Loading nixos/modules/config/sysctl.nix +26 −19 Original line number Diff line number Diff line Loading @@ -66,11 +66,32 @@ in config = { environment.etc."sysctl.d/60-nixos.conf".text = lib.concatStrings ( environment.etc = { "sysctl.d/55-nixos-aslr-entropy.conf".source = pkgs.runCommand "55-nixos-aslr-entropy.conf" { inherit (config.boot.kernelPackages.kernel) configfile; } '' mmap_rnd_bits_max=$(grep "^CONFIG_ARCH_MMAP_RND_BITS_MAX=" $configfile | grep --only-matching "[0-9]*$") if [[ -z "$mmap_rnd_bits_max" ]]; then echo "Unable to determine mmap_rnd_bits_max. Check your kernel configfile is valid." exit 1 fi mmap_rnd_compat_bits_max=$(grep "^CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=" $configfile | grep --only-matching "[0-9]*$") if [[ -z "$mmap_rnd_compat_bits_max" ]]; then echo "Unable to determine mmap_rnd_compat_bits_max. Check your kernel configfile is valid." exit 1 fi echo "vm.mmap_rnd_bits=$mmap_rnd_bits_max" >> $out echo "vm.mmap_rnd_compat_bits=$mmap_rnd_compat_bits_max" >> $out ''; "sysctl.d/60-nixos.conf".text = lib.concatStrings ( lib.mapAttrsToList ( n: v: lib.optionalString (v != null) "${n}=${if v == false then "0" else toString v}\n" ) config.boot.kernel.sysctl ); }; systemd.services.systemd-sysctl = { wantedBy = [ "multi-user.target" ]; Loading @@ -92,20 +113,6 @@ in # the value below is used by default on several other distros. "fs.inotify.max_user_instances" = lib.mkDefault 524288; "fs.inotify.max_user_watches" = lib.mkDefault 524288; # Maximise address space randomisation. "vm.mmap_rnd_bits" = lib.mkMerge [ (lib.mkIf pkgs.stdenv.hostPlatform.isAarch64 ( # Ideally, we'd want to set this to 33 on 4K pagesize # kernels, but some vendor kernels e.g. linux_rpi can # do a maximum of 24. lib.mkDefault 24 )) (lib.mkIf pkgs.stdenv.hostPlatform.isx86_64 (lib.mkDefault 32)) ]; "vm.mmap_rnd_compat_bits" = lib.mkIf ( pkgs.stdenv.hostPlatform.isx86_64 || pkgs.stdenv.hostPlatform.isAarch64 ) (lib.mkDefault 16); }; }; } nixos/modules/services/ttys/getty.nix +2 −0 Original line number Diff line number Diff line Loading @@ -13,6 +13,8 @@ let baseArgs = [ "--login-program" "${cfg.loginProgram}" "--issue-file" "/etc/issue:/etc/issue.d:/run/issue:/run/issue.d" ] ++ optionals (cfg.autologinUser != null && !cfg.autologinOnce) [ "--autologin" Loading pkgs/by-name/li/libblake3/package.nix +2 −2 Original line number Diff line number Diff line Loading @@ -10,7 +10,7 @@ stdenv.mkDerivation (finalAttrs: { pname = "libblake3"; version = "1.8.4"; version = "1.8.5"; outputs = [ "out" Loading @@ -21,7 +21,7 @@ stdenv.mkDerivation (finalAttrs: { owner = "BLAKE3-team"; repo = "BLAKE3"; tag = finalAttrs.version; hash = "sha256-Xz0LH0YpUjDishvXsW6VNK8msFlPXg08wFoSfbgws0g="; hash = "sha256-4Oany3uk0759YIZgD1gsONSFU1Mn/GAMvsSeP33J9Ts="; }; sourceRoot = finalAttrs.src.name + "/c"; Loading pkgs/by-name/na/nano/package.nix +2 −2 Original line number Diff line number Diff line Loading @@ -31,11 +31,11 @@ let in stdenv.mkDerivation rec { pname = "nano"; version = "8.7.1"; version = "9.0"; src = fetchurl { url = "mirror://gnu/nano/${pname}-${version}.tar.xz"; hash = "sha256-dvDcskjy4vElHU7NIP0w+0AKNgo6N8bDQOClLC0c3t8="; hash = "sha256-nzhDdLSWEQoltzrVpf67OEeDxuMYizcGP2d6yQgBP94="; }; nativeBuildInputs = [ texinfo ] ++ lib.optional enableNls gettext; Loading pkgs/by-name/st/strace/package.nix +2 −2 Original line number Diff line number Diff line Loading @@ -11,11 +11,11 @@ stdenv.mkDerivation (finalAttrs: { pname = "strace"; version = "6.19"; version = "7.0"; src = fetchurl { url = "https://strace.io/files/${finalAttrs.version}/strace-${finalAttrs.version}.tar.xz"; hash = "sha256-4HbIUe7AlySG7IQhZP3FRUf50Xq9PRRJ3osSD10pkUM="; hash = "sha256-bJJBm+Py7FYLMXKKRlIhfFmGTIZCunsbN3GxsBOtB0s="; }; separateDebugInfo = true; Loading Loading
nixos/modules/config/sysctl.nix +26 −19 Original line number Diff line number Diff line Loading @@ -66,11 +66,32 @@ in config = { environment.etc."sysctl.d/60-nixos.conf".text = lib.concatStrings ( environment.etc = { "sysctl.d/55-nixos-aslr-entropy.conf".source = pkgs.runCommand "55-nixos-aslr-entropy.conf" { inherit (config.boot.kernelPackages.kernel) configfile; } '' mmap_rnd_bits_max=$(grep "^CONFIG_ARCH_MMAP_RND_BITS_MAX=" $configfile | grep --only-matching "[0-9]*$") if [[ -z "$mmap_rnd_bits_max" ]]; then echo "Unable to determine mmap_rnd_bits_max. Check your kernel configfile is valid." exit 1 fi mmap_rnd_compat_bits_max=$(grep "^CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=" $configfile | grep --only-matching "[0-9]*$") if [[ -z "$mmap_rnd_compat_bits_max" ]]; then echo "Unable to determine mmap_rnd_compat_bits_max. Check your kernel configfile is valid." exit 1 fi echo "vm.mmap_rnd_bits=$mmap_rnd_bits_max" >> $out echo "vm.mmap_rnd_compat_bits=$mmap_rnd_compat_bits_max" >> $out ''; "sysctl.d/60-nixos.conf".text = lib.concatStrings ( lib.mapAttrsToList ( n: v: lib.optionalString (v != null) "${n}=${if v == false then "0" else toString v}\n" ) config.boot.kernel.sysctl ); }; systemd.services.systemd-sysctl = { wantedBy = [ "multi-user.target" ]; Loading @@ -92,20 +113,6 @@ in # the value below is used by default on several other distros. "fs.inotify.max_user_instances" = lib.mkDefault 524288; "fs.inotify.max_user_watches" = lib.mkDefault 524288; # Maximise address space randomisation. "vm.mmap_rnd_bits" = lib.mkMerge [ (lib.mkIf pkgs.stdenv.hostPlatform.isAarch64 ( # Ideally, we'd want to set this to 33 on 4K pagesize # kernels, but some vendor kernels e.g. linux_rpi can # do a maximum of 24. lib.mkDefault 24 )) (lib.mkIf pkgs.stdenv.hostPlatform.isx86_64 (lib.mkDefault 32)) ]; "vm.mmap_rnd_compat_bits" = lib.mkIf ( pkgs.stdenv.hostPlatform.isx86_64 || pkgs.stdenv.hostPlatform.isAarch64 ) (lib.mkDefault 16); }; }; }
nixos/modules/services/ttys/getty.nix +2 −0 Original line number Diff line number Diff line Loading @@ -13,6 +13,8 @@ let baseArgs = [ "--login-program" "${cfg.loginProgram}" "--issue-file" "/etc/issue:/etc/issue.d:/run/issue:/run/issue.d" ] ++ optionals (cfg.autologinUser != null && !cfg.autologinOnce) [ "--autologin" Loading
pkgs/by-name/li/libblake3/package.nix +2 −2 Original line number Diff line number Diff line Loading @@ -10,7 +10,7 @@ stdenv.mkDerivation (finalAttrs: { pname = "libblake3"; version = "1.8.4"; version = "1.8.5"; outputs = [ "out" Loading @@ -21,7 +21,7 @@ stdenv.mkDerivation (finalAttrs: { owner = "BLAKE3-team"; repo = "BLAKE3"; tag = finalAttrs.version; hash = "sha256-Xz0LH0YpUjDishvXsW6VNK8msFlPXg08wFoSfbgws0g="; hash = "sha256-4Oany3uk0759YIZgD1gsONSFU1Mn/GAMvsSeP33J9Ts="; }; sourceRoot = finalAttrs.src.name + "/c"; Loading
pkgs/by-name/na/nano/package.nix +2 −2 Original line number Diff line number Diff line Loading @@ -31,11 +31,11 @@ let in stdenv.mkDerivation rec { pname = "nano"; version = "8.7.1"; version = "9.0"; src = fetchurl { url = "mirror://gnu/nano/${pname}-${version}.tar.xz"; hash = "sha256-dvDcskjy4vElHU7NIP0w+0AKNgo6N8bDQOClLC0c3t8="; hash = "sha256-nzhDdLSWEQoltzrVpf67OEeDxuMYizcGP2d6yQgBP94="; }; nativeBuildInputs = [ texinfo ] ++ lib.optional enableNls gettext; Loading
pkgs/by-name/st/strace/package.nix +2 −2 Original line number Diff line number Diff line Loading @@ -11,11 +11,11 @@ stdenv.mkDerivation (finalAttrs: { pname = "strace"; version = "6.19"; version = "7.0"; src = fetchurl { url = "https://strace.io/files/${finalAttrs.version}/strace-${finalAttrs.version}.tar.xz"; hash = "sha256-4HbIUe7AlySG7IQhZP3FRUf50Xq9PRRJ3osSD10pkUM="; hash = "sha256-bJJBm+Py7FYLMXKKRlIhfFmGTIZCunsbN3GxsBOtB0s="; }; separateDebugInfo = true; Loading
