movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 13:40:28 +03:00
Code Activity

Merge master into staging-next

Browse source
This commit is contained in:
nixpkgs-ci[bot] 2025-03-18 18:05:06 +00:00 committed by GitHub
commit 0bb96173bd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
146 changed files with 3140 additions and 1980 deletions
Download patch file Download diff file Expand all files Collapse all files

1
nixos/modules/module-list.nix
View file

@ -1401,6 +1401,7 @@
./services/security/oauth2-proxy.nix
./services/security/oauth2-proxy-nginx.nix
./services/security/opensnitch.nix
./services/security/paretosecurity.nix
./services/security/pass-secret-service.nix
./services/security/physlock.nix
./services/security/shibboleth-sp.nix

2
nixos/modules/services/networking/ircd-hybrid/control.in
View file

@ -6,7 +6,7 @@ export PATH=@coreutils@/bin
if test "$1" = "start"; then
if ! @procps@/bin/pgrep ircd; then
if @ipv6Enabled@; then
while ! @iproute@/sbin/ip addr |
while ! @iproute2@/sbin/ip addr |
@gnugrep@/bin/grep inet6 |
@gnugrep@/bin/grep global; do
sleep 1;

43
nixos/modules/services/security/paretosecurity.nix Normal file
View file

@ -0,0 +1,43 @@
{
config,
lib,
pkgs,
...
}:
{
options.services.paretosecurity = {
enable = lib.mkEnableOption "[ParetoSecurity](https://paretosecurity.com) [agent](https://github.com/ParetoSecurity/agent) and its root helper";
package = lib.mkPackageOption pkgs "paretosecurity" { };
};
config = lib.mkIf config.services.paretosecurity.enable {
environment.systemPackages = [ config.services.paretosecurity.package ];
systemd.sockets."paretosecurity" = {
wantedBy = [ "sockets.target" ];
socketConfig = {
ListenStream = "/var/run/paretosecurity.sock";
SocketMode = "0666";
};
};
systemd.services."paretosecurity" = {
serviceConfig = {
ExecStart = "${config.services.paretosecurity.package}/bin/paretosecurity helper";
User = "root";
Group = "root";
StandardInput = "socket";
Type = "oneshot";
RemainAfterExit = "no";
StartLimitInterval = "1s";
StartLimitBurst = 100;
ProtectSystem = "full";
ProtectHome = true;
StandardOutput = "journal";
StandardError = "journal";
};
};
};
}

37
nixos/modules/services/web-apps/movim.nix
View file

@ -734,8 +734,9 @@ in
wantedBy = [ "multi-user.target" ];
requiredBy = [ "${phpExecutionUnit}.service" ];
before = [ "${phpExecutionUnit}.service" ];
after = lib.optional cfg.database.createLocally dbService;
wants = [ "local-fs.target" ];
requires = lib.optional cfg.database.createLocally dbService;
after = lib.optional cfg.database.createLocally dbService;
serviceConfig =
{
@ -785,11 +786,36 @@ in
);
};
services.${phpExecutionUnit} = {
wantedBy = lib.optional (cfg.nginx != null) "nginx.service";
requiredBy = [ "movim.service" ];
before = [ "movim.service" ] ++ lib.optional (cfg.nginx != null) "nginx.service";
wants = [ "network.target" ];
requires = [ "movim-data-setup.service" ] ++ lib.optional cfg.database.createLocally dbService;
after = [ "movim-data-setup.service" ] ++ lib.optional cfg.database.createLocally dbService;
};
services.movim = {
description = "Movim daemon";
wantedBy = [ "multi-user.target" ];
after = [ "movim-data-setup.service" ];
requires = [ "movim-data-setup.service" ] ++ lib.optional cfg.database.createLocally dbService;
wants = [
"network.target"
"local-fs.target"
];
requires =
[
"movim-data-setup.service"
"${phpExecutionUnit}.service"
]
++ lib.optional cfg.database.createLocally dbService
++ lib.optional (cfg.nginx != null) "nginx.service";
after =
[
"movim-data-setup.service"
"${phpExecutionUnit}.service"
]
++ lib.optional cfg.database.createLocally dbService
++ lib.optional (cfg.nginx != null) "nginx.service";
environment = {
PUBLIC_URL = "//${cfg.domain}";
WS_PORT = builtins.toString cfg.port;
@ -803,11 +829,6 @@ in
};
};
services.${phpExecutionUnit} = {
after = [ "movim-data-setup.service" ];
requires = [ "movim-data-setup.service" ] ++ lib.optional cfg.database.createLocally dbService;
};
tmpfiles.settings."10-movim" = with cfg; {
"${dataDir}".d = {
inherit user group;