Age | Commit message (Collapse) | Author | Files | Lines |
|
Same as all the other HID drivers, otherwise Corsair keyboards do not
work before the switch to stage2 without custom configuration.
(cherry picked from commit b8b53fdf37710b1c1b58b9a17e2649355dbee938)
|
|
[Backport release-23.11] nixos/gitea: warn when using `services.gitea` with forgejo
|
|
[Backport release-23.11] musescore: 4.1.1 -> 4.2.0
|
|
(cherry picked from commit 2e30c96c0afc0544227b8f9900f035f00668ffd4)
|
|
(cherry picked from commit 06bec0d01b31197c4b5fb3f72cbab76f0c239475)
|
|
Fixes https://github.com/NixOS/nixpkgs/issues/240591
(cherry picked from commit 70fa188e175ab9d1034416374b2af15ad94decbc)
|
|
(cherry picked from commit f468e0d11180bdde888a7a16f9c043ec33dd284e)
|
|
[Backport release-23.11] gotosocial: 0.14.1 -> 0.14.2
|
|
[Backport release-23.11] steam: add extraCompatPackages
|
|
(cherry picked from commit b0529146b9cb07385b16bd828197d56505ed5ec0)
|
|
(cherry picked from commit ca8c594d92c201d345549262c164c8afb5fe9faa)
|
|
(cherry picked from commit de7eddb27e566a9fb4b6f152402a90be903a1c98)
|
|
(cherry picked from commit d179a5fd02ce415236e5c708e661397e44ec6184)
|
|
(cherry picked from commit 956005226f0a7232bae04cdd2501e88c0685ed31)
|
|
(cherry picked from commit bdc55d2f8671881b81d6797928b3e7569235b1ba)
|
|
This sets a standard for Steam compat tools in NixOS where they must have the
compat tool in a special steamcompattool output.
proton-ge-bin was adjusted to conform with it.
(cherry picked from commit 2b619c23146b7b791ed25a174add5cc8d99c8654)
|
|
(cherry picked from commit 7b8d88fa059d2a945e17c800d4f2bbc958755e5c)
|
|
(cherry picked from commit 93a891f0e8e0feb96090eac48d9a2d5aaad28f20)
|
|
[Backport release-23.11] nixos/nextcloud: remove opcache.enable_cli=1
|
|
[Backport release-23.11] nixos/atuin: add services.atuin.package option
|
|
Upstream no longer recommends enabling the opcache cli.
See the following:
- https://github.com/nextcloud/documentation/issues/1439
- https://github.com/nextcloud/server/pull/15468
(cherry picked from commit 9353fb2309902387c16130c97f27242ef24bc4c6)
|
|
We need to make sure systemd-tmpfiles-setup.service ran before we
start systemd-binft.service. Otherwise it might fail to start
due to non-existant files
Fixes #295365
(cherry picked from commit 16526f454fe534a809b3a0e4713c7fa70accb812)
|
|
(cherry picked from commit 1e22e7d75ec50dbc106b2080a4f12ce47e547719)
|
|
[Backport release-23.11] nixos/thanos: Changed query.replica-labels to a list parameter
|
|
|
|
exporter
When DNSMasq is not yet completly started trying to call the exporter
fails.
(cherry picked from commit 21a671c1acd2225c3d4defcdd6298d83b6b89b40)
|
|
While `/var/lib/lldap` isn't technically accessible by unprivileged
users thanks to `DynamicUser=true`, a user might prefer and change it to
`DynamicUser=false`.
There is currently also a PR open that intends to make `DynamicUser`
configurable via module option.
As such, `jwt_secret_file`, if bootstrapped by the service start
procedure, might be rendered world-readable due to its permissions
(`0644/-rw-r--r--`) defaulting to the service's umask (`022`) and
`/var/lib/lldap` to `0755/drwxr-xr-x` due to `StateDirectoryMode=0755`.
This would usually be fixed by using `(umask 027; openssl ...)` instead
of just `openssl ...`.
However, it was found that another file (`users.db`), this time
bootstrapped by `lldap` itself, also had insufficient permissions
(`0644/-rw-r--r--`) inherited by the global umask and would be left
world-readable as well.
Due to this, we instead change the service's to `027`.
And to lower the impact for already bootstrapped files on existing
instances like `users.db`, set `StateDirectoryMode=0750`.
(cherry picked from commit 3a1e06218adc58a5a160efe11a814edb2c298b04)
|
|
If not provided, lldap defaults to `secretjwtsecret` as value which is
hardcoded in the code base.
See https://github.com/lldap/lldap/blob/v0.5.0/server/src/infra/configuration.rs#L76-L77
This is really bad, because it is trivially easy to generate an admin
access token/cookie as attacker, if a `jwt_secret` is known.
(cherry picked from commit 566fba2236ae3a55831ced25e731909d37623d58)
|
|
(cherry picked from commit 366147b86d7e9ab9081e9b077d7c0d3c5199a45f)
|
|
(cherry picked from commit 67bfaf3d03df0a03aa3cf8722962c393e63f3713)
|
|
It is safe to use 2.16 for evaluation and talking to the daemon,
which is how it's used when you're using a nix-daemon.
Specifically, this means that it is safe on NixOS and on other
multi-user installations.
|
|
(cherry picked from commits:
b8d8c1f207a8c80f7267920efa70db785e5d441e
5c143f03663eb59a7a1eac4b24b7c034abc4f483
87203977204d1c3a7c7ccd39147b17dadf3156e8)
|
|
(cherry picked from commit 8d956b1725be2b21116ba8e267c0f892e1d08a76)
|
|
(cherry picked from commit 67a799c40f1e177950d70bb0ea1073c4b6273b0f)
|
|
...into release-23.11
|
|
...into release-23.11
|
|
|
|
(cherry picked from commit fe93ea4e8e83444f5258d0e593420aac71d0d177)
|
|
(cherry picked from commit bde7471aa2d06b1562352677b12b493d0dd7a26c)
|
|
[23.11] mealie: init at 1.2.0
|
|
|
|
[Backport release-23.11] nixos/github-runners: only override pkg if it has a `nodeRuntimes` arg
|
|
Signed-off-by: Litchi Pi <litchi.pi@proton.me>
(cherry picked from commit aeb79caaf67e8aa73ac7b4b0a477f38b4d0cab09)
|
|
Signed-off-by: Litchi Pi <litchi.pi@proton.me>
(cherry picked from commit 4ebf2b54b09589e35eccb1a565bfb124cb7d09ba)
|
|
[Backport release-23.11] dockerTools: Fix chown in fakeRootCommands
|
|
[Backport release-23.11] nixos/dockerTools: fix includeStorePaths when enableFakechroot
|
|
|
|
[Backport release-23.11] nixos/lib/make-squashfs.nix: allow disabling compression
|
|
(cherry picked from commit 7e2ab60bc58d90ccd5e71678653f13a72dde2896)
|
|
|