Unverified Commit 89f06206 authored by Michael Daniels's avatar Michael Daniels
Browse files

Merge branch 'staging-next' into staging

parents 2020bdd0 d4d05c6e

.editorconfig

+3 −0
Original line number Diff line number Diff line
@@ -64,6 +64,9 @@ insert_final_newline = unset 
end_of_line = unset

trim_trailing_whitespace = unset



[*.json]

insert_final_newline = unset



[*.lock]

indent_size = unset

doc/release-notes/rl-2605.section.md

+2 −0
Original line number Diff line number Diff line
@@ -68,6 +68,8 @@ 


- `elegant-sddm` has been updated to be Qt6 compatible. Themes for SDDM are slightly different so read the [wiki](https://wiki.nixos.org/wiki/SDDM_Themes) for more.



- `forgejo` has been updated to major version 14. For more information, see the [release blog post](https://forgejo.org/2026-01-release-v14-0/) and [full release notes](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/14.0.0.md)



- `n8n` has been updated to version 2. You can find the breaking changes here: https://docs.n8n.io/2-0-breaking-changes/.



- `gurk-rs` has been updated from `0.6.4` to `0.8.0`. Version `0.8.0` includes breaking changes. For more information read the [release notes for 0.8.0](https://github.com/boxdot/gurk-rs/releases/tag/v0.8.0).

maintainers/maintainer-list.nix

+17 −6
Original line number Diff line number Diff line
@@ -5263,12 +5263,6 @@ 
    githubId = 244239;

    name = "Mauricio Collares";

  };

  coloquinte = {

    email = "gabriel.gouvine_nix@m4x.org";

    github = "Coloquinte";

    githubId = 4102525;

    name = "Gabriel Gouvine";

  };

  commandodev = {

    email = "ben@perurbis.com";

    github = "commandodev";
@@ -10801,6 +10795,12 @@ 
    githubId = 51334444;

    name = "Akshat Agarwal";

  };

  humemm = {

    email = "nixpkgs.scabbed988@passinbox.com";

    github = "humemm";

    githubId = 75555696;

    name = "humemm";

  };

  hummeltech = {

    email = "hummeltech@sherpaguru.com";

    github = "hummeltech";
@@ -16952,6 +16952,11 @@ 
    github = "mevatron";

    githubId = 714585;

  };

  mfairley = {

    name = "Michael Fairley";

    github = "mfairley";

    githubId = 4374785;

  };

  mfossen = {

    email = "msfossen@gmail.com";

    github = "mfossen";
@@ -18203,6 +18208,12 @@ 
    matrix = "@neoney:matrix.org";

    keys = [ { fingerprint = "9E6A 25F2 C1F2 9D76 ED00  1932 1261 173A 01E1 0298"; } ];

  };

  n3tshift = {

    email = "n3tshift@tilde.pink";

    github = "n3tshift";

    githubId = 254145391;

    name = "n3tshift";

  };

  n8henrie = {

    name = "Nathan Henrie";

    email = "nate@n8henrie.com";

maintainers/scripts/update-octave-packages

+6 −6
Original line number Diff line number Diff line
@@ -351,19 +351,19 @@ def _update_package(path, target): 
        text = _replace_value('hash', sri_hash, text)



    if fetcher == 'fetchFromGitHub':

        # in the case of fetchFromGitHub, it's common to see `rev = version;` or `rev = "v${version}";`

        # in the case of fetchFromGitHub, it's common to see `tag = version;` or `tag = "v${version}";`

        # in which no string value is meant to be substituted. However, we can just overwrite the previous value.

        regex = '(rev\s+=\s+[^;]*;)'

        regex = '(tag\s+=\s+[^;]*;)'

        regex = re.compile(regex)

        matches = regex.findall(text)

        n = len(matches)



        if n == 0:

            raise ValueError("Unable to find rev value for {}.".format(pname))

            raise ValueError("Unable to find tag value for {}.".format(pname))

        else:

            # forcefully rewrite rev, incase tagging conventions changed for a release

            # forcefully rewrite tag, incase tagging conventions changed for a release

            match = matches[0]

            text = text.replace(match, f'rev = "refs/tags/{prefix}${{version}}";')

            text = text.replace(match, f'tag = "{prefix}${{version}}";')

            # in case there's no prefix, just rewrite without interpolation

            text = text.replace('"${version}";', 'version;')

nixos/modules/services/networking/tayga.nix

+3 −8
Original line number Diff line number Diff line
@@ -167,7 +167,7 @@ in 
    networking.interfaces."${cfg.tunDevice}" = {

      virtual = true;

      virtualType = "tun";

      virtualOwner = mkIf config.networking.useNetworkd "";

      virtualOwner = null;

      ipv4 = {

        addresses = [

          {
@@ -205,9 +205,7 @@ in 
        ExecReload = "${pkgs.coreutils}/bin/kill -SIGHUP $MAINPID";

        Restart = "always";



        # Hardening Score:

        #  - nixos-scripts: 2.1

        #  - systemd-networkd: 1.6

        # Hardening Score: 1.5

        ProtectHome = true;

        SystemCallFilter = [

          "@network-io"
@@ -216,9 +214,6 @@ in 
          "~@resources"

        ];

        ProtectKernelLogs = true;

        AmbientCapabilities = [

          "CAP_NET_ADMIN"

        ];

        CapabilityBoundingSet = "";

        RestrictAddressFamilies = [

          "AF_INET"
@@ -226,7 +221,7 @@ in 
          "AF_NETLINK"

        ];

        StateDirectory = "tayga";

        DynamicUser = mkIf config.networking.useNetworkd true;

        DynamicUser = true;

        MemoryDenyWriteExecute = true;

        RestrictRealtime = true;

        RestrictSUIDSGID = true;