about summary refs log tree commit diff
path: root/nixos/modules
diff options
context:
space:
mode:
authorWeijia Wang <9713184+wegank@users.noreply.github.com>2024-04-30 13:24:52 +0200
committerWeijia Wang <9713184+wegank@users.noreply.github.com>2024-04-30 13:24:52 +0200
commit23cbc3c2b332ecaed3f3a3c5856279a3c7b9be99 (patch)
tree55b3ff83683ff8a4b9127c41af96a08efb77bb65 /nixos/modules
parent6fecc628f91a59edecd5775881e14944d98084c6 (diff)
parent8f27ccd790e5c4446b63dec50db31adc0d93de78 (diff)
Merge branch 'master' into staging-next
Diffstat (limited to 'nixos/modules')
-rw-r--r--nixos/modules/services/home-automation/wyoming/faster-whisper.nix2


-rw-r--r--nixos/modules/services/system/dbus.nix2


-rw-r--r--nixos/modules/services/web-apps/coder.nix1


-rw-r--r--nixos/modules/virtualisation/qemu-vm.nix18


4 files changed, 21 insertions, 2 deletions
diff --git a/nixos/modules/services/home-automation/wyoming/faster-whisper.nix b/nixos/modules/services/home-automation/wyoming/faster-whisper.nix
index cbff3ab3e617c..d0fca6a41c7b6 100644
--- a/nixos/modules/services/home-automation/wyoming/faster-whisper.nix
+++ b/nixos/modules/services/home-automation/wyoming/faster-whisper.nix
@@ -119,6 +119,8 @@ in
         wantedBy = [
           "multi-user.target"
         ];
+        # https://github.com/rhasspy/wyoming-faster-whisper/issues/27
+        environment."HF_HUB_CACHE" = "/tmp";
         serviceConfig = {
           DynamicUser = true;
           User = "wyoming-faster-whisper";
diff --git a/nixos/modules/services/system/dbus.nix b/nixos/modules/services/system/dbus.nix
index a9fc88e320c6b..8dba0aca64337 100644
--- a/nixos/modules/services/system/dbus.nix
+++ b/nixos/modules/services/system/dbus.nix
@@ -39,7 +39,7 @@ in
 
       implementation = mkOption {
         type = types.enum [ "dbus" "broker" ];
-        default = "broker";
+        default = "dbus";
         description = ''
           The implementation to use for the message bus defined by the D-Bus specification.
           Can be either the classic dbus daemon or dbus-broker, which aims to provide high
diff --git a/nixos/modules/services/web-apps/coder.nix b/nixos/modules/services/web-apps/coder.nix
index d4a5b7b2b89cd..5450adbe118da 100644
--- a/nixos/modules/services/web-apps/coder.nix
+++ b/nixos/modules/services/web-apps/coder.nix
@@ -223,4 +223,5 @@ in {
       };
     };
   };
+  meta.maintainers = pkgs.coder.meta.maintainers;
 }
diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix
index 06c1253d1fb64..c30f4577fdd86 100644
--- a/nixos/modules/virtualisation/qemu-vm.nix
+++ b/nixos/modules/virtualisation/qemu-vm.nix
@@ -249,7 +249,7 @@ let
           ${concatStringsSep " " config.virtualisation.qemu.networkingOptions} \
           ${concatStringsSep " \\\n    "
             (mapAttrsToList
-              (tag: share: "-virtfs local,path=${share.source},security_model=none,mount_tag=${tag}")
+              (tag: share: "-virtfs local,path=${share.source},security_model=${share.securityModel},mount_tag=${tag}")
               config.virtualisation.sharedDirectories)} \
           ${drivesCmdLine config.virtualisation.qemu.drives} \
           ${concatStringsSep " \\\n    " config.virtualisation.qemu.options} \
@@ -462,6 +462,18 @@ in
               type = types.path;
               description = "The mount point of the directory inside the virtual machine";
             };
+            options.securityModel = mkOption {
+              type = types.enum [ "passthrough" "mapped-xattr" "mapped-file" "none" ];
+              default = "mapped-xattr";
+              description = ''
+                The security model to use for this share:
+
+                - `passthrough`: files are stored using the same credentials as they are created on the guest (this requires QEMU to run as root)
+                - `mapped-xattr`: some of the file attributes like uid, gid, mode bits and link target are stored as file attributes
+                - `mapped-file`: the attributes are stored in the hidden .virtfs_metadata directory. Directories exported by this security model cannot interact with other unix tools
+                - `none`: same as "passthrough" except the sever won't report failures if it fails to set file attributes like ownership
+              '';
+            };
           });
         default = { };
         example = {
@@ -1091,18 +1103,22 @@ in
       nix-store = mkIf cfg.mountHostNixStore {
         source = builtins.storeDir;
         target = "/nix/store";
+        securityModel = "none";
       };
       xchg = {
         source = ''"$TMPDIR"/xchg'';
+        securityModel = "none";
         target = "/tmp/xchg";
       };
       shared = {
         source = ''"''${SHARED_DIR:-$TMPDIR/xchg}"'';
         target = "/tmp/shared";
+        securityModel = "none";
       };
       certs = mkIf cfg.useHostCerts {
         source = ''"$TMPDIR"/certs'';
         target = "/etc/ssl/certs";
+        securityModel = "none";
       };
     };
 

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-23 19:32:35 +0000