gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
875,989 Commits 9 Branches 0 Tags
5723f6f27747669eec12c2d0977299d7b7450d46
Commit Graph

25721 Commits

Author SHA1 Message Date
h7x4
21e4aadc8f nixos/lxd-image-server: split script into ExecStart and ExecStartPre 2025-10-11 15:37:18 +09:00
h7x4
075555ec70 nixos/lxd-image-server: set reload trigger in systemd unit 2025-10-11 15:35:26 +09:00
Masum Reza
d4e0dea404 cosmic-greeter: add cosmic-randr to PATH; nixos/cosmic-greeter: install cosmic-comp by default (#448844) 2025-10-10 16:09:57 +00:00
Heitor Augusto
08e84f6512 nixos/cosmic-greeter: add video group to user 
This change aligns the NixOS module with the permissions configured by the upstream project.
 2025-10-10 21:34:58 +05:30
Heitor Augusto
ffca8e56c5 nixos/cosmic-greeter: create /run/cosmic-greeter directory 
Also uses the right home mode for `cosmic-greeter` user
 2025-10-10 21:34:57 +05:30
Heitor Augusto
8e0bb5c719 nixos/cosmic-greeter: install cosmic-comp, cosmic-greeter by default 2025-10-10 21:34:57 +05:30
Johannes Kirschbauer
1d841c88ca nixos/lasuite-meet: make settings lazy! (#450327) 2025-10-10 13:42:55 +00:00
h7x4
3794080d96 yggdrasil-jumper: 0.3.1 -> 0.4.1, update module (#441480) 2025-10-10 00:19:45 +00:00
Pol Dellaiera
7a025c2dc7 treewide: remove aidalgol (#448386) 2025-10-09 21:03:00 +00:00
Maximilian Bosch
285ea04d23 nextcloud32: init at 32.0.0 (#446632) 2025-10-09 18:00:09 +00:00
Maximilian Bosch
cc1a69468d nixos/nextcloud: avoid duplicate X-Robots-Tag header, remove option nginx.recommendedHttpHeaders (#449186) 2025-10-09 17:47:13 +00:00
Michael Hoang
aeb2db1591 nixos/lasuite-meet: make settings lazy! 2025-10-09 16:43:03 +02:00
Martin Weinelt
531f6038cf nixos/pretalx: run pretalx-manage migrate on plugin changes and upgrades (#450102) 2025-10-09 14:31:12 +00:00
Sandro Jäckel
ad9e817cc2 nixos/pretalx: run pretalx-manage migrate on plugin changes and upgrades 
Some plugins like https://github.com/pretalx/pretalx-media-ccc-de
require database migrations to properly work.
 2025-10-09 16:11:46 +02:00
teutat3s
ed6fed3410 nixos/nextcloud: recommended nginx headers should 
not be optional, because upstream recommends them
https://docs.nextcloud.com/server/stable/admin_manual/installation/harden_server.html#serve-security-related-headers-by-the-web-server
 2025-10-09 10:09:42 +02:00
teutat3s
c794451fee nixos/nextcloud: avoid duplicate X-Robots-Tag header 
We already set this header in nginx, and a duplicate header can lead to
issues, like: https://github.com/nextcloud/notes-android/issues/2848
 2025-10-09 09:42:29 +02:00
Remy D. Farley
893bc2af5d nixos/yggdrasil-jumper: support wireguard 
https://github.com/one-d-wide/yggdrasil-jumper/releases/tag/v0.4.1
 2025-10-09 07:24:05 +00:00
h7x4
595dc97360 nixos/serviio: add option to open firewall ports (#448271) 2025-10-09 05:12:25 +00:00
h7x4
1b427d432a nixos/asterisk: fix reloading command (#434522) 2025-10-09 00:22:39 +00:00
h7x4
3ae8d45a09 nixos/sing-box: set home and cwd to state directory (#446379) 2025-10-09 00:06:05 +00:00
Bruno BELANYI
5ca9078d7f nixos/homebox: update module (#436651) 2025-10-08 21:13:53 +00:00
Luj
01e34769af nixos/uptime-kuma: Apply more hardening settings (#449295) 2025-10-08 11:13:49 +02:00
Thomas Gerbet
59f9c6722b nixos/murmur: Set ProtectControlGroups to strict (#448637) 2025-10-08 06:00:22 +00:00
dish
a0e8f351a6 nixos/pixelfed: remove X-XSS-Protection header (#449589) 2025-10-07 23:27:35 +00:00
Felix Bühler
71ad9a34cf nixos/redmine: Apply more hardening options (#449140) 2025-10-07 23:30:22 +02:00
Martin Weinelt
41686edb04 music-assistant: build librespot fork (#447147) 2025-10-07 20:53:46 +00:00
sweenu
4e23b4365f music-assistant: use librespot-ma as spotify provider 2025-10-07 22:11:10 +02:00
dish
47a0293617 nixos/pixelfed: remove X-XSS-Protection header 
not recommended to set it, per OWASP, as it can actually introduce
security issues

https://owasp.org/www-project-secure-headers/#x-xss-protection
 2025-10-07 14:06:30 -04:00
h7x4
35ef0e22e8 nixos/linkwarden: init module, linkwarden: init at 2.13.0 (#347353) 2025-10-07 15:50:50 +00:00
Felix Singer
79ab4bb47b nixos/redmine: Enable MountAPIVFS hardening in service config 
This setting is already implied by others, but add it for completeness
as well. For documentation see
https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#MountAPIVFS=

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-10-07 16:16:27 +02:00
Felix Singer
21f827065b nixos/redmine: Enable PrivateUsers hardening in service config 
For documentation see
https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#PrivateUsers=

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-10-07 16:16:27 +02:00
Felix Singer
a799bd0e3d nixos/redmine: Set ProtectProc to invisible 
For documentation see
https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#ProtectProc=

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-10-07 16:16:26 +02:00
Felix Singer
d06389e317 nixos/uptime-kuma: Ensure proper permissions for state directory 
Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-10-07 15:54:51 +02:00
Felix Singer
7b791e1de7 nixos/uptime-kuma: Enable MountAPIVFS hardening in service config 
This setting is already implied by others, but add it for completeness
as well. For documentation see
https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#MountAPIVFS=

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-10-07 15:54:51 +02:00
Felix Singer
18af20e2b2 nixos/uptime-kuma: Set ProtectControlGroups to strict 
For documentation see
https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#ProtectControlGroups=

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-10-07 15:54:51 +02:00
Felix Singer
606424d609 nixos/uptime-kuma: Set ProtectProc to invisible 
For documentation see
https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#ProtectProc=

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-10-07 15:54:51 +02:00
Felix Singer
749fd94d19 nixos/uptime-kuma: Enable PrivateUsers hardening in service config 
For documentation see
https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#PrivateUsers=

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-10-07 15:54:51 +02:00
Jan van Brügge
0bf693cb0f nixos/linkwarden: init module 2025-10-07 12:57:55 +01:00
provokateurin
f8d0f08acc nixos/nextcloud: Use php84 by default 
php84 is supported by nextcloud31 and nextcloud32 and brings some additional performance improvements in nextcloud32.
 2025-10-07 09:45:28 +02:00
provokateurin
34a7111f89 nextcloud32: init at 32.0.0 2025-10-07 09:45:28 +02:00
Marcus Ramberg
39e076de80 nixos/immich: fix eval with settings == null (#449271) 2025-10-07 06:45:18 +00:00
Thomas Gerbet
f0335d8ede nixos/redmine: Set ProtectControlGroups to strict (#448634) 2025-10-07 06:20:44 +00:00
rewine
0a4ac75e5a linyaps-web-store-installer: init at 1.6.8 (#448147) 2025-10-07 04:39:34 +00:00
Robert Schütz
f1e52abf0d nixos/immich: fix eval with settings == null 
Using the module without declarative settings previously failed with

    error: attribute 'settingsFile' missing
 2025-10-06 15:08:09 -07:00
dish
231b923f0a {nixos/,}.tt-rss: drop (#448401) 2025-10-06 13:54:05 +00:00
Florian Klink
a2d829eaa7 nixos/gerrit: Apply more hardening settings (#448870) 2025-10-06 11:13:38 +00:00
dotlambda
65fb719b8c nixos/immich: add secretSettings option (#448238) 2025-10-06 09:07:08 +00:00
Wolfgang Walther
9757580132 maintainers: drop evils (#448938) 2025-10-06 06:29:57 +00:00
Matteo Pacini
20fcd7d4ac nixos/murmur: Enable PrivateMounts hardening in service config (#448490) 2025-10-05 22:19:14 +00:00
Martin Weinelt
5b039b9fd4 nixos/limesurvey: fix default config merging when config is defined, set userquestionthemerootdir default (#400448) 2025-10-05 21:34:02 +02:00