b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge master into staging-next

Browse source
This commit is contained in:
github-actions[bot] 2022-01-18 06:01:20 +00:00 committed by GitHub
parent b456d67c98 8ddd186887
commit 3dc95a4459
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 47 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
maintainers/maintainer-list.nix
View file

@ -4256,6 +4256,16 @@
githubId = 1313787;
name = "Gabriel Gonzalez";
};
gador = {
email = "florian.brandes@posteo.de";
github = "gador";
githubId = 1883533;
name = "Florian Brandes";
keys = [{
longkeyid = "rsa4096/0xBBB3E40E53797FD9";
fingerprint = "0200 3EF8 8D2B CF2D 8F00 FFDC BBB3 E40E 5379 7FD9";
}];
};
gal_bolle = {
email = "florent.becker@ens-lyon.org";
github = "FlorentBecker";

38
nixos/modules/services/misc/heisenbridge.nix
View file

@ -23,7 +23,7 @@ let
in
{
options.services.heisenbridge = {
enable = mkEnableOption "A bouncer-style Matrix IRC bridge";
enable = mkEnableOption "the Matrix to IRC bridge";
package = mkOption {
type = types.package;
@ -172,25 +172,39 @@ in
++ (map (lib.escapeShellArg) cfg.extraArgs)
);
ProtectHome = true;
PrivateDevices = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
StateDirectory = "heisenbridge";
StateDirectoryMode = "755";
# Hardening options
User = "heisenbridge";
Group = "heisenbridge";
RuntimeDirectory = "heisenbridge";
RuntimeDirectoryMode = "0700";
StateDirectory = "heisenbridge";
StateDirectoryMode = "0755";
CapabilityBoundingSet = [ "CAP_CHOWN" ] ++ optional (cfg.port < 1024 || cfg.identd.port < 1024) "CAP_NET_BIND_SERVICE";
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
RestrictSUIDSGID = true;
PrivateMounts = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectHostname = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
RestrictNamespaces = true;
RemoveIPC = true;
UMask = "0077";
CapabilityBoundingSet = [ "CAP_CHOWN" ] ++ optional (cfg.port < 1024 || (cfg.identd.enable && cfg.identd.port < 1024)) "CAP_NET_BIND_SERVICE";
AmbientCapabilities = CapabilityBoundingSet;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
PrivateMounts = true;
SystemCallFilter = "~@aio @clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @setuid @swap";
SystemCallFilter = ["@system-service" "~@priviledged" "@chown"];
SystemCallArchitectures = "native";
RestrictAddressFamilies = "AF_INET AF_INET6";
};

6
pkgs/applications/office/trilium/default.nix
View file

@ -19,16 +19,16 @@ let
maintainers = with maintainers; [ fliegendewurst ];
};
version = "0.49.4";
version = "0.49.5";
desktopSource = {
url = "https://github.com/zadam/trilium/releases/download/v${version}/trilium-linux-x64-${version}.tar.xz";
sha256 = "078w7jjkn8af3i0y0s236ky54h08b2wgzcaiakqiqx4gxdpf6jrq";
sha256 = "0bis0xkpcr8rvhm9364v0np5cnvkscv2fgl90f455lcwy7kk9m12";
};
serverSource = {
url = "https://github.com/zadam/trilium/releases/download/v${version}/trilium-linux-x64-server-${version}.tar.xz";
sha256 = "0hygdxb97373z5cn3s4wr66wc41w7a55kxjyb8alck1fl9l6agn1";
sha256 = "1wv9xz1asjadz1jzgpaxf6lzbj5azgsq0qpawp3y257h488r1z9k";
};
in {

4
pkgs/applications/terminal-emulators/mlterm/default.nix
View file

@ -10,13 +10,13 @@
stdenv.mkDerivation rec {
pname = "mlterm";
version = "3.9.1";
version = "3.9.2";
src = fetchFromGitHub {
owner = "arakiken";
repo = pname;
rev = "rel-${lib.replaceStrings [ "." ] [ "_" ] version}"; # 3.9.1 -> rel-3_9_1
sha256 = "1hh196kz2n3asv8r8r2bdk5b2w93zq7rw4880ciiq1554h0ib7fj";
sha256 = "sha256-DvGR3rDegInpnLp3H+rXNXktCGhpjsBBPTRMwodeTro=";
};
nativeBuildInputs = [ pkg-config autoconf wrapGAppsHook ];

4
pkgs/applications/virtualization/runc/default.nix
View file

@ -16,13 +16,13 @@
buildGoModule rec {
pname = "runc";
version = "1.0.3";
version = "1.1.0";
src = fetchFromGitHub {
owner = "opencontainers";
repo = "runc";
rev = "v${version}";
sha256 = "sha256-Tl/JKbIpao+FCjngPzaVkxse50zo3XQ9Mg/AdkblMcI=";
sha256 = "sha256-svLxxfiRDLWkdRuHXaDyH5Ta6qmptI8z+s41iZKgbWM=";
};
vendorSha256 = null;

2
pkgs/development/octave-modules/miscellaneous/default.nix
View file

@ -2,7 +2,6 @@
, lib
, fetchurl
# Build-time dependencies
, mlterm
, ncurses # >= 5
, units
}:
@ -17,7 +16,6 @@ buildOctavePackage rec {
};
buildInputs = [
mlterm
ncurses
];

4
pkgs/misc/emulators/fceux/default.nix
View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "fceux";
version = "2.6.0";
version = "2.6.1";
src = fetchFromGitHub {
owner = "TASEmulators";
repo = pname;
rev = "${pname}-${version}";
sha256 = "sha256-FNcybq0EFN0tWgWxzwEJQMpsnpvdRxDYnIWDXW2fXkw=";
sha256 = "sha256-LlGM6sOjcpyHApUvSr5etKIqwDoheuiW53DSHs19W6Q=";
};
nativeBuildInputs = [ cmake pkg-config wrapQtAppsHook ];

4
pkgs/misc/vscode-extensions/default.nix
View file

@ -1474,8 +1474,8 @@ let
mktplcRef = {
name = "metals";
publisher = "scalameta";
version = "1.11.0";
sha256 = "0a4agm0g16cxhvhvsmbsvvicfsjr53330rsab5xdi7gcpx9a1dff";
version = "1.12.0";
sha256 = "13zwjnrmkrs3wxh8c9nz9zxxs3p6lkj41q30v4a1md5pscfa1s44";
};
meta = {
license = lib.licenses.asl20;