Age | Commit message (Collapse) | Author | Files | Lines |
|
ec2-data: prefer 'install/umask' over 'chmod'
|
|
nixos/blocky: Add an option for the package to be used
|
|
|
|
We introduced the gdm-fingerprint.pam in 9d41fe6fcc4df838a56b1cfb2512b65e5e655958.
We used the [upstream Arch config] as a template, which contains an extended control field that jumps over **one** immediately-following `auth` rule unless `pam_gdm.so` succeeds.
But we decided to not include `pam_gnome_keyring.so` so there was no rule to skip over, resulting in a broken control flow and the PAM module failing with “PAM bad jump in stack”, breaking the fingerprint authentication in GDM.
Let’s actually add `pam_gnome_keyring.so`, like the Arch config does. Because we are creating the PAM file using the `text` option, `security.pam.services.gdm-fingerprint.enableGnomeKeyring` does not do anything so we need to do it manually.
For the case where gnome-keyring is not enabled, we could add a no-op rule like `optional pam_permit.so` after `pam_gdm.so` so that the branching always has something to jump over but it will be simpler to just make the both conditional. There are no further `auth` rules that could benefit from `pam_gdm.so` doing something so it should be fine.
Unlike in Arch, we are not going to invoke `pam_gnome_keyring.so` in a `session` rule since that is already done by the included `login` module.
[upstream Arch config]: https://gitlab.gnome.org/GNOME/gdm/-/blob/81ee658c11381912131dd4a29e84190f7f9cd039/data/pam-arch/gdm-fingerprint.pam
|
|
The `optional pam_permit.so` comes from the [upstream Arch config] we used as a template in 9d41fe6fcc4df838a56b1cfb2512b65e5e655958. But I do not think it does anything in this position – see also the discussion at https://bbs.archlinux.org/viewtopic.php?id=245892 – so let’s just remove it.
Let’s also add a comment about disabling `fprintAuth` and a blank line for clarity.
[upstream Arch config]: https://gitlab.gnome.org/GNOME/gdm/-/blob/81ee658c11381912131dd4a29e84190f7f9cd039/data/pam-arch/gdm-fingerprint.pam
|
|
|
|
apptainer, singularity: precede system-level bin paths in `defaultPath` and fix `singularity` image running
|
|
`gdm-autologin` and `gdm-password` PAM modules are defined using the `text` option, so the option here is a no-op.
Furthermore, `gdm-password` already includes `login` for all module types,
and that invokes `pam_gnome_keyring.so` in the same way Arch’s `gdm-password` module would:
https://gitlab.gnome.org/GNOME/gdm/-/blob/81ee658c11381912131dd4a29e84190f7f9cd039/data/pam-arch/gdm-password.pam
This reverts commit c24c7933ba2e5266d91978f1eaefdd81c760af67.
|
|
authentication'"
`gdm-fingerprint` PAM module is defined using the `text` option, so the option here is a no-op.
This reverts commit 6bb516d45f2cbb56a817adf4c7f0ee680e3cf9e9.
|
|
|
|
nixos/espanso: fix wayland option
|
|
Co-authored-by: Aleksana <alexander.huang.y@gmail.com>
|
|
|
|
|
|
nixos/renovate: allow AF_UNIX access
|
|
tomodachi94/drop/vscode-css-json-html-languageserver-bin
|
|
|
|
Regression test for libvirt NSS modules
|
|
|
|
|
|
Previously, the blocky package was hardcoded to the one in pkgs. This
change allows to set it, so the user can configure the blocky service to
run blocky from nixpkgs-unstable, for example.
|
|
nixos/cloud-init: Bug fix and enhancements
|
|
nixos/prometheus-fastly-exporter: unwrap execstart
|
|
|
|
|
|
Adds random process kills, crashes and reboots etc to the testing of the SCION module
|
|
|
|
nixos/kmscon: fix eval
|
|
|
|
pixelfed: 0.11.13 -> 0.12.1
|
|
|
|
maintainers: remove myself
|
|
|
|
nixos/fcgiwrap: refactor to fix permissions
|
|
nixos/prosody: provide an (internal) escape hatch for overriding the …
|
|
nixos/mihomo: add assertion for configFile
|
|
apacheHttpdPackages.mod_jk: 1.2.48 -> 1.2.49, rename from tomcat_connectors
|
|
gitlab: 16.11.5 -> 17.1.1
|
|
renovate can update nix dependencies, which results in nix trying to communicate with the nix-daemon over a unix socket.
|
|
|
|
grafana: 11.0.0 -> 11.1.0
|
|
freshrss-extensions: init
|
|
I am the singular maintainer for these packages. They are difficult to
maintain and are going to start to bitrot pretty much as soon as BMD
releases new software versions. Therefore, I am not only removing myself
as the maintainer but dropping them entirely.
|
|
|
|
is disabled
|
|
`--post-get-sources-script` has been added a while ago. This
makes it available via the nix configuration.
See https://about.gitlab.com/blog/2023/03/27/changes-to-the-preclonescript/
|
|
The --pre-clone-script service configuration has been deprecated (https://docs.gitlab.com/ee/update/deprecations.html#deprecation-and-planned-removal-for-ci_pre_clone_script-variable-on-gitlab-saas) and replaced by --pre-get-sources-script (https://about.gitlab.com/blog/2023/03/27/changes-to-the-preclonescript/).
|
|
|
|
nixos/journald: Link to journald manpage
|
|
* Syncthing: implemented folder type
* Syncthing: fix syntax (via @johnhamelink )
This commit should be rebased/squashed into the previous one if ofborg cleares it!
Co-authored-by: John Hamelink <me@johnhame.link>
---------
Co-authored-by: John Hamelink <me@johnhame.link>
|