public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
290,848 Commits 1 Branch 0 Tags
Commit Graph

21644 Commits

Author SHA1 Message Date
github-actions[bot]
12193913a1
Merge staging-next into staging 2021-05-07 12:23:21 +00:00
Linus Heckemann
47828e7dc0 nixos/manual: document IPv6 Privacy Extensions options 2021-05-07 13:55:11 +02:00
Jan Tojnar
9468b07326
Merge branch 'gnome-40' 2021-05-07 12:12:40 +02:00
github-actions[bot]
e5f4def056
Merge staging-next into staging 2021-05-07 00:46:58 +00:00
Robert Hensing
0633b6aa74
Merge pull request #121870 from Pacman99/pass-specialargs 
lib/modules: pass specialArgs to modules
 2021-05-07 01:54:48 +02:00
Pacman99
87c659ab94 nixos/top-level: specialArgs to specialisations 2021-05-06 16:04:08 -07:00
John Ericson
a3e54cb582 Merge remote-tracking branch 'upstream/staging-next' into staging 2021-05-06 15:48:25 -04:00
Sander van der Burg
77295e7e6b nixos/disnix: configure the remote client by default, if multi-user mode has been enabled 2021-05-06 19:33:02 +02:00
Martin Weinelt
6a09bc4405
Merge pull request #121865 from mweinelt/home-assistant 2021-05-06 18:05:00 +02:00
Martin Weinelt
24adc01e2e
nixos/home-assistant: allow netlink sockets and /proc/net inspection 
Since v2021.5.0 home-assistant uses the ifaddr library in the zeroconf
component to enumerate network interfaces via netlink. Since discovery
is all over the place lets allow AF_NETLINK unconditionally.

It also relies on pyroute2 now, which additionally tries to access files
in /proc/net, so we relax ProtectProc a bit by default as well.

This leaves us with these options unsecured:

✗ PrivateNetwork=                                             Service has access to the host's network                                                                 0.5
✗ RestrictAddressFamilies=~AF_(INET|INET6)                    Service may allocate Internet sockets                                                                    0.3
✗ DeviceAllow=                                                Service has a device ACL with some special devices                                                       0.1
✗ IPAddressDeny=                                              Service does not define an IP address allow list                                                         0.2
✗ PrivateDevices=                                             Service potentially has access to hardware devices                                                       0.2
✗ PrivateUsers=                                               Service has access to other users                                                                        0.2
✗ SystemCallFilter=~@resources                                System call allow list defined for service, and @resources is included (e.g. ioprio_set is allowed)      0.2
✗ RestrictAddressFamilies=~AF_NETLINK                         Service may allocate netlink sockets                                                                     0.1
✗ RootDirectory=/RootImage=                                   Service runs within the host's root directory                                                            0.1
✗ SupplementaryGroups=                                        Service runs with supplementary groups                                                                   0.1
✗ RestrictAddressFamilies=~AF_UNIX                            Service may allocate local sockets                                                                       0.1
✗ ProcSubset=                                                 Service has full access to non-process /proc files (/proc subset=)                                       0.1

→ Overall exposure level for home-assistant.service: 1.6 OK 🙂
 2021-05-06 16:55:53 +02:00
Jörg Thalheim
4e783a4cb7
Merge pull request #121724 from Izorkin/update-netdata 
netdata: 1.29.3 -> 1.30.1
 2021-05-06 14:58:33 +01:00
github-actions[bot]
c63e69cd89
Merge staging-next into staging 2021-05-06 12:23:32 +00:00
Maximilian Bosch
a50b9e6c23
Merge pull request #113716 from Ma27/wpa_multiple 
wpa_supplicant: allow both imperative and declarative networks
 2021-05-06 11:01:35 +02:00
Simon Thoby
1bdda029cd nixos/services/torrent/transmission.nix: add a missing apparmor rule 
libbrotli wasn't listed as a dependency for the AppArmor profile of the transmission-daemon binary.
As a result, transmission wouldn't run and would fail, logging this audit message to dmesg:
audit[11595]: AVC apparmor=DENIED operation=open profile=/nix/store/08i1rmakmnpwyxpvp0sfc5hcm106am7w-transmission-3.00/bin/transmission-daemon name=/proc/11595/environ pid=11595 comm=transmission-da requested_mask=r denied_mask=r fsuid=70 ouid=70
 2021-05-05 22:47:52 +02:00
Jan Tojnar
878abc6488
nixos/gnome3: Install GNOME Tour 
It will be run after startup.
 2021-05-05 22:43:02 +02:00
Jan Tojnar
316928e8c1
nixos/gnome3: Enable power-profiles-daemon 
GNOME 40 added support for it in Control Center.
 2021-05-05 22:43:01 +02:00
Jan Tojnar
49ae2e4c26
gnome3.gnome-getting-started-docs: drop 
It has been retired

https://gitlab.gnome.org/GNOME/gnome-build-meta/-/issues/353
 2021-05-05 22:43:01 +02:00
Jan Tojnar
913123f3b1
rl-2105: Mention GNOME 40 2021-05-05 22:42:58 +02:00
Jan Tojnar
d2e141e412
gnome3.gdm: 3.38.2.1 → 40.0 2021-05-05 22:42:32 +02:00
Jan Tojnar
941b15b003
librsvg: register installed tests 2021-05-05 22:20:22 +02:00
Samuel Dionne-Riel
6cb46a3897 sd_image_raspberrypi4: Remove, as planned initially 
The replacement is the generic AArch64 image.

From there, you can customize an image that works better for your
needs, if need be.
 2021-05-05 16:19:13 -04:00
Izorkin
53651179b9
nixos/netdata: update capabilities 2021-05-05 20:46:07 +03:00
github-actions[bot]
af9d9374fa
Merge staging-next into staging 2021-05-05 12:23:47 +00:00
Michael Weiss
ff5fdec093
Merge pull request #121437 from primeos/nixos-tests-sway 
nixos/tests/sway: init
 2021-05-05 13:52:51 +02:00
Robert Schütz
f82c6fdfd5 nixos/matrix-dendrite: rename to dendrite 2021-05-05 12:38:02 +02:00
Robert Schütz
007cab9644 matrix-dendrite: rename to dendrite 
No other distro calls it matrix-dendrite:
https://repology.org/project/matrix-dendrite
 2021-05-05 12:37:04 +02:00
Robert Hensing
ce93c98ce2
Merge pull request #99132 from Infinisil/recursive-type-deprecation 
Recursive type deprecation
 2021-05-05 11:13:37 +02:00
github-actions[bot]
dbc1478d23
Merge staging-next into staging 2021-05-05 06:21:29 +00:00
Ben Siraphob
a913f3ff49 nixos/tests/wmderland: remove stdenv.lib 2021-05-05 01:43:05 -04:00
Silvan Mosberger
0a377f11a5 nixos/treewide: Remove usages of deprecated types.string 2021-05-05 03:31:41 +02:00
github-actions[bot]
68e3ba2b1d
Merge staging-next into staging 2021-05-05 00:46:07 +00:00
Samuel Dionne-Riel
1cb977c858 sd-image: Rely on profiles/all-hardware.nix 
This ensures that SD images and UEFI installers don't drift in
compatibility with regards to early initrd.
 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel
cb9b46a3cd profiles/all-hardware.nix: Add vc4 for broadcom hardware 
Namely, early KMS on raspberry pi
 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel
f5b7687d26 profiles/all-hardware.nix: Share some config for all ARM 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel
14ac6de024 profiles/all-hardware.nix: Fix for arvmv7l-linux 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel
82625705c6 profiles/all-hardware.nix: Add analogix-dp 
While it's being brought in implicitly by the other analogix driver,
let's be explicit, in case things change.
 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel
9fa3e2c2a3 profiles/all-hardware.nix: Add regulator needed for rockchip 
But not exclusive to rockchip
 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel
535d463cf9 profiles/all-hardware.nix: Add rockchip modules 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel
70205bd13c profiles/all-hardware.nix: Add support for Raspberry Pi 4 USB 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel
a846d19831 profiles/all-hardware.nix: Add power regulator modules 
This is used on some allwinner platforms, and is a weak dependency for
USB to work.
 2021-05-04 19:42:12 -04:00
Samuel Dionne-Riel
a8af02fe6d profiles/all-hardware.nix: Add modules for integrated displays 
Namely, this is used by the pinebook's display
 2021-05-04 19:42:12 -04:00
Samuel Dionne-Riel
5bc36c1b30 profiles/all-hardware.nix: Add support for Allwinner hardware 2021-05-04 19:42:12 -04:00
Samuel Dionne-Riel
c60de92917 profiles/all-hardware.nix: Add simplefb for AArch64 2021-05-04 19:42:12 -04:00
Samuel Dionne-Riel
556fc32d69 iso-image: Build using strictDeps 2021-05-04 19:37:49 -04:00
Samuel Dionne-Riel
f1100e1506 iso-image: Add support for armv7l-linux 2021-05-04 19:37:49 -04:00
Samuel Dionne-Riel
d053c05d19 iso-image: Fixes for cross-compilation 
Note that here, since it's not a in a callPackage call, splicing won't
work on nativeBuildInputs.
 2021-05-04 19:37:48 -04:00
Samuel Dionne-Riel
385dc32fa8
Merge pull request #119974 from samueldr/feature/grub-gfx-aarch64 
iso-image: Fix GRUB graphical menu on AArch64
 2021-05-04 19:36:40 -04:00
Johannes Arnold
ff65166f44 nixos/monero: fix typo 2021-05-04 21:57:21 +00:00
Johannes Arnold
7cf3ffbddd nixos/monero: add dataDir option 2021-05-04 21:56:45 +00:00
github-actions[bot]
4cbb35eba8
Merge staging-next into staging 2021-05-04 18:21:27 +00:00