Nix Packages collection & NixOS
Go to file
Martin Weinelt 809ea5c6bd
nixos/ollama: replace flawed sandboxing option
The ollama module in its default configuration relies on systemd's
`DynamicUser=` feature for user allocation. In #305076 that allocation
was made conditional and tied to the `sandboxing` option, that was
intended to fix access to model directories outside the allocated state
directory.

However, by disabling sandboxing ollama would inadvertently run as root,
given that `User=` and `Group=` are not required to be set.

The correct way to grant access to other paths is to allocate static
user and group, and grant permissions to the destination path to that
allocation.

We therefore replace the sandboxing option user and group options, that
default to `null`, which means they default to `DynamicUser=`, but can
be replaced with a statically allocated user/group, and thereby a stable
uid/gid.

Fixes: 552eb759 ("nixos/ollama: add options to bypass sandboxing")
2024-07-22 14:51:39 +02:00
.github Merge pull request #328567 from tie/labeler-build-support-testers 2024-07-20 21:22:13 +02:00
ci ci/pinned-nixpkgs.json: update 2024-07-18 15:52:11 +02:00
doc Merge pull request #328269 from tweag/doc-no-warnings 2024-07-22 01:10:31 +02:00
lib Merge pull request #323143 from tsandrini/init-mqtt-explorer 2024-07-18 22:32:02 +04:00
maintainers Merge pull request #329011 from n8henrie/master 2024-07-22 03:43:23 +02:00
nixos nixos/ollama: replace flawed sandboxing option 2024-07-22 14:51:39 +02:00
pkgs Merge pull request #321316 from bcdarwin/init-python3-htmltools 2024-07-22 05:49:57 +02:00
.editorconfig
.envrc .envrc: init for new shell.nix 2024-06-30 00:02:36 +02:00
.git-blame-ignore-revs poptracker: Add XDG Desktop entry 2024-07-17 12:39:09 -04:00
.gitattributes
.gitignore Merge pull request #318712 from woojiq/lib-network-ipv6-parser 2024-07-11 20:57:53 +02:00
.mailmap
.version
CONTRIBUTING.md
COPYING
default.nix
flake.nix
README.md
shell.nix root: shell.nix for nixfmt 2024-06-26 16:16:44 +02:00

NixOS logo

Contributors badge Open Collective supporters

Nixpkgs is a collection of over 100,000 software packages that can be installed with the Nix package manager. It also implements NixOS, a purely-functional Linux distribution.

Manuals

  • NixOS Manual - how to install, configure, and maintain a purely-functional Linux distribution
  • Nixpkgs Manual - contributing to Nixpkgs and using programming-language-specific Nix expressions
  • Nix Package Manager Manual - how to write Nix expressions (programs), and how to use Nix command line tools

Community

Other Project Repositories

The sources of all official Nix-related projects are in the NixOS organization on GitHub. Here are some of the main ones:

  • Nix - the purely functional package manager
  • NixOps - the tool to remotely deploy NixOS machines
  • nixos-hardware - NixOS profiles to optimize settings for different hardware
  • Nix RFCs - the formal process for making substantial changes to the community
  • NixOS homepage - the NixOS.org website
  • hydra - our continuous integration system
  • NixOS Artwork - NixOS artwork

Continuous Integration and Distribution

Nixpkgs and NixOS are built and tested by our continuous integration system, Hydra.

Artifacts successfully built with Hydra are published to cache at https://cache.nixos.org/. When successful build and test criteria are met, the Nixpkgs expressions are distributed via Nix channels.

Contributing

Nixpkgs is among the most active projects on GitHub. While thousands of open issues and pull requests might seem a lot at first, it helps consider it in the context of the scope of the project. Nixpkgs describes how to build tens of thousands of pieces of software and implements a Linux distribution. The GitHub Insights page gives a sense of the project activity.

Community contributions are always welcome through GitHub Issues and Pull Requests.

For more information about contributing to the project, please visit the contributing page.

Donations

The infrastructure for NixOS and related projects is maintained by a nonprofit organization, the NixOS Foundation. To ensure the continuity and expansion of the NixOS infrastructure, we are looking for donations to our organization.

You can donate to the NixOS foundation through SEPA bank transfers or by using Open Collective:

License

Nixpkgs is licensed under the MIT License.

Note: MIT license does not apply to the packages built by Nixpkgs, merely to the files in this repository (the Nix expressions, build scripts, NixOS modules, etc.). It also might not apply to patches included in Nixpkgs, which may be derivative works of the packages to which they apply. The aforementioned artifacts are all covered by the licenses of the respective packages.