movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

Merge master into staging-next

Browse source
This commit is contained in:
github-actions[bot] 2023-10-21 12:01:08 +00:00 committed by GitHub
commit 0c34dab04f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
61 changed files with 575 additions and 316 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nixos/doc/manual/release-notes/rl-2311.section.md
View file

@ -402,6 +402,8 @@ The module update takes care of the new config syntax and the data itself (user
- Suricata was upgraded from 6.0 to 7.0 and no longer considers HTTP/2 support as experimental, see [upstream release notes](https://forum.suricata.io/t/suricata-7-0-0-released/3715) for more details.
- Cloud support in the `netdata` package is now disabled by default. To enable it use the `netdataCloud` package.
- `networking.nftables` now has the option `networking.nftables.table.<table>` to create tables
and have them be updated atomically, instead of flushing the ruleset.

25
nixos/modules/programs/firefox.nix
View file

@ -220,23 +220,20 @@ in
config = mkIf cfg.enable {
environment.systemPackages = [
(cfg.package.override {
(cfg.package.override (old: {
extraPrefs = cfg.autoConfig;
extraNativeMessagingHosts = with pkgs; optionals nmh.ff2mpv [
ff2mpv
] ++ optionals nmh.euwebid [
web-eid-app
] ++ optionals nmh.gsconnect [
gnomeExtensions.gsconnect
] ++ optionals nmh.jabref [
jabref
] ++ optionals nmh.passff [
passff-host
];
extraNativeMessagingHosts =
old.extraNativeMessagingHosts or []
++ optional nmh.ff2mpv ff2mpv
++ optional nmh.euwebid web-eid-app
++ optional nmh.gsconnect gnomeExtensions.gsconnect
++ optional nmh.jabref jabref
++ optional nmh.passff passff-host;
cfg = let
# copy-pasted from the wrapper; TODO: figure out fix
applicationName = cfg.package.binaryName or (lib.getName cfg.package);
oldCfg = old.cfg or {};
nixpkgsConfig = pkgs.config.${applicationName} or {};
optionConfig = cfg.wrapperConfig;
nmhConfig = {
@ -246,8 +243,8 @@ in
enableUgetIntegrator = nmh.ugetIntegrator;
enableFXCastBridge = nmh.fxCast;
};
in nixpkgsConfig // optionConfig // nmhConfig;
})
in oldCfg // nixpkgsConfig // optionConfig // nmhConfig;
}))
];
environment.etc =

22
nixos/modules/services/games/asf.nix
View file

@ -187,29 +187,41 @@ in
Group = "asf";
WorkingDirectory = cfg.dataDir;
Type = "simple";
ExecStart = "${cfg.package}/bin/ArchiSteamFarm --path ${cfg.dataDir} --process-required --no-restart --service --no-config-migrate";
ExecStart = "${lib.getExe cfg.package} --no-restart --process-required --service --system-required --path ${cfg.dataDir}";
Restart = "always";
# mostly copied from the default systemd service
PrivateTmp = true;
# copied from the default systemd service at
# https://github.com/JustArchiNET/ArchiSteamFarm/blob/main/ArchiSteamFarm/overlay/variant-base/linux/ArchiSteamFarm%40.service
CapabilityBoundingSet = "";
DevicePolicy = "closed";
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateIPC = true;
PrivateMounts = true;
PrivateTmp = true; # instead of rw /tmp
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "full";
ProtectSystem = "strict";
RemoveIPC = true;
RestrictAddressFamilies = "AF_INET AF_INET6";
RestrictAddressFamilies = "AF_INET AF_INET6 AF_NETLINK AF_UNIX";
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
UMask = "0077";
# we luckily already have systemd v247+
SecureBits = "noroot-locked";
SystemCallFilter = [ "@system-service" "~@privileged" ];
}
];

2
nixos/modules/system/boot/systemd/initrd.nix
View file

@ -358,7 +358,7 @@ in {
++ lib.optional (cfg.enableTpm2 && !(pkgs.stdenv.hostPlatform.isRiscV64 || pkgs.stdenv.hostPlatform.isArmv7)) "tpm-crb";
boot.initrd.systemd = {
initrdBin = [pkgs.bash pkgs.coreutils cfg.package.kmod cfg.package] ++ config.system.fsPackages;
initrdBin = [pkgs.bash pkgs.coreutils cfg.package.kmod cfg.package];
extraBin = {
less = "${pkgs.less}/bin/less";
mount = "${cfg.package.util-linux}/bin/mount";

17
nixos/modules/tasks/filesystems/btrfs.nix
View file

@ -52,34 +52,37 @@ in
config = mkMerge [
(mkIf enableBtrfs {
system.fsPackages = [ pkgs.btrfs-progs ];
})
boot.initrd.kernelModules = mkIf inInitrd [ "btrfs" ];
boot.initrd.availableKernelModules = mkIf inInitrd (
(mkIf inInitrd {
boot.initrd.kernelModules = [ "btrfs" ];
boot.initrd.availableKernelModules =
[ "crc32c" ]
++ optionals (config.boot.kernelPackages.kernel.kernelAtLeast "5.5") [
# Needed for mounting filesystems with new checksums
"xxhash_generic"
"blake2b_generic"
"sha256_generic" # Should be baked into our kernel, just to be sure
]
);
];
boot.initrd.extraUtilsCommands = mkIf (inInitrd && !config.boot.initrd.systemd.enable)
boot.initrd.extraUtilsCommands = mkIf (!config.boot.initrd.systemd.enable)
''
copy_bin_and_libs ${pkgs.btrfs-progs}/bin/btrfs
ln -sv btrfs $out/bin/btrfsck
ln -sv btrfsck $out/bin/fsck.btrfs
'';
boot.initrd.extraUtilsCommandsTest = mkIf (inInitrd && !config.boot.initrd.systemd.enable)
boot.initrd.extraUtilsCommandsTest = mkIf (!config.boot.initrd.systemd.enable)
''
$out/bin/btrfs --version
'';
boot.initrd.postDeviceCommands = mkIf (inInitrd && !config.boot.initrd.systemd.enable)
boot.initrd.postDeviceCommands = mkIf (!config.boot.initrd.systemd.enable)
''
btrfs device scan
'';
boot.initrd.systemd.initrdBin = [ pkgs.btrfs-progs ];
})
(mkIf enableAutoScrub {

2
nixos/modules/tasks/filesystems/cifs.nix
View file

@ -21,5 +21,7 @@ in
copy_bin_and_libs ${pkgs.cifs-utils}/sbin/mount.cifs
'';
boot.initrd.systemd.extraBin."mount.cifs" = mkIf inInitrd "${pkgs.cifs-utils}/sbin/mount.cifs";
};
}

2
nixos/modules/tasks/filesystems/ext.nix
View file

@ -25,5 +25,7 @@ in
ln -sv e2fsck $out/bin/fsck.ext4
'';
boot.initrd.systemd.initrdBin = lib.mkIf inInitrd [ pkgs.e2fsprogs ];
};
}

2
nixos/modules/tasks/filesystems/f2fs.nix
View file

@ -16,5 +16,7 @@ in
boot.initrd.extraUtilsCommands = mkIf (inInitrd && !config.boot.initrd.systemd.enable) ''
copy_bin_and_libs ${pkgs.f2fs-tools}/sbin/fsck.f2fs
'';
boot.initrd.systemd.initrdBin = mkIf inInitrd [ pkgs.f2fs-tools ];
};
}

2
nixos/modules/tasks/filesystems/jfs.nix
View file

@ -15,5 +15,7 @@ in
boot.initrd.extraUtilsCommands = mkIf (inInitrd && !config.boot.initrd.systemd.enable) ''
copy_bin_and_libs ${pkgs.jfsutils}/sbin/fsck.jfs
'';
boot.initrd.systemd.initrdBin = mkIf inInitrd [ pkgs.jfsutils ];
};
}

2
nixos/modules/tasks/filesystems/reiserfs.nix
View file

@ -21,5 +21,7 @@ in
ln -s reiserfsck $out/bin/fsck.reiserfs
'';
boot.initrd.systemd.initrdBin = mkIf inInitrd [ pkgs.reiserfsprogs ];
};
}

2
nixos/modules/tasks/filesystems/vfat.nix
View file

@ -21,5 +21,7 @@ in
ln -sv dosfsck $out/bin/fsck.vfat
'';
boot.initrd.systemd.extraBin = mkIf inInitrd [ pkgs.dosfstools ];
};
}

2
nixos/modules/tasks/filesystems/xfs.nix
View file

@ -26,5 +26,7 @@ in
''
sed -i -e 's,^#!.*,#!'$out/bin/sh, $out/bin/fsck.xfs
'';
boot.initrd.systemd.initrdBin = mkIf inInitrd [ pkgs.xfsprogs.bin ];
};
}

3
nixos/modules/tasks/filesystems/zfs.nix
View file

@ -632,7 +632,8 @@ in
targets.zfs-import.wantedBy = [ "zfs.target" ];
targets.zfs.wantedBy = [ "initrd.target" ];
extraBin = {
# zpool and zfs are already in thanks to fsPackages
zpool = "${cfgZfs.package}/sbin/zpool";
zfs = "${cfgZfs.package}/sbin/zfs";
awk = "${pkgs.gawk}/bin/awk";
};
};