Commit Graph

286409 Commits

Author SHA1 Message Date
Martin Weinelt
326f86d8cd
Merge pull request #121222 from mweinelt/nginx
nixos/nginx: update hardening settings
2021-05-01 00:36:16 +02:00
Mario Rodas
61b1378583
Merge pull request #121300 from marsam/update-pgvector
postgresqlPackages.pgvector: 0.1.0 -> 0.1.2
2021-04-30 17:27:40 -05:00
Martin Weinelt
2f6fc07a5f
Merge pull request #121319 from r-ryantm/auto-update/logcheck 2021-05-01 00:21:07 +02:00
Martin Weinelt
7cc0cf9077
logcheck: update license to gpl2Plus 2021-05-01 00:20:10 +02:00
Martin Weinelt
fd1c36a476
Merge pull request #121326 from r-ryantm/auto-update/maddy
maddy: 0.4.3 -> 0.4.4
2021-05-01 00:13:30 +02:00
Martin Weinelt
5c0c0f0ee8
Merge pull request #121334 from r-ryantm/auto-update/lldpd
lldpd: 1.0.8 -> 1.0.10
2021-05-01 00:04:04 +02:00
Anderson Torres
1e42d905e6
Merge pull request #120802 from AndersonTorres/quick-patches
Convert ffmpeg_3 to ffmpeg
2021-04-30 18:50:21 -03:00
R. RyanTM
eae41465ad lldpd: 1.0.8 -> 1.0.10 2021-04-30 21:43:19 +00:00
V
490fa1e891 steamPackages.steam-runtime: 0.20201203.1 -> 0.20210317.0 2021-04-30 14:38:58 -07:00
Maximilian Bosch
f612313722
Merge pull request #121329 from maralorn/bump-nom
nix-output-monitor: 1.0.3.0 -> 1.0.3.1
2021-04-30 23:37:19 +02:00
Malte Brandy
640253ce2e
nix-output-monitor: 1.0.3.0 -> 1.0.3.1 2021-04-30 23:22:00 +02:00
R. RyanTM
307c0e2a3b maddy: 0.4.3 -> 0.4.4 2021-04-30 21:00:12 +00:00
AndersonTorres
72dacfd325 quodlibet: xineLib -> xine-lib 2021-04-30 17:51:05 -03:00
AndersonTorres
df26e9a55d eaglemode: xineLib -> xine-lib 2021-04-30 17:51:04 -03:00
AndersonTorres
e44606ff47 dvdstyler: xineUI -> xine-ui 2021-04-30 17:51:04 -03:00
AndersonTorres
06dadfa1a1 xineliboutput: xineLib -> xine-lib 2021-04-30 17:51:04 -03:00
AndersonTorres
bc5a164ccf xine-ui: xineLib -> xine-lib
And refactor.
2021-04-30 17:51:04 -03:00
AndersonTorres
f223a67c65 xine-lib: ffmpeg_3 -> ffmpeg
And refactor.
2021-04-30 17:50:49 -03:00
AndersonTorres
8518bfeae1 xineUI -> xine-ui
Rename it to a more intuitive name, and create a corresponding alias.
2021-04-30 17:39:10 -03:00
AndersonTorres
b13d36b973 xineLib -> xine-lib
Rename it to a more intuitive name, and create a corresponding alias.
2021-04-30 17:39:09 -03:00
AndersonTorres
5eefe24c94 wxSVG: ffmpeg_3 -> ffmpeg
And refactor.
2021-04-30 17:39:09 -03:00
AndersonTorres
5495d6d2b2 ppsspp: ffmpeg_3 -> ffmpeg
And refactor.
2021-04-30 17:39:09 -03:00
AndersonTorres
41c71047c0 mgba: ffmpeg_3 -> ffmpeg
And refactor.
2021-04-30 17:39:09 -03:00
AndersonTorres
27525f6c4d kid3: ffmpeg_3 -> ffmpeg
And refactor.
2021-04-30 17:39:08 -03:00
AndersonTorres
6d365578bf aegisub: ffmpeg_3 -> ffmpeg
And refactor.
2021-04-30 17:39:08 -03:00
Maximilian Bosch
3a7d278b54
Merge pull request #120895 from r-ryantm/auto-update/cargo-deb
cargo-deb: 1.29.1 -> 1.29.2
2021-04-30 22:36:44 +02:00
Maximilian Bosch
543e84a00f
Merge pull request #121167 from r-ryantm/auto-update/leftwm
leftwm: 0.2.6 -> 0.2.7
2021-04-30 22:29:46 +02:00
Maximilian Bosch
f476258fdf
Merge pull request #121287 from dotlambda/pass-import-fix
passExtensions.pass-import: fix tests
2021-04-30 22:18:06 +02:00
Peter Simons
b6b5fe550d all-cabal-hashes: update to Hackage at 2021-04-30T19:36:25Z 2021-04-30 22:02:27 +02:00
Martin Weinelt
efb30a191e
Merge pull request #120529 from mweinelt/zigbee2mqtt 2021-04-30 21:59:22 +02:00
Peter Simons
9a597deb23
Merge pull request #120446 from NixOS/haskell-updates
Update Haskell package set to Stackage Nightly 2021-04-23 (plus other fixes)
2021-04-30 21:53:43 +02:00
R. RyanTM
d25741e707 logcheck: 1.3.22 -> 1.3.23 2021-04-30 19:49:55 +00:00
Glowpelt
9465ce4e10 rtl88xxau-aircrack: fc0194 -> c0ce81
Linux Kernel 5.8 or about there broke the previous version of this
driver.
2021-04-30 19:45:26 +00:00
Mario Rodas
33f9d30558
rclone: 1.55.0 -> 1.55.1 (#121297) 2021-04-30 21:43:41 +02:00
Florian Klink
44a0debca7
Merge pull request #121021 from pennae/container-sigterm
nixos/nix-containers: use SIGTERM to stop containers
2021-04-30 21:35:16 +02:00
Léo Gaspard
b522e483b9
kcov: add metadata and passthru.tests (#121308) 2021-04-30 21:26:26 +02:00
lunik1
248a57d61a
nixos/adguardhome: init (#120568) 2021-04-30 20:55:31 +02:00
Peter Simons
37656dc208 git-annex: update sha256 hash for the new version 2021-04-30 20:45:03 +02:00
R. RyanTM
8a3ef67925
kcov: 36 -> 38 (#121160) 2021-04-30 20:44:04 +02:00
Martin Weinelt
62de527dc3
nixos/zigbee2mqtt: start maintaing the module 2021-04-30 20:40:04 +02:00
Martin Weinelt
2b61d9ea01
nixos/zigbee2mqtt: create migration path from config to settings 2021-04-30 20:39:21 +02:00
Peter Simons
e3185a56b5 hackage-packages.nix: automatic Haskell package set update
This update was generated by hackage2nix v2.17.0-8-ge18310f from Hackage revision
8185884e7b.
2021-04-30 20:37:43 +02:00
Peter Simons
e20a75ec74 hackage2nix: update list of broken packages
... so that there are no failing builds on Hydra.

Ping @rkrzr because icepeak is broken.
2021-04-30 20:30:15 +02:00
Martin Weinelt
f1e7183f69
nixos/tests/zigbee2mqtt: relax DevicePolicy and log systemd-analye security 2021-04-30 19:42:26 +02:00
Martin Weinelt
a691549f7e
nixos/zigbee2mqtt: harden systemd unit
This is what is still exposed, and it allows me to control my lamps from
within home-assistant.

✗ PrivateNetwork=                                             Service has access to the host's network                                            0.5
✗ RestrictAddressFamilies=~AF_(INET|INET6)                    Service may allocate Internet sockets                                               0.3
✗ DeviceAllow=                                                Service has a device ACL with some special devices                                  0.1
✗ IPAddressDeny=                                              Service does not define an IP address allow list                                    0.2
✗ PrivateDevices=                                             Service potentially has access to hardware devices                                  0.2
✗ RootDirectory=/RootImage=                                   Service runs within the host's root directory                                       0.1
✗ SupplementaryGroups=                                        Service runs with supplementary groups                                              0.1
✗ MemoryDenyWriteExecute=                                     Service may create writable executable memory mappings                              0.1

→ Overall exposure level for zigbee2mqtt.service: 1.3 OK 🙂
2021-04-30 19:42:26 +02:00
Martin Weinelt
e0f1e1f7bf
nixos/zigbee2mqtt: convert to rfc42 style settings 2021-04-30 19:42:26 +02:00
Konstantin Alekseev
7ee53c0c4f python2Packages.importlib-resources: use version 3.3.1 for python2 2021-04-30 19:10:50 +02:00
Martin Weinelt
0ae04ca063
Merge pull request #121290 from petabyteboy/feature/firefox-latest-rust 2021-04-30 19:00:32 +02:00
Martin Weinelt
506bc7ba02
nixos/nginx: update hardening settings
- Set an explicit umask that allows u+rwx and g+r.
- Adds `ProtectControlGroups` and `ProtectKernelLogs`, there should be
  no need to access either.
- Adds `ProtectClock` to prevent write-access to the system clock.
- `ProtectProc` hides processes from other users within the /proc
  filesystem and `ProcSubSet` hides all files/directories unrelated to
  the process management of the units process.
- Sets `RemoveIPC`, as there is no SysV or POSIX IPC within nginx that I
  know of.
- Restricts the creation of arbitrary namespaces
- Adds a reasonable `SystemCallFilter` preventing calls to @privileged,
  @obsolete and others.

And finally applies some sorting based on the order these options appear
in systemd.exec(5).
2021-04-30 18:49:43 +02:00
Milan Pässler
903e23ad36
firefox-esr: use latest Rust
Firefox ESR 78.x used to have a problem with Rust >= 1.46, but it works
with latest Rust now!
2021-04-30 17:50:01 +02:00