboard: support structured config 2024-03-05 14:38:52 +00:00
Someone
46b75bf589
Merge pull request #291828 from SomeoneSerge/refactor/cdi-nvidia 
nixos/cdi.dynamic.nvidia: expose driverLink
 2024-03-04 18:32:34 +00:00
Nick Cao
8e19126885
Merge pull request #289009 from 999eagle/feat/miniflux-no-db 
nixos/miniflux: add option to disable configuring a local postgresql db
 2024-03-04 09:47:14 -05:00
Sophie Tauchert
cb5f2a8e87
nixos/tests/miniflux: add test for external database 2024-03-04 09:07:21 +01:00
Sophie Tauchert
1f8385d6d1
nixos/miniflux: add option to disable configuring a local postgresql db 2024-03-04 09:07:20 +01:00
Robert Schütz
e67761b6f6
Merge pull request #292854 from SuperSandro2000/vaultwarden-bitwarden_rs 
vaultwarden: cleanup maintainers, nixos/vaultwarden: drop aliases
 2024-03-04 00:36:06 +00:00
Sandro Jäckel
06a6371247
nixos/vaultwarden: set meta.maintainers to package maintainer 2024-03-04 00:41:56 +01:00
Martin Weinelt
f09b7dc6a5
Merge pull request #289961 from leona-ya/vikunja-0.23.0 
vikunja: 0.22.1 -> 0.23.0
 2024-03-03 19:15:35 +01:00
Guillaume Girol
dc9a74e61e
Merge pull request #291934 from e1mo/bird-lg-1-3-5 
bird-lg: 1.3.1 -> 1.3.5
 2024-03-03 15:50:42 +01:00
Guillaume Girol
9887be970b
Merge pull request #292437 from deviant/nixos-nixseparatedebuginfod-nix2.3 
nixos/nixseparatedebuginfod: fix compatibility with Nix 2.3
 2024-03-03 14:12:27 +01:00