Loading lib/licenses.nix +15 −0 Original line number Diff line number Diff line Loading @@ -877,6 +877,21 @@ in mkLicense lset) ({ fullName = "Non-Profit Open Software License 3.0"; }; nvidiaCuda = { shortName = "CUDA EULA"; fullName = "CUDA Toolkit End User License Agreement (EULA)"; url = "https://docs.nvidia.com/cuda/eula/index.html#cuda-toolkit-supplement-license-agreement"; free = false; }; nvidiaCudaRedist = { shortName = "CUDA EULA"; fullName = "CUDA Toolkit End User License Agreement (EULA)"; url = "https://docs.nvidia.com/cuda/eula/index.html#cuda-toolkit-supplement-license-agreement"; free = false; redistributable = true; }; obsidian = { fullName = "Obsidian End User Agreement"; url = "https://obsidian.md/eula"; Loading maintainers/maintainer-list.nix +15 −3 Original line number Diff line number Diff line Loading @@ -7998,6 +7998,12 @@ githubId = 488556; name = "Javier Aguirre"; }; javimerino = { email = "merino.jav@gmail.com"; name = "Javi Merino"; github = "JaviMerino"; githubId = 44926; }; jayesh-bhoot = { name = "Jayesh Bhoot"; email = "jb@jayeshbhoot.com"; Loading Loading @@ -14623,7 +14629,7 @@ }; quantenzitrone = { email = "quantenzitrone@protonmail.com"; github = "Quantenzitrone"; github = "quantenzitrone"; githubId = 74491719; matrix = "@quantenzitrone:matrix.org"; name = "quantenzitrone"; Loading Loading @@ -19078,6 +19084,12 @@ fingerprint = "640B EDDE 9734 310A BFA3 B257 52ED AE6A 3995 AFAB"; }]; }; whiteley = { email = "mattwhiteley@gmail.com"; github = "whiteley"; githubId = 2215; name = "Matt Whiteley"; }; WhittlesJr = { email = "alex.joseph.whitt@gmail.com"; github = "WhittlesJr"; Loading Loading @@ -19381,11 +19393,11 @@ name = "Uli Baum"; }; xfix = { email = "konrad@borowski.pw"; email = "kamila@borowska.pw"; matrix = "@xfix:matrix.org"; github = "xfix"; githubId = 1297598; name = "Konrad Borowski"; name = "Kamila Borowska"; }; xfnw = { email = "xfnw+nixos@riseup.net"; Loading nixos/doc/manual/release-notes/rl-2311.section.md +2 −0 Original line number Diff line number Diff line Loading @@ -485,6 +485,8 @@ The module update takes care of the new config syntax and the data itself (user - `keepTerminfo` controls whether `TERMINFO` and `TERMINFO_DIRS` are preserved for `root` and the `wheel` group. - `virtualisation.googleComputeImage` now provides `efi` option to support UEFI booting. - CoreDNS can now be built with external plugins by overriding `externalPlugins` and `vendorHash` arguments like this: ``` Loading nixos/modules/services/audio/wyoming/faster-whisper.nix +2 −1 Original line number Diff line number Diff line Loading @@ -146,6 +146,8 @@ in CapabilityBoundingSet = ""; DeviceAllow = if builtins.elem options.device [ "cuda" "auto" ] then [ # https://docs.nvidia.com/dgx/pdf/dgx-os-5-user-guide.pdf # CUDA not working? Check DeviceAllow and PrivateDevices first! "/dev/nvidia0" "/dev/nvidia1" "/dev/nvidia2" "/dev/nvidia3" Loading @@ -160,7 +162,6 @@ in DevicePolicy = "closed"; LockPersonality = true; MemoryDenyWriteExecute = true; PrivateDevices = true; PrivateUsers = true; ProtectHome = true; ProtectHostname = true; Loading nixos/modules/services/monitoring/netdata.nix +11 −1 Original line number Diff line number Diff line Loading @@ -12,6 +12,7 @@ let ln -s /run/wrappers/bin/perf.plugin $out/libexec/netdata/plugins.d/perf.plugin ln -s /run/wrappers/bin/slabinfo.plugin $out/libexec/netdata/plugins.d/slabinfo.plugin ln -s /run/wrappers/bin/freeipmi.plugin $out/libexec/netdata/plugins.d/freeipmi.plugin ln -s /run/wrappers/bin/systemd-journal.plugin $out/libexec/netdata/plugins.d/systemd-journal.plugin ''; plugins = [ Loading Loading @@ -254,7 +255,7 @@ in { # Capabilities CapabilityBoundingSet = [ "CAP_DAC_OVERRIDE" # is required for freeipmi and slabinfo plugins "CAP_DAC_READ_SEARCH" # is required for apps plugin "CAP_DAC_READ_SEARCH" # is required for apps and systemd-journal plugin "CAP_FOWNER" # is required for freeipmi plugin "CAP_SETPCAP" # is required for apps, perf and slabinfo plugins "CAP_SYS_ADMIN" # is required for perf plugin Loading @@ -263,6 +264,7 @@ in { "CAP_NET_RAW" # is required for fping app "CAP_SYS_CHROOT" # is required for cgroups plugin "CAP_SETUID" # is required for cgroups and cgroups-network plugins "CAP_SYSLOG" # is required for systemd-journal plugin ]; # Sandboxing ProtectSystem = "full"; Loading Loading @@ -318,6 +320,14 @@ in { permissions = "u+rx,g+x,o-rwx"; }; "systemd-journal.plugin" = { source = "${cfg.package}/libexec/netdata/plugins.d/systemd-journal.plugin.org"; capabilities = "cap_dac_read_search,cap_syslog+ep"; owner = cfg.user; group = cfg.group; permissions = "u+rx,g+x,o-rwx"; }; "slabinfo.plugin" = { source = "${cfg.package}/libexec/netdata/plugins.d/slabinfo.plugin.org"; capabilities = "cap_dac_override+ep"; Loading Loading
lib/licenses.nix +15 −0 Original line number Diff line number Diff line Loading @@ -877,6 +877,21 @@ in mkLicense lset) ({ fullName = "Non-Profit Open Software License 3.0"; }; nvidiaCuda = { shortName = "CUDA EULA"; fullName = "CUDA Toolkit End User License Agreement (EULA)"; url = "https://docs.nvidia.com/cuda/eula/index.html#cuda-toolkit-supplement-license-agreement"; free = false; }; nvidiaCudaRedist = { shortName = "CUDA EULA"; fullName = "CUDA Toolkit End User License Agreement (EULA)"; url = "https://docs.nvidia.com/cuda/eula/index.html#cuda-toolkit-supplement-license-agreement"; free = false; redistributable = true; }; obsidian = { fullName = "Obsidian End User Agreement"; url = "https://obsidian.md/eula"; Loading
maintainers/maintainer-list.nix +15 −3 Original line number Diff line number Diff line Loading @@ -7998,6 +7998,12 @@ githubId = 488556; name = "Javier Aguirre"; }; javimerino = { email = "merino.jav@gmail.com"; name = "Javi Merino"; github = "JaviMerino"; githubId = 44926; }; jayesh-bhoot = { name = "Jayesh Bhoot"; email = "jb@jayeshbhoot.com"; Loading Loading @@ -14623,7 +14629,7 @@ }; quantenzitrone = { email = "quantenzitrone@protonmail.com"; github = "Quantenzitrone"; github = "quantenzitrone"; githubId = 74491719; matrix = "@quantenzitrone:matrix.org"; name = "quantenzitrone"; Loading Loading @@ -19078,6 +19084,12 @@ fingerprint = "640B EDDE 9734 310A BFA3 B257 52ED AE6A 3995 AFAB"; }]; }; whiteley = { email = "mattwhiteley@gmail.com"; github = "whiteley"; githubId = 2215; name = "Matt Whiteley"; }; WhittlesJr = { email = "alex.joseph.whitt@gmail.com"; github = "WhittlesJr"; Loading Loading @@ -19381,11 +19393,11 @@ name = "Uli Baum"; }; xfix = { email = "konrad@borowski.pw"; email = "kamila@borowska.pw"; matrix = "@xfix:matrix.org"; github = "xfix"; githubId = 1297598; name = "Konrad Borowski"; name = "Kamila Borowska"; }; xfnw = { email = "xfnw+nixos@riseup.net"; Loading
nixos/doc/manual/release-notes/rl-2311.section.md +2 −0 Original line number Diff line number Diff line Loading @@ -485,6 +485,8 @@ The module update takes care of the new config syntax and the data itself (user - `keepTerminfo` controls whether `TERMINFO` and `TERMINFO_DIRS` are preserved for `root` and the `wheel` group. - `virtualisation.googleComputeImage` now provides `efi` option to support UEFI booting. - CoreDNS can now be built with external plugins by overriding `externalPlugins` and `vendorHash` arguments like this: ``` Loading
nixos/modules/services/audio/wyoming/faster-whisper.nix +2 −1 Original line number Diff line number Diff line Loading @@ -146,6 +146,8 @@ in CapabilityBoundingSet = ""; DeviceAllow = if builtins.elem options.device [ "cuda" "auto" ] then [ # https://docs.nvidia.com/dgx/pdf/dgx-os-5-user-guide.pdf # CUDA not working? Check DeviceAllow and PrivateDevices first! "/dev/nvidia0" "/dev/nvidia1" "/dev/nvidia2" "/dev/nvidia3" Loading @@ -160,7 +162,6 @@ in DevicePolicy = "closed"; LockPersonality = true; MemoryDenyWriteExecute = true; PrivateDevices = true; PrivateUsers = true; ProtectHome = true; ProtectHostname = true; Loading
nixos/modules/services/monitoring/netdata.nix +11 −1 Original line number Diff line number Diff line Loading @@ -12,6 +12,7 @@ let ln -s /run/wrappers/bin/perf.plugin $out/libexec/netdata/plugins.d/perf.plugin ln -s /run/wrappers/bin/slabinfo.plugin $out/libexec/netdata/plugins.d/slabinfo.plugin ln -s /run/wrappers/bin/freeipmi.plugin $out/libexec/netdata/plugins.d/freeipmi.plugin ln -s /run/wrappers/bin/systemd-journal.plugin $out/libexec/netdata/plugins.d/systemd-journal.plugin ''; plugins = [ Loading Loading @@ -254,7 +255,7 @@ in { # Capabilities CapabilityBoundingSet = [ "CAP_DAC_OVERRIDE" # is required for freeipmi and slabinfo plugins "CAP_DAC_READ_SEARCH" # is required for apps plugin "CAP_DAC_READ_SEARCH" # is required for apps and systemd-journal plugin "CAP_FOWNER" # is required for freeipmi plugin "CAP_SETPCAP" # is required for apps, perf and slabinfo plugins "CAP_SYS_ADMIN" # is required for perf plugin Loading @@ -263,6 +264,7 @@ in { "CAP_NET_RAW" # is required for fping app "CAP_SYS_CHROOT" # is required for cgroups plugin "CAP_SETUID" # is required for cgroups and cgroups-network plugins "CAP_SYSLOG" # is required for systemd-journal plugin ]; # Sandboxing ProtectSystem = "full"; Loading Loading @@ -318,6 +320,14 @@ in { permissions = "u+rx,g+x,o-rwx"; }; "systemd-journal.plugin" = { source = "${cfg.package}/libexec/netdata/plugins.d/systemd-journal.plugin.org"; capabilities = "cap_dac_read_search,cap_syslog+ep"; owner = cfg.user; group = cfg.group; permissions = "u+rx,g+x,o-rwx"; }; "slabinfo.plugin" = { source = "${cfg.package}/libexec/netdata/plugins.d/slabinfo.plugin.org"; capabilities = "cap_dac_override+ep"; Loading
![github-actions[bot]'s avatar](https://secure.gravatar.com/avatar/e7cd911927c7d1acf6281b69d385990d8fadcd26871048bbcdbff2e88da7f607?s=48&d=identicon "github-actions[bot]")