Loading maintainers/maintainer-list.nix +6 −7 Original line number Diff line number Diff line Loading @@ -6053,13 +6053,6 @@ github = "David-Kopczynski"; githubId = 53194670; }; david-r-cox = { email = "david@integrated-reasoning.com"; github = "david-r-cox"; githubId = 4259949; name = "David Cox"; keys = [ { fingerprint = "0056 A3F6 9918 1E0D 8FF0 BCDE 65BB 07FA A4D9 4634"; } ]; }; david-sawatzke = { email = "d-nix@sawatzke.dev"; github = "david-sawatzke"; Loading Loading @@ -27259,6 +27252,12 @@ githubId = 38566841; name = "Anthony Butt"; }; toodeluna = { email = "luna@toodeluna.net"; github = "toodeluna"; githubId = 112084382; name = "Luna Heyman"; }; toonn = { email = "nixpkgs@toonn.io"; matrix = "@toonn:matrix.org"; nixos/doc/manual/release-notes/rl-2605.section.md +2 −0 Original line number Diff line number Diff line Loading @@ -202,6 +202,8 @@ See <https://github.com/NixOS/nixpkgs/issues/481673>. - `services.slurm` now supports slurmrestd usage through the `services.slurm.rest` NixOS options. - The `services.calibre-web` systemd service has been hardened with additional sandboxing restrictions. - `services.kanidm` options for server, client and unix were moved under dedicated namespaces. For each component `enableComponent` and `componentSettings` are now `component.enable` and `component.settings`. The unix module now supports using SSH keys from Kanidm via Loading nixos/modules/services/web-apps/calibre-web.nix +39 −0 Original line number Diff line number Diff line Loading @@ -184,6 +184,45 @@ in CacheDirectory = "calibre-web"; CacheDirectoryMode = "0750"; NoNewPrivileges = true; ProtectSystem = "strict"; PrivateTmp = true; PrivateDevices = true; PrivateIPC = true; ProtectHostname = true; ProtectClock = true; ProtectKernelTunables = true; ProtectKernelLogs = true; ProtectControlGroups = true; LockPersonality = true; MemoryDenyWriteExecute = true; RestrictSUIDSGID = true; ProtectHome = true; ProtectProc = "invisible"; ProcSubset = "pid"; RestrictRealtime = true; SystemCallArchitectures = "native"; RestrictNamespaces = true; RemoveIPC = true; CapabilityBoundingSet = ""; AmbientCapabilities = ""; ProtectKernelModules = true; RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" "AF_NETLINK" ]; SystemCallFilter = [ "~@obsolete" "~@privileged" "~@raw-io" "~@resources" "~@mount" "~@debug" "~@cpu-emulation" ]; } // lib.optionalAttrs (!(lib.hasPrefix "/" cfg.dataDir)) { StateDirectory = cfg.dataDir; Loading nixos/modules/virtualisation/vmware-image.nix +12 −11 Original line number Diff line number Diff line Loading @@ -23,7 +23,6 @@ in (lib.mkRenamedOptionModuleWith { sinceRelease = 2505; from = [ "virtualisation" "vmware" "vmFileName" ]; Loading @@ -32,19 +31,21 @@ in "fileName" ]; }) (lib.modules.mkRenamedOptionModuleWith { sinceRelease = 2605; from = [ "vmware" "baseImageSize" ]; to = [ "virtualisation" "diskSize" ]; }) ]; options = { vmware = { baseImageSize = lib.mkOption { type = with lib.types; either (enum [ "auto" ]) int; default = "auto"; example = 2048; description = '' The size of the VMWare base image in MiB. ''; }; vmDerivationName = lib.mkOption { type = lib.types.str; default = "nixos-vmware-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}"; Loading Loading @@ -78,7 +79,7 @@ in rm $diskImage ''; format = "raw"; diskSize = cfg.baseImageSize; diskSize = config.virtualisation.diskSize; partitionTableType = "efi"; inherit config lib pkgs; }; Loading pkgs/applications/networking/cluster/terraform-providers/providers.json +11 −11 Original line number Diff line number Diff line Loading @@ -54,11 +54,11 @@ "vendorHash": "sha256-Hvk2jckla1LcMankcdUTct8Kea0OznyxDxTJ+UrJHy0=" }, "aminueza_minio": { "hash": "sha256-46ymgizu1ita4valeUvbCZcBTGHk9n9alUYkr9TG9iI=", "hash": "sha256-2YR5Ez7T1OhuFAEsNp8IrXcZhepSteLqxYADU9sSP9s=", "homepage": "https://registry.terraform.io/providers/aminueza/minio", "owner": "aminueza", "repo": "terraform-provider-minio", "rev": "v3.20.0", "rev": "v3.21.0", "spdx": "AGPL-3.0", "vendorHash": "sha256-AO6reoqxDcPAMXKlqjJLGmhsgFrekaQXjMPm9fxhpFA=" }, Loading Loading @@ -191,13 +191,13 @@ "vendorHash": "sha256-jK7JuARpoxq7hvq5+vTtUwcYot0YqlOZdtDwq4IqKvk=" }, "cloudamqp_cloudamqp": { "hash": "sha256-FrK+deN2X98pG42aDsN4WqiJOC4QcGGS58PoLQMnRXo=", "hash": "sha256-tuTfXQUACkFRrwsFixbHge75U4Z9DNnQ4nhnBmxjH+Y=", "homepage": "https://registry.terraform.io/providers/cloudamqp/cloudamqp", "owner": "cloudamqp", "repo": "terraform-provider-cloudamqp", "rev": "v1.42.1", "rev": "v1.43.0", "spdx": "MPL-2.0", "vendorHash": "sha256-1kuzWw7OhzruRT572pTR3zpE9jPGEuKRdwReWxte3/E=" "vendorHash": "sha256-w21DXJoylvysubXItM+wvuwD2RdqzoUKNC9zElTedEo=" }, "cloudflare_cloudflare": { "hash": "sha256-RuHAVcDK3KPO4I4FG/DodhNiWe63AexTo9IcyTZ360Q=", Loading Loading @@ -274,13 +274,13 @@ "vendorHash": "sha256-3o6YRDrq4rQhNAFyqiGJrAoxuAykWw85OExRGSE3kGI=" }, "datadog_datadog": { "hash": "sha256-at4p1fQpfA4F6H85jcvhqsZZTrEicF9//3JzhQSEp3s=", "hash": "sha256-dY588S4nilXX341KIMDoTFUragUvN8h+8TAcDcE8u64=", "homepage": "https://registry.terraform.io/providers/DataDog/datadog", "owner": "DataDog", "repo": "terraform-provider-datadog", "rev": "v3.89.0", "rev": "v3.90.0", "spdx": "MPL-2.0", "vendorHash": "sha256-50iJI5K5VdZ4VkiTQ2g4lwEfdjOz7CdRcMhc0NSIeBA=" "vendorHash": "sha256-zlSnjvWLm2puee1+vIDpAxwS5hYZS13Bg+uOdK+vzBU=" }, "datadrivers_nexus": { "hash": "sha256-Lm5CZ+eBDUNIL2KuK/iKc5dTif7P+E9II714vwvYuyU=", Loading Loading @@ -499,13 +499,13 @@ "vendorHash": "sha256-MYVkNvJ+rbwGw0htClIbmxk3YX2OK/ZO/QOTyMRFiug=" }, "hashicorp_aws": { "hash": "sha256-mrb+bxd6B0qzrU7LmlluraN4WQyT+LM0M2uSphkgLb4=", "hash": "sha256-oTYrC0XrzqHL5t/WeJw9V/vq7/G0Ra2De+TiTkmaWxk=", "homepage": "https://registry.terraform.io/providers/hashicorp/aws", "owner": "hashicorp", "repo": "terraform-provider-aws", "rev": "v6.28.0", "rev": "v6.34.0", "spdx": "MPL-2.0", "vendorHash": "sha256-Ce3ay7PGdv97fQQJjb3PHrvecv4g8vJ/HtSUHeUPqtU=" "vendorHash": "sha256-ukDTmgzd4aJ2SJ27qofCtagRTWlP9foF/WwrTkmZEI4=" }, "hashicorp_awscc": { "hash": "sha256-eJ4GiOkohhbuwsKtvoDlUM933F3Fd3b5HMLG3mjHBvA=", Loading Loading
maintainers/maintainer-list.nix +6 −7 Original line number Diff line number Diff line Loading @@ -6053,13 +6053,6 @@ github = "David-Kopczynski"; githubId = 53194670; }; david-r-cox = { email = "david@integrated-reasoning.com"; github = "david-r-cox"; githubId = 4259949; name = "David Cox"; keys = [ { fingerprint = "0056 A3F6 9918 1E0D 8FF0 BCDE 65BB 07FA A4D9 4634"; } ]; }; david-sawatzke = { email = "d-nix@sawatzke.dev"; github = "david-sawatzke"; Loading Loading @@ -27259,6 +27252,12 @@ githubId = 38566841; name = "Anthony Butt"; }; toodeluna = { email = "luna@toodeluna.net"; github = "toodeluna"; githubId = 112084382; name = "Luna Heyman"; }; toonn = { email = "nixpkgs@toonn.io"; matrix = "@toonn:matrix.org";
nixos/doc/manual/release-notes/rl-2605.section.md +2 −0 Original line number Diff line number Diff line Loading @@ -202,6 +202,8 @@ See <https://github.com/NixOS/nixpkgs/issues/481673>. - `services.slurm` now supports slurmrestd usage through the `services.slurm.rest` NixOS options. - The `services.calibre-web` systemd service has been hardened with additional sandboxing restrictions. - `services.kanidm` options for server, client and unix were moved under dedicated namespaces. For each component `enableComponent` and `componentSettings` are now `component.enable` and `component.settings`. The unix module now supports using SSH keys from Kanidm via Loading
nixos/modules/services/web-apps/calibre-web.nix +39 −0 Original line number Diff line number Diff line Loading @@ -184,6 +184,45 @@ in CacheDirectory = "calibre-web"; CacheDirectoryMode = "0750"; NoNewPrivileges = true; ProtectSystem = "strict"; PrivateTmp = true; PrivateDevices = true; PrivateIPC = true; ProtectHostname = true; ProtectClock = true; ProtectKernelTunables = true; ProtectKernelLogs = true; ProtectControlGroups = true; LockPersonality = true; MemoryDenyWriteExecute = true; RestrictSUIDSGID = true; ProtectHome = true; ProtectProc = "invisible"; ProcSubset = "pid"; RestrictRealtime = true; SystemCallArchitectures = "native"; RestrictNamespaces = true; RemoveIPC = true; CapabilityBoundingSet = ""; AmbientCapabilities = ""; ProtectKernelModules = true; RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" "AF_NETLINK" ]; SystemCallFilter = [ "~@obsolete" "~@privileged" "~@raw-io" "~@resources" "~@mount" "~@debug" "~@cpu-emulation" ]; } // lib.optionalAttrs (!(lib.hasPrefix "/" cfg.dataDir)) { StateDirectory = cfg.dataDir; Loading
nixos/modules/virtualisation/vmware-image.nix +12 −11 Original line number Diff line number Diff line Loading @@ -23,7 +23,6 @@ in (lib.mkRenamedOptionModuleWith { sinceRelease = 2505; from = [ "virtualisation" "vmware" "vmFileName" ]; Loading @@ -32,19 +31,21 @@ in "fileName" ]; }) (lib.modules.mkRenamedOptionModuleWith { sinceRelease = 2605; from = [ "vmware" "baseImageSize" ]; to = [ "virtualisation" "diskSize" ]; }) ]; options = { vmware = { baseImageSize = lib.mkOption { type = with lib.types; either (enum [ "auto" ]) int; default = "auto"; example = 2048; description = '' The size of the VMWare base image in MiB. ''; }; vmDerivationName = lib.mkOption { type = lib.types.str; default = "nixos-vmware-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}"; Loading Loading @@ -78,7 +79,7 @@ in rm $diskImage ''; format = "raw"; diskSize = cfg.baseImageSize; diskSize = config.virtualisation.diskSize; partitionTableType = "efi"; inherit config lib pkgs; }; Loading
pkgs/applications/networking/cluster/terraform-providers/providers.json +11 −11 Original line number Diff line number Diff line Loading @@ -54,11 +54,11 @@ "vendorHash": "sha256-Hvk2jckla1LcMankcdUTct8Kea0OznyxDxTJ+UrJHy0=" }, "aminueza_minio": { "hash": "sha256-46ymgizu1ita4valeUvbCZcBTGHk9n9alUYkr9TG9iI=", "hash": "sha256-2YR5Ez7T1OhuFAEsNp8IrXcZhepSteLqxYADU9sSP9s=", "homepage": "https://registry.terraform.io/providers/aminueza/minio", "owner": "aminueza", "repo": "terraform-provider-minio", "rev": "v3.20.0", "rev": "v3.21.0", "spdx": "AGPL-3.0", "vendorHash": "sha256-AO6reoqxDcPAMXKlqjJLGmhsgFrekaQXjMPm9fxhpFA=" }, Loading Loading @@ -191,13 +191,13 @@ "vendorHash": "sha256-jK7JuARpoxq7hvq5+vTtUwcYot0YqlOZdtDwq4IqKvk=" }, "cloudamqp_cloudamqp": { "hash": "sha256-FrK+deN2X98pG42aDsN4WqiJOC4QcGGS58PoLQMnRXo=", "hash": "sha256-tuTfXQUACkFRrwsFixbHge75U4Z9DNnQ4nhnBmxjH+Y=", "homepage": "https://registry.terraform.io/providers/cloudamqp/cloudamqp", "owner": "cloudamqp", "repo": "terraform-provider-cloudamqp", "rev": "v1.42.1", "rev": "v1.43.0", "spdx": "MPL-2.0", "vendorHash": "sha256-1kuzWw7OhzruRT572pTR3zpE9jPGEuKRdwReWxte3/E=" "vendorHash": "sha256-w21DXJoylvysubXItM+wvuwD2RdqzoUKNC9zElTedEo=" }, "cloudflare_cloudflare": { "hash": "sha256-RuHAVcDK3KPO4I4FG/DodhNiWe63AexTo9IcyTZ360Q=", Loading Loading @@ -274,13 +274,13 @@ "vendorHash": "sha256-3o6YRDrq4rQhNAFyqiGJrAoxuAykWw85OExRGSE3kGI=" }, "datadog_datadog": { "hash": "sha256-at4p1fQpfA4F6H85jcvhqsZZTrEicF9//3JzhQSEp3s=", "hash": "sha256-dY588S4nilXX341KIMDoTFUragUvN8h+8TAcDcE8u64=", "homepage": "https://registry.terraform.io/providers/DataDog/datadog", "owner": "DataDog", "repo": "terraform-provider-datadog", "rev": "v3.89.0", "rev": "v3.90.0", "spdx": "MPL-2.0", "vendorHash": "sha256-50iJI5K5VdZ4VkiTQ2g4lwEfdjOz7CdRcMhc0NSIeBA=" "vendorHash": "sha256-zlSnjvWLm2puee1+vIDpAxwS5hYZS13Bg+uOdK+vzBU=" }, "datadrivers_nexus": { "hash": "sha256-Lm5CZ+eBDUNIL2KuK/iKc5dTif7P+E9II714vwvYuyU=", Loading Loading @@ -499,13 +499,13 @@ "vendorHash": "sha256-MYVkNvJ+rbwGw0htClIbmxk3YX2OK/ZO/QOTyMRFiug=" }, "hashicorp_aws": { "hash": "sha256-mrb+bxd6B0qzrU7LmlluraN4WQyT+LM0M2uSphkgLb4=", "hash": "sha256-oTYrC0XrzqHL5t/WeJw9V/vq7/G0Ra2De+TiTkmaWxk=", "homepage": "https://registry.terraform.io/providers/hashicorp/aws", "owner": "hashicorp", "repo": "terraform-provider-aws", "rev": "v6.28.0", "rev": "v6.34.0", "spdx": "MPL-2.0", "vendorHash": "sha256-Ce3ay7PGdv97fQQJjb3PHrvecv4g8vJ/HtSUHeUPqtU=" "vendorHash": "sha256-ukDTmgzd4aJ2SJ27qofCtagRTWlP9foF/WwrTkmZEI4=" }, "hashicorp_awscc": { "hash": "sha256-eJ4GiOkohhbuwsKtvoDlUM933F3Fd3b5HMLG3mjHBvA=", Loading
![nixpkgs-ci[bot]'s avatar](https://secure.gravatar.com/avatar/21d9e4256a026824783d9069d7622ceb22d44398fd318ddfee596c72e5556369?s=48&d=identicon "nixpkgs-ci[bot]")