Sandro
6a2ae59456
nixos/luksroot: make it harder to accidentially break cryptsetup
...
(cherry picked from commit b861831405
)
2024-11-21 17:39:21 +00:00
Adam C. Stephens
48d0b9dd10
[Backport release-24.11] nixos/kanidm: add provisioning secret directories to BindReadOnlyPaths ( #357915 )
2024-11-21 11:48:55 -05:00
Sandro
66206bb85c
[Backport release-24.11] nixos/opendkim: modernize, add expandable settings option, put config file under standard location ( #357396 )
2024-11-21 15:57:24 +01:00
Sandro
f5e19b9e24
[Backport release-24.11] nixos/arp-scan: init, nixos/tcpdump: init ( #357214 )
2024-11-21 15:56:54 +01:00
oddlama
48be85e7c7
nixos/kanidm: add provisioning secret directories to BindReadOnlyPaths
...
(cherry picked from commit 3e29e0560d
)
2024-11-21 14:47:12 +00:00
Ughur Alakbarov
9746c8b7ee
nixos/tabby: fix typo
...
(cherry picked from commit f21d3a0f07
)
2024-11-21 13:02:20 +00:00
Naïm Favier
65933c9eb9
nixos/libreswan: use environment.etc."ipsec.secrets".text
...
This is to ensure compatibility with the networkmanager module, which
uses the `text` option.
(cherry picked from commit b294762bb9
)
2024-11-21 07:18:48 +00:00
Nick Cao
32078e2df4
[Backport release-24.11] nixos/pay-respects: actually import the module ( #357375 )
2024-11-20 08:49:32 -05:00
Weijia Wang
396fd05410
[Backport release-24.11] lomiri.*: OTA-6 ( #357107 )
2024-11-20 14:11:18 +01:00
Weijia Wang
e954f3e48e
[Backport release-24.11] python312Packages.magic-wormhole-mailbox-server: 0.4.1 -> 0.5.1 ( #357210 )
2024-11-20 14:04:11 +01:00
Weijia Wang
d153fd1ebf
[Backport release-24.11] docs: remove old NixOS version references ( #357187 )
2024-11-20 14:03:48 +01:00
OTABI Tomoya
fe807c021b
[Backport release-24.11] python3Packages: Fix and document the removal of the local .overrideAttrs
attribute ( #357196 )
2024-11-20 11:08:42 +09:00
Sandro Jäckel
eacd58dfea
nixos/opendkim: put config file under standard location
...
(cherry picked from commit f497159195
)
2024-11-19 21:30:14 +00:00
Sandro Jäckel
ab0bfdbfe2
nixos/opendkim: add expandable settings option
...
(cherry picked from commit 1414b222f5
)
2024-11-19 21:30:14 +00:00
Sandro Jäckel
68fb052050
nixos/opendkim: modernize
...
(cherry picked from commit dfac70cb1d
)
2024-11-19 21:30:14 +00:00
Weijia Wang
e90a55931b
[Backport release-24.11] globalprotect-openconnect: Reinstate v1 ( #356229 )
2024-11-19 21:57:53 +01:00
Fernando Rodrigues
b89e0bf06f
nixos/pay-respects: fix interactiveShellInit for fish and zsh
...
Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
(cherry picked from commit c346fd5125
)
2024-11-19 19:56:24 +00:00
Fernando Rodrigues
bc84a4af0b
nixos/pay-respects: actually import the module
...
I am unbelievably stupid sometimes.
Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
(cherry picked from commit 3cd382262c
)
2024-11-19 19:56:24 +00:00
Jordan Williams
97639a5790
nixos/snapserver: restart the systemd service on failure
...
(cherry picked from commit 7031d0fdd0
)
2024-11-19 14:08:38 +00:00
Emily
4bbfba14d8
nixos/doc/rl-2411: add highlight for the Darwin changes
...
(cherry picked from commit 5113c488af
)
2024-11-19 13:25:30 +00:00
Malte Voos
9018408f4a
nixos/acme: make address families in systemd service less restrictive
...
This change is to support LEGO's capability to spawn an external process that
solves the DNS-01 challenge. In particular, this enables a setup where LEGO
runs a shell script that uses nsd-control to add an appropriate zone to a
local NSD instance.
(cherry picked from commit d9bf91700e
)
2024-11-19 11:57:02 +00:00
Sandro Jäckel
89b1270199
nixos/{arp-scan,iftop,tcpdump,traceroute}: format
...
(cherry picked from commit b4d622fd7a
)
2024-11-19 10:04:11 +00:00
Sandro Jäckel
670f76a1e6
nixos/traceroute: use lib.getExe
...
(cherry picked from commit a6ee554a67
)
2024-11-19 10:04:11 +00:00
Sandro Jäckel
75ea3ad5b0
nixos/iftop: improve description, use lib.getExe
...
(cherry picked from commit 4fae28967b
)
2024-11-19 10:04:11 +00:00
Sandro Jäckel
f95adbe186
nixos/tcpdump: init
...
(cherry picked from commit eb42ef0c24
)
2024-11-19 10:04:11 +00:00
Sandro Jäckel
46c2ec1146
nixos/arp-scan: init
...
(cherry picked from commit 2829181316
)
2024-11-19 10:04:11 +00:00
Martin Joerg
f46acb4670
python312Packages.magic-wormhole-mailbox-server: 0.4.1 -> 0.5.1
...
https://github.com/magic-wormhole/magic-wormhole-mailbox-server/compare/refs/tags/0.4.1...refs/tags/0.5.1
https://github.com/magic-wormhole/magic-wormhole-mailbox-server/blob/0.5.1/NEWS.md
Python 3.12 is now supported
(cherry picked from commit 0afba0d517
)
2024-11-19 09:46:48 +00:00
Yueh-Shun Li
23669eccf2
rl-2411.section.md: update to inform the removal of (buildPythonPackage { ... }).overrideDerivation
...
Clean up the leftover of commit 58bfe74123
("buildPython*:
Deprecate and remove (buildPython* { ... }).override")
(cherry picked from commit b4e9f423f4
)
2024-11-19 08:46:00 +00:00
Wolfgang Walther
569c78e8e0
nixos/yabar: remove reference to nixos 18.03
...
No need to mention that anymore - it's just a fact by now.
(cherry picked from commit 7076d32d23
)
2024-11-19 08:11:19 +00:00
Wolfgang Walther
bf67c23dcc
docs: remove references before 22.11
...
Stuff that has been in for many years doesn't need to be mentioned
explicitly anymore.
(cherry picked from commit 1dd9c32b18
)
2024-11-19 08:11:19 +00:00
Maximilian Bosch
63e1dc6ace
nixos/networkd: warn about naively replacing IPForward
...
See https://github.com/systemd/systemd/issues/33414 .
The way this was phrased sounded like a dumb search/replace operation to
me. This resulted in random parts of my routing being broken (forward
from if X -> Y being fine, but the opposite direction being broken).
This change makes it explicit that it's a little more complicated and
you should really consult the docs before making that change.
(cherry picked from commit 06f50f4adf
)
2024-11-19 04:11:16 +00:00
Will Fancher
b798b0d694
nixos/systemd-stage-1: nixos-find-nixos-closure before initrd.target
...
Without this, boot could proceed to the initrd cleanup step before the
closure was found, killing the service and breaking boot.
(cherry picked from commit af8279fe38
)
2024-11-19 03:33:43 +00:00
Florian Agbuya
99e26dd556
flarum: fix 'mysql' has been renamed to/replaced by 'mariadb'
...
(cherry picked from commit 75a6be1684
)
2024-11-19 01:25:40 +00:00
OPNA2608
8cb1c3fcdc
lomiri.lomiri-history-service: Rename from lomiri.history-service
...
(cherry picked from commit 87d70198ea
)
2024-11-18 22:57:42 +00:00
Maximilian Bosch
35e60b321e
nixos/tools: add enable options to manual
...
E.g. when overriding `nix` with `pkgs.lix`, `nixos-option` will fail.
Given that I haven't used it in a very long time, I wanted to disable
it, but finding an option to turn off `nixos-option` is kinda hard given
that the options are generated here using `mkToolModule`.
I assumed that this isn't possible until I learned that
`system.tools.X.enable` exists. To me, this is a clear sign that these
shouldn't be internal.
(cherry picked from commit 859c76c505
)
2024-11-18 16:04:17 +00:00
Martin Weinelt
5576dfb738
nixos/wyoming-faster-whisper: update CUDA device allowlist
...
This list can change between driver versions, and it requires an update
now to find my GPU.
(cherry picked from commit ee595b709e
)
2024-11-18 02:26:15 +00:00
Gaetan Lepage
c7af27341c
nixos/g810-led: fix module
...
(cherry picked from commit 8fac714b78
)
2024-11-17 14:45:34 +00:00
Nick Cao
9156f19e52
[Backport release-24.11] nixos/zigbee2mqtt: only add port to DeviceAllow if it is a device ( #356582 )
2024-11-17 09:19:11 -05:00
Nick Cao
b05dfbcc3e
[Backport release-24.11] nixos/postgresql: fix warning typo ( #356695 )
2024-11-17 09:01:01 -05:00
Masum Reza
37debf5e7d
[Backport release-24.11] nixos/hyprland: adds programs.hyprland.withUWSM option ( #356542 )
2024-11-17 17:37:31 +05:30
Wolfgang Walther
a2b914e6e3
nixos: remove boot.loader.raspberryPi
...
This has been announced for 24.11 in #241534 , so let's follow through.
(cherry picked from commit 8ca24a7a2b
)
2024-11-17 11:50:01 +00:00
Maximilian Bosch
de06be4658
Merge: [Backport release-24.11] nixos/postgresql: extension based hardening relaxation ( #356574 )
2024-11-17 12:39:37 +01:00
Ian Kerins
25cd23219c
nixos/postgresql: fix warning typo
...
(cherry picked from commit 307090125f
)
2024-11-17 11:25:02 +00:00
Andrew Marshall
059acfca2d
nixos/zigbee2mqtt: only add port to DeviceAllow if it is a path
...
zigbee2mqtt supports having non-device ports (e.g. `tcp://`); those
should not be set in DeviceAllow. No URI will start with `/`, so use
that as the filter that it is a “real” device that needs to be allowed.
(cherry picked from commit 577e162073
)
2024-11-16 21:53:10 +00:00
Maximilian Bosch
0bd7e8585f
nixos/tests/postgresql: test plv8 hardening on non-JIT variants only
...
PostgreSQL with JIT support enabled doesn't work with plv8. Hence, we'd
get an evaluation failure for each
`nixosTests.postgresql.postgresql.postgresql_jit_X`.
This should be restructured in the future (less VM tests for custom
extensions, but a single VM test for this case to cover). For now, we
should get this fix out and this is a good-enough approach.
(cherry picked from commit 68d9643388
)
2024-11-16 21:30:02 +00:00
Martin Weinelt
830116313f
nixosTests.postgresql: test hardening gets relaxed
...
The plv8 plugin requires access to pkey syscalls. The execution will
crash hard when it is not allowed by the syscall filter.
Co-Authored-By: Jan Tojnar <jtojnar@gmail.com>
(cherry picked from commit e198536d26
)
2024-11-16 21:30:02 +00:00
Martin Weinelt
210f9b1546
nixos/postgresql: create infrastructure for relaxing systemd hardening
...
By matching on the package names of the plugins passed into the package
we can relax the systemd unit hardening as needed.
(cherry picked from commit d370af0785
)
2024-11-16 21:30:02 +00:00
Martin Weinelt
7d07116532
nixos/postgresql: rename extraPlugins to extensions
...
This is the upstream lingo, and it makes everything slightly less
confusing.
(cherry picked from commit 223a6c6ed0
)
2024-11-16 21:30:02 +00:00
Maximilian Bosch
4e88b60fe7
nixos/rl-2411: fix version Grafana has been updated to
...
(cherry picked from commit 3bad58ed01
)
2024-11-16 20:26:41 +00:00
jopejoe1
001f7f088e
[Backport release-24.11] nixos/shairport-sync: add package option ( #356417 )
2024-11-16 20:16:53 +01:00