| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Fixes test flakiness (`nix-build -A nixosTests.deconz`).
(cherry picked from commit e99ef7b970bc0b75d96c9659cc547ba44aca49ea)
|
|
Signed-off-by: Christina Sørensen <christina@cafkafk.com>
(cherry picked from commit 8a1dbedde5d596103cf7929b7286a2ba3535d8ea)
|
|
(cherry picked from commit f8b9215e9fe939497143ba2cfc9ad0ab8e26a6d8)
|
|
new versions of akkoma require the upload base url to be specified in
order for updates to work properly.
this will be a breaking change in 24.05, but for now a reasonable
default is set.
|
|
|
|
|
|
The default is to mount these world-readable, but that's a security risk
for the EFI System Partition.
Ref https://github.com/NixOS/nixpkgs/issues/279362.
(cherry picked from commit 8ee9b79cc41e9013f5bb58081eccdec236530611)
|
|
[Backport release-23.11] envfs: 1.0.3 -> 1.0.6
|
|
Diff: https://github.com/Mic92/envfs/compare/1.0.3...1.0.6
(cherry picked from commit 3a8e8369a67cb68e0e267413c36d997e9e3f670c)
|
|
It is useful when outputs change, but EDIDs do not. See [upstream PR][1]
for more details.
[1]: https://github.com/phillipberndt/autorandr/pull/293
(cherry picked from commit dd1e21f39f07a43de49e90866869c23bad4cb31e)
|
|
(cherry picked from commit 18a5476aa7779b916e588e99fb438c631a464d77)
|
|
[Backport release-23.11] nixos/ollama: add option to set environment variables
|
|
This adds compatibility with newer kernels, which fixes
nixosTests.zfs.series_2_1, which broke when the default kernel version
was bumped.
This means we no longer need the removeLinuxDRM option at all, but
I've kept it around as a no-op so people can leave it set in case the
same thing happens again in future.
(cherry picked from commit 45f1428902a6fe08ff343a7ebb7254cd1ca98785)
|
|
ZFS no longer tries to use GPL-only symbols on aarch64.
Tested by building nixosTests.zfs.stable (modified to use Linux 6.6)
and nixosTests.zfs.unstable.
(cherry picked from commit 2b9f0438230377995efb9a6efeec5f8572967643)
|
|
Same as all the other HID drivers, otherwise Corsair keyboards do not
work before the switch to stage2 without custom configuration.
(cherry picked from commit b8b53fdf37710b1c1b58b9a17e2649355dbee938)
|
|
[Backport release-23.11] nixos/gitea: warn when using `services.gitea` with forgejo
|
|
(cherry picked from commit 2e30c96c0afc0544227b8f9900f035f00668ffd4)
|
|
Fixes https://github.com/NixOS/nixpkgs/issues/240591
(cherry picked from commit 70fa188e175ab9d1034416374b2af15ad94decbc)
|
|
(cherry picked from commit f468e0d11180bdde888a7a16f9c043ec33dd284e)
|
|
[Backport release-23.11] gotosocial: 0.14.1 -> 0.14.2
|
|
[Backport release-23.11] steam: add extraCompatPackages
|
|
(cherry picked from commit b0529146b9cb07385b16bd828197d56505ed5ec0)
|
|
(cherry picked from commit d179a5fd02ce415236e5c708e661397e44ec6184)
|
|
(cherry picked from commit 956005226f0a7232bae04cdd2501e88c0685ed31)
|
|
(cherry picked from commit bdc55d2f8671881b81d6797928b3e7569235b1ba)
|
|
This sets a standard for Steam compat tools in NixOS where they must have the
compat tool in a special steamcompattool output.
proton-ge-bin was adjusted to conform with it.
(cherry picked from commit 2b619c23146b7b791ed25a174add5cc8d99c8654)
|
|
(cherry picked from commit 7b8d88fa059d2a945e17c800d4f2bbc958755e5c)
|
|
(cherry picked from commit 93a891f0e8e0feb96090eac48d9a2d5aaad28f20)
|
|
(cherry picked from commit b5e7a05bb737a3f53e3316d76008bfd8e373b00d)
|
|
[Backport release-23.11] nixos/nextcloud: remove opcache.enable_cli=1
|
|
[Backport release-23.11] nixos/atuin: add services.atuin.package option
|
|
Upstream no longer recommends enabling the opcache cli.
See the following:
- https://github.com/nextcloud/documentation/issues/1439
- https://github.com/nextcloud/server/pull/15468
(cherry picked from commit 9353fb2309902387c16130c97f27242ef24bc4c6)
|
|
We need to make sure systemd-tmpfiles-setup.service ran before we
start systemd-binft.service. Otherwise it might fail to start
due to non-existant files
Fixes #295365
(cherry picked from commit 16526f454fe534a809b3a0e4713c7fa70accb812)
|
|
(cherry picked from commit 1e22e7d75ec50dbc106b2080a4f12ce47e547719)
|
|
[Backport release-23.11] nixos/thanos: Changed query.replica-labels to a list parameter
|
|
While `/var/lib/lldap` isn't technically accessible by unprivileged
users thanks to `DynamicUser=true`, a user might prefer and change it to
`DynamicUser=false`.
There is currently also a PR open that intends to make `DynamicUser`
configurable via module option.
As such, `jwt_secret_file`, if bootstrapped by the service start
procedure, might be rendered world-readable due to its permissions
(`0644/-rw-r--r--`) defaulting to the service's umask (`022`) and
`/var/lib/lldap` to `0755/drwxr-xr-x` due to `StateDirectoryMode=0755`.
This would usually be fixed by using `(umask 027; openssl ...)` instead
of just `openssl ...`.
However, it was found that another file (`users.db`), this time
bootstrapped by `lldap` itself, also had insufficient permissions
(`0644/-rw-r--r--`) inherited by the global umask and would be left
world-readable as well.
Due to this, we instead change the service's to `027`.
And to lower the impact for already bootstrapped files on existing
instances like `users.db`, set `StateDirectoryMode=0750`.
(cherry picked from commit 3a1e06218adc58a5a160efe11a814edb2c298b04)
|
|
If not provided, lldap defaults to `secretjwtsecret` as value which is
hardcoded in the code base.
See https://github.com/lldap/lldap/blob/v0.5.0/server/src/infra/configuration.rs#L76-L77
This is really bad, because it is trivially easy to generate an admin
access token/cookie as attacker, if a `jwt_secret` is known.
(cherry picked from commit 566fba2236ae3a55831ced25e731909d37623d58)
|
|
(cherry picked from commit 366147b86d7e9ab9081e9b077d7c0d3c5199a45f)
|
|
It is safe to use 2.16 for evaluation and talking to the daemon,
which is how it's used when you're using a nix-daemon.
Specifically, this means that it is safe on NixOS and on other
multi-user installations.
|
|
(cherry picked from commits:
b8d8c1f207a8c80f7267920efa70db785e5d441e
5c143f03663eb59a7a1eac4b24b7c034abc4f483
87203977204d1c3a7c7ccd39147b17dadf3156e8)
|
|
(cherry picked from commit 8d956b1725be2b21116ba8e267c0f892e1d08a76)
|
|
(cherry picked from commit 67a799c40f1e177950d70bb0ea1073c4b6273b0f)
|
|
(cherry picked from commit fe93ea4e8e83444f5258d0e593420aac71d0d177)
|
|
[23.11] mealie: init at 1.2.0
|
|
[Backport release-23.11] nixos/github-runners: only override pkg if it has a `nodeRuntimes` arg
|
|
Signed-off-by: Litchi Pi <litchi.pi@proton.me>
(cherry picked from commit 4ebf2b54b09589e35eccb1a565bfb124cb7d09ba)
|
|
[Backport release-23.11] nixos/lib/make-squashfs.nix: allow disabling compression
|
|
- Make the token a required option
- Drop the proto from the listen parameter
- Use systemd credentials to pass the token file
- Drop debug flag, use extraArgs instead
- Actually hook up extraArgs
- Escape shell arguments
- Drop overly broad `with lib` statement
(cherry picked from commit a43d9cd69a2d02561217b56415edc95a9366a09e)
|
|
(cherry picked from commit 7427bec3a785c5269c5dee55f9ef45bf77454e09)
|
|
[Backport release-23.11] nixos/garage: allow all available log levels in `cfg.logLevel`
|
