Loading nixos/modules/security/sudo.nix +4 −0 Original line number Diff line number Diff line Loading @@ -192,6 +192,10 @@ in ###### implementation config = mkIf cfg.enable { assertions = [ { assertion = cfg.package.pname != "sudo-rs"; message = "The NixOS `sudo` module does not work with `sudo-rs` yet."; } ]; # We `mkOrder 600` so that the default rule shows up first, but there is # still enough room for a user to `mkBefore` it. Loading nixos/modules/services/matrix/mautrix-telegram.nix +0 −1 Original line number Diff line number Diff line Loading @@ -159,7 +159,6 @@ in { if [ ! -f '${registrationFile}' ]; then ${pkgs.mautrix-telegram}/bin/mautrix-telegram \ --generate-registration \ --base-config='${pkgs.mautrix-telegram}/${pkgs.mautrix-telegram.pythonModule.sitePackages}/mautrix_telegram/example-config.yaml' \ --config='${settingsFile}' \ --registration='${registrationFile}' fi Loading nixos/modules/services/monitoring/mimir.nix +12 −2 Original line number Diff line number Diff line Loading @@ -32,11 +32,21 @@ in { type = types.package; description = lib.mdDoc ''Mimir package to use.''; }; extraFlags = mkOption { type = types.listOf types.str; default = []; example = [ "--config.expand-env=true" ]; description = lib.mdDoc '' Specify a list of additional command line flags, which get escaped and are then passed to Mimir. ''; }; }; config = mkIf cfg.enable { # for mimirtool environment.systemPackages = [ pkgs.mimir ]; environment.systemPackages = [ cfg.package ]; assertions = [{ assertion = ( Loading @@ -60,7 +70,7 @@ in { else cfg.configFile; in { ExecStart = "${cfg.package}/bin/mimir --config.file=${conf}"; ExecStart = "${cfg.package}/bin/mimir --config.file=${conf} ${escapeShellArgs cfg.extraFlags}"; DynamicUser = true; Restart = "always"; ProtectSystem = "full"; Loading nixos/modules/services/networking/nftables.nix +21 −1 Original line number Diff line number Diff line Loading @@ -70,6 +70,26 @@ in ''; }; networking.nftables.checkRulesetRedirects = mkOption { type = types.addCheck (types.attrsOf types.path) (attrs: all types.path.check (attrNames attrs)); default = { "/etc/hosts" = config.environment.etc.hosts.source; "/etc/protocols" = config.environment.etc.protocols.source; "/etc/services" = config.environment.etc.services.source; }; defaultText = literalExpression '' { "/etc/hosts" = config.environment.etc.hosts.source; "/etc/protocols" = config.environment.etc.protocols.source; "/etc/services" = config.environment.etc.services.source; } ''; description = mdDoc '' Set of paths that should be intercepted and rewritten while checking the ruleset using `pkgs.buildPackages.libredirect`. ''; }; networking.nftables.preCheckRuleset = mkOption { type = types.lines; default = ""; Loading Loading @@ -282,7 +302,7 @@ in cp $out ruleset.conf sed 's|include "${deletionsScriptVar}"||' -i ruleset.conf ${cfg.preCheckRuleset} export NIX_REDIRECTS=/etc/protocols=${pkgs.buildPackages.iana-etc}/etc/protocols:/etc/services=${pkgs.buildPackages.iana-etc}/etc/services export NIX_REDIRECTS=${escapeShellArg (concatStringsSep ":" (mapAttrsToList (n: v: "${n}=${v}") cfg.checkRulesetRedirects))} LD_PRELOAD="${pkgs.buildPackages.libredirect}/lib/libredirect.so ${pkgs.buildPackages.lklWithFirewall.lib}/lib/liblkl-hijack.so" \ ${pkgs.buildPackages.nftables}/bin/nft --check --file ruleset.conf ''; Loading pkgs/applications/blockchains/wasabiwallet/default.nix +6 −10 Original line number Diff line number Diff line Loading @@ -3,24 +3,18 @@ , makeWrapper , fetchurl , makeDesktopItem , curl , dotnetCorePackages , lttng-ust_2_12 , fontconfig , krb5 , openssl , xorg , zlib }: let dotnet-runtime = dotnetCorePackages.runtime_6_0; # These libraries are dynamically loaded by the application, # and need to be present in LD_LIBRARY_PATH runtimeLibs = [ curl fontconfig.lib krb5 openssl stdenv.cc.cc.lib xorg.libX11 Loading @@ -31,11 +25,11 @@ let in stdenv.mkDerivation rec { pname = "wasabiwallet"; version = "2.0.3"; version = "2.0.4"; src = fetchurl { url = "https://github.com/zkSNACKs/WalletWasabi/releases/download/v${version}/Wasabi-${version}.tar.gz"; sha256 = "sha256-RlWaeOK6XqxyCIQQp1/X6iG9t7f3ER5K+S3ZvPg6wBg="; sha256 = "sha256-VYyf9rKBRPpnxuaeO6aAq7cQwDfBRLRbH4SlPS+bxFQ="; }; dontBuild = true; Loading @@ -58,8 +52,10 @@ stdenv.mkDerivation rec { mkdir -p $out/opt/${pname} $out/bin $out/share/applications cp -Rv . $out/opt/${pname} makeWrapper "${dotnet-runtime}/bin/dotnet" "$out/bin/${pname}" \ --add-flags "$out/opt/${pname}/WalletWasabi.Fluent.Desktop.dll" \ makeWrapper "$out/opt/${pname}/wassabee" "$out/bin/${pname}" \ --suffix "LD_LIBRARY_PATH" : "${lib.makeLibraryPath runtimeLibs}" makeWrapper "$out/opt/${pname}/wassabeed" "$out/bin/${pname}d" \ --suffix "LD_LIBRARY_PATH" : "${lib.makeLibraryPath runtimeLibs}" cp -v $desktopItem/share/applications/* $out/share/applications Loading Loading
nixos/modules/security/sudo.nix +4 −0 Original line number Diff line number Diff line Loading @@ -192,6 +192,10 @@ in ###### implementation config = mkIf cfg.enable { assertions = [ { assertion = cfg.package.pname != "sudo-rs"; message = "The NixOS `sudo` module does not work with `sudo-rs` yet."; } ]; # We `mkOrder 600` so that the default rule shows up first, but there is # still enough room for a user to `mkBefore` it. Loading
nixos/modules/services/matrix/mautrix-telegram.nix +0 −1 Original line number Diff line number Diff line Loading @@ -159,7 +159,6 @@ in { if [ ! -f '${registrationFile}' ]; then ${pkgs.mautrix-telegram}/bin/mautrix-telegram \ --generate-registration \ --base-config='${pkgs.mautrix-telegram}/${pkgs.mautrix-telegram.pythonModule.sitePackages}/mautrix_telegram/example-config.yaml' \ --config='${settingsFile}' \ --registration='${registrationFile}' fi Loading
nixos/modules/services/monitoring/mimir.nix +12 −2 Original line number Diff line number Diff line Loading @@ -32,11 +32,21 @@ in { type = types.package; description = lib.mdDoc ''Mimir package to use.''; }; extraFlags = mkOption { type = types.listOf types.str; default = []; example = [ "--config.expand-env=true" ]; description = lib.mdDoc '' Specify a list of additional command line flags, which get escaped and are then passed to Mimir. ''; }; }; config = mkIf cfg.enable { # for mimirtool environment.systemPackages = [ pkgs.mimir ]; environment.systemPackages = [ cfg.package ]; assertions = [{ assertion = ( Loading @@ -60,7 +70,7 @@ in { else cfg.configFile; in { ExecStart = "${cfg.package}/bin/mimir --config.file=${conf}"; ExecStart = "${cfg.package}/bin/mimir --config.file=${conf} ${escapeShellArgs cfg.extraFlags}"; DynamicUser = true; Restart = "always"; ProtectSystem = "full"; Loading
nixos/modules/services/networking/nftables.nix +21 −1 Original line number Diff line number Diff line Loading @@ -70,6 +70,26 @@ in ''; }; networking.nftables.checkRulesetRedirects = mkOption { type = types.addCheck (types.attrsOf types.path) (attrs: all types.path.check (attrNames attrs)); default = { "/etc/hosts" = config.environment.etc.hosts.source; "/etc/protocols" = config.environment.etc.protocols.source; "/etc/services" = config.environment.etc.services.source; }; defaultText = literalExpression '' { "/etc/hosts" = config.environment.etc.hosts.source; "/etc/protocols" = config.environment.etc.protocols.source; "/etc/services" = config.environment.etc.services.source; } ''; description = mdDoc '' Set of paths that should be intercepted and rewritten while checking the ruleset using `pkgs.buildPackages.libredirect`. ''; }; networking.nftables.preCheckRuleset = mkOption { type = types.lines; default = ""; Loading Loading @@ -282,7 +302,7 @@ in cp $out ruleset.conf sed 's|include "${deletionsScriptVar}"||' -i ruleset.conf ${cfg.preCheckRuleset} export NIX_REDIRECTS=/etc/protocols=${pkgs.buildPackages.iana-etc}/etc/protocols:/etc/services=${pkgs.buildPackages.iana-etc}/etc/services export NIX_REDIRECTS=${escapeShellArg (concatStringsSep ":" (mapAttrsToList (n: v: "${n}=${v}") cfg.checkRulesetRedirects))} LD_PRELOAD="${pkgs.buildPackages.libredirect}/lib/libredirect.so ${pkgs.buildPackages.lklWithFirewall.lib}/lib/liblkl-hijack.so" \ ${pkgs.buildPackages.nftables}/bin/nft --check --file ruleset.conf ''; Loading
pkgs/applications/blockchains/wasabiwallet/default.nix +6 −10 Original line number Diff line number Diff line Loading @@ -3,24 +3,18 @@ , makeWrapper , fetchurl , makeDesktopItem , curl , dotnetCorePackages , lttng-ust_2_12 , fontconfig , krb5 , openssl , xorg , zlib }: let dotnet-runtime = dotnetCorePackages.runtime_6_0; # These libraries are dynamically loaded by the application, # and need to be present in LD_LIBRARY_PATH runtimeLibs = [ curl fontconfig.lib krb5 openssl stdenv.cc.cc.lib xorg.libX11 Loading @@ -31,11 +25,11 @@ let in stdenv.mkDerivation rec { pname = "wasabiwallet"; version = "2.0.3"; version = "2.0.4"; src = fetchurl { url = "https://github.com/zkSNACKs/WalletWasabi/releases/download/v${version}/Wasabi-${version}.tar.gz"; sha256 = "sha256-RlWaeOK6XqxyCIQQp1/X6iG9t7f3ER5K+S3ZvPg6wBg="; sha256 = "sha256-VYyf9rKBRPpnxuaeO6aAq7cQwDfBRLRbH4SlPS+bxFQ="; }; dontBuild = true; Loading @@ -58,8 +52,10 @@ stdenv.mkDerivation rec { mkdir -p $out/opt/${pname} $out/bin $out/share/applications cp -Rv . $out/opt/${pname} makeWrapper "${dotnet-runtime}/bin/dotnet" "$out/bin/${pname}" \ --add-flags "$out/opt/${pname}/WalletWasabi.Fluent.Desktop.dll" \ makeWrapper "$out/opt/${pname}/wassabee" "$out/bin/${pname}" \ --suffix "LD_LIBRARY_PATH" : "${lib.makeLibraryPath runtimeLibs}" makeWrapper "$out/opt/${pname}/wassabeed" "$out/bin/${pname}d" \ --suffix "LD_LIBRARY_PATH" : "${lib.makeLibraryPath runtimeLibs}" cp -v $desktopItem/share/applications/* $out/share/applications Loading
![github-actions[bot]'s avatar](https://secure.gravatar.com/avatar/e7cd911927c7d1acf6281b69d385990d8fadcd26871048bbcdbff2e88da7f607?s=48&d=identicon "github-actions[bot]")