Loading nixos/modules/services/networking/wstunnel.nix +2 −2 Original line number Diff line number Diff line Loading @@ -294,7 +294,7 @@ let DynamicUser = true; SupplementaryGroups = optional (serverCfg.useACMEHost != null) certConfig.group; PrivateTmp = true; AmbientCapabilities = optional (serverCfg.listen.port < 1024) [ "CAP_NET_BIND_SERVICE" ]; AmbientCapabilities = optionals (serverCfg.listen.port < 1024) [ "CAP_NET_BIND_SERVICE" ]; NoNewPrivileges = true; RestrictNamespaces = "uts ipc pid user cgroup"; ProtectSystem = "strict"; Loading Loading @@ -340,7 +340,7 @@ let EnvironmentFile = optional (clientCfg.environmentFile != null) clientCfg.environmentFile; DynamicUser = true; PrivateTmp = true; AmbientCapabilities = (optional (clientCfg.soMark != null) [ "CAP_NET_ADMIN" ]) ++ (optional ((clientCfg.dynamicToRemote.port or 1024) < 1024 || (any (x: x.local.port < 1024) clientCfg.localToRemote)) [ "CAP_NET_BIND_SERVICE" ]); AmbientCapabilities = (optionals (clientCfg.soMark != null) [ "CAP_NET_ADMIN" ]) ++ (optionals ((clientCfg.dynamicToRemote.port or 1024) < 1024 || (any (x: x.local.port < 1024) clientCfg.localToRemote)) [ "CAP_NET_BIND_SERVICE" ]); NoNewPrivileges = true; RestrictNamespaces = "uts ipc pid user cgroup"; ProtectSystem = "strict"; Loading pkgs/applications/misc/blender/default.nix +1 −1 Original line number Diff line number Diff line Loading @@ -51,7 +51,7 @@ stdenv.mkDerivation rec { libharu libepoxy ] ++ lib.optional (!stdenv.isAarch64) [ ++ lib.optionals (!stdenv.isAarch64) [ openimagedenoise embree ] Loading pkgs/applications/misc/klipper-estimator/default.nix +1 −2 Original line number Diff line number Diff line Loading @@ -23,7 +23,7 @@ rustPlatform.buildRustPackage rec { buildInputs = [ openssl ] ++ lib.optional stdenv.isDarwin [ libgit2 Security ]; ++ lib.optionals stdenv.isDarwin [ libgit2 Security ]; nativeBuildInputs = [ pkg-config ]; Loading @@ -36,4 +36,3 @@ rustPlatform.buildRustPackage rec { maintainers = with maintainers; [ tmarkus ]; }; } pkgs/applications/networking/cluster/ssm-session-manager-plugin/default.nix +1 −1 Original line number Diff line number Diff line Loading @@ -31,7 +31,7 @@ buildGo120Package rec { ''; doCheck = true; checkFlags = "-skip TestSetSessionHandlers"; checkFlags = [ "-skip=TestSetSessionHandlers" ]; preCheck = '' if ! [[ $(go/bin/sessionmanagerplugin-main --version) = ${lib.escapeShellArg version} ]]; then Loading pkgs/applications/science/biology/blast/bin.nix +1 −1 Original line number Diff line number Diff line Loading @@ -35,7 +35,7 @@ in stdenv.mkDerivation { inherit pname version src; nativeBuildInputs = lib.optional stdenv.isLinux [ autoPatchelfHook ]; nativeBuildInputs = lib.optionals stdenv.isLinux [ autoPatchelfHook ]; buildInputs = [ python3 perl ] ++ lib.optionals stdenv.isLinux [ zlib bzip2 glib libxml2 ]; Loading Loading
nixos/modules/services/networking/wstunnel.nix +2 −2 Original line number Diff line number Diff line Loading @@ -294,7 +294,7 @@ let DynamicUser = true; SupplementaryGroups = optional (serverCfg.useACMEHost != null) certConfig.group; PrivateTmp = true; AmbientCapabilities = optional (serverCfg.listen.port < 1024) [ "CAP_NET_BIND_SERVICE" ]; AmbientCapabilities = optionals (serverCfg.listen.port < 1024) [ "CAP_NET_BIND_SERVICE" ]; NoNewPrivileges = true; RestrictNamespaces = "uts ipc pid user cgroup"; ProtectSystem = "strict"; Loading Loading @@ -340,7 +340,7 @@ let EnvironmentFile = optional (clientCfg.environmentFile != null) clientCfg.environmentFile; DynamicUser = true; PrivateTmp = true; AmbientCapabilities = (optional (clientCfg.soMark != null) [ "CAP_NET_ADMIN" ]) ++ (optional ((clientCfg.dynamicToRemote.port or 1024) < 1024 || (any (x: x.local.port < 1024) clientCfg.localToRemote)) [ "CAP_NET_BIND_SERVICE" ]); AmbientCapabilities = (optionals (clientCfg.soMark != null) [ "CAP_NET_ADMIN" ]) ++ (optionals ((clientCfg.dynamicToRemote.port or 1024) < 1024 || (any (x: x.local.port < 1024) clientCfg.localToRemote)) [ "CAP_NET_BIND_SERVICE" ]); NoNewPrivileges = true; RestrictNamespaces = "uts ipc pid user cgroup"; ProtectSystem = "strict"; Loading
pkgs/applications/misc/blender/default.nix +1 −1 Original line number Diff line number Diff line Loading @@ -51,7 +51,7 @@ stdenv.mkDerivation rec { libharu libepoxy ] ++ lib.optional (!stdenv.isAarch64) [ ++ lib.optionals (!stdenv.isAarch64) [ openimagedenoise embree ] Loading
pkgs/applications/misc/klipper-estimator/default.nix +1 −2 Original line number Diff line number Diff line Loading @@ -23,7 +23,7 @@ rustPlatform.buildRustPackage rec { buildInputs = [ openssl ] ++ lib.optional stdenv.isDarwin [ libgit2 Security ]; ++ lib.optionals stdenv.isDarwin [ libgit2 Security ]; nativeBuildInputs = [ pkg-config ]; Loading @@ -36,4 +36,3 @@ rustPlatform.buildRustPackage rec { maintainers = with maintainers; [ tmarkus ]; }; }
pkgs/applications/networking/cluster/ssm-session-manager-plugin/default.nix +1 −1 Original line number Diff line number Diff line Loading @@ -31,7 +31,7 @@ buildGo120Package rec { ''; doCheck = true; checkFlags = "-skip TestSetSessionHandlers"; checkFlags = [ "-skip=TestSetSessionHandlers" ]; preCheck = '' if ! [[ $(go/bin/sessionmanagerplugin-main --version) = ${lib.escapeShellArg version} ]]; then Loading
pkgs/applications/science/biology/blast/bin.nix +1 −1 Original line number Diff line number Diff line Loading @@ -35,7 +35,7 @@ in stdenv.mkDerivation { inherit pname version src; nativeBuildInputs = lib.optional stdenv.isLinux [ autoPatchelfHook ]; nativeBuildInputs = lib.optionals stdenv.isLinux [ autoPatchelfHook ]; buildInputs = [ python3 perl ] ++ lib.optionals stdenv.isLinux [ zlib bzip2 glib libxml2 ]; Loading
