diff options
| author | Jan Tojnar <jtojnar@gmail.com> | 2020-09-29 00:12:29 +0200 |
|---|---|---|
| committer | Jan Tojnar <jtojnar@gmail.com> | 2020-09-29 00:12:29 +0200 |
| commit | 32b4375f107315edc9066de21bf2de030d90c43d (patch) | |
| tree | 8b3869f8ff2b0e2e272605b46b56348addf2d976 /nixos/modules/config | |
| parent | a7218d691483260bbf2ed726196f17481e2f9500 (diff) | |
| parent | 695fd81e02ced2a9591cf2ac3183c360de763c07 (diff) | |
| download | nixpkgs-32b4375f107315edc9066de21bf2de030d90c43d.tar nixpkgs-32b4375f107315edc9066de21bf2de030d90c43d.tar.gz nixpkgs-32b4375f107315edc9066de21bf2de030d90c43d.tar.bz2 nixpkgs-32b4375f107315edc9066de21bf2de030d90c43d.tar.lz nixpkgs-32b4375f107315edc9066de21bf2de030d90c43d.tar.xz nixpkgs-32b4375f107315edc9066de21bf2de030d90c43d.tar.zst nixpkgs-32b4375f107315edc9066de21bf2de030d90c43d.zip | |
Merge branch 'staging-next' into staging
Diffstat (limited to 'nixos/modules/config')
| -rw-r--r-- | nixos/modules/config/fonts/fontconfig.nix | 34 | ||||
| -rw-r--r-- | nixos/modules/config/malloc.nix | 7 | ||||
| -rw-r--r-- | nixos/modules/config/update-users-groups.pl | 6 | ||||
| -rw-r--r-- | nixos/modules/config/users-groups.nix | 1 |
4 files changed, 48 insertions, 0 deletions
diff --git a/nixos/modules/config/fonts/fontconfig.nix b/nixos/modules/config/fonts/fontconfig.nix index 5b681ca5946..97607134bb1 100644 --- a/nixos/modules/config/fonts/fontconfig.nix +++ b/nixos/modules/config/fonts/fontconfig.nix @@ -448,6 +448,40 @@ in (mkIf cfg.enable { environment.systemPackages = [ pkgs.fontconfig ]; environment.etc.fonts.source = "${fontconfigEtc}/etc/fonts/"; + security.apparmor.includes."abstractions/fonts" = '' + # fonts.conf + r ${pkg.out}/etc/fonts/fonts.conf, + + # fontconfig default config files + r ${pkg.out}/etc/fonts/conf.d/*.conf, + + # 00-nixos-cache.conf + r ${cacheConf}, + + # 10-nixos-rendering.conf + r ${renderConf}, + + # 50-user.conf + ${optionalString cfg.includeUserConf '' + r ${pkg.out}/etc/fonts/conf.d.bak/50-user.conf, + ''} + + # local.conf (indirect priority 51) + ${optionalString (cfg.localConf != "") '' + r ${localConf}, + ''} + + # 52-nixos-default-fonts.conf + r ${defaultFontsConf}, + + # 53-no-bitmaps.conf + r ${rejectBitmaps}, + + ${optionalString (!cfg.allowType1) '' + # 53-nixos-reject-type1.conf + r ${rejectType1}, + ''} + ''; }) (mkIf cfg.enable { fonts.fontconfig.confPackages = [ confPkg ]; diff --git a/nixos/modules/config/malloc.nix b/nixos/modules/config/malloc.nix index 31a659ee83f..5c5752ef515 100644 --- a/nixos/modules/config/malloc.nix +++ b/nixos/modules/config/malloc.nix @@ -87,5 +87,12 @@ in environment.etc."ld-nix.so.preload".text = '' ${providerLibPath} ''; + security.apparmor.includes = { + "abstractions/base" = '' + r /etc/ld-nix.so.preload, + r ${config.environment.etc."ld-nix.so.preload".source}, + mr ${providerLibPath}, + ''; + }; }; } diff --git a/nixos/modules/config/update-users-groups.pl b/nixos/modules/config/update-users-groups.pl index e1c7a46e430..e220aa61090 100644 --- a/nixos/modules/config/update-users-groups.pl +++ b/nixos/modules/config/update-users-groups.pl @@ -281,6 +281,12 @@ foreach my $u (values %usersOut) { } updateFile("/etc/shadow", \@shadowNew, 0600); +{ + my $uid = getpwnam "root"; + my $gid = getgrnam "shadow"; + my $path = "/etc/shadow"; + chown($uid, $gid, $path) || die "Failed to change ownership of $path: $!"; +} # Rewrite /etc/subuid & /etc/subgid to include default container mappings diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 0ab303d0ae4..1bb1317a8e8 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -537,6 +537,7 @@ in { input.gid = ids.gids.input; kvm.gid = ids.gids.kvm; render.gid = ids.gids.render; + shadow.gid = ids.gids.shadow; }; system.activationScripts.users = stringAfter [ "stdio" ] |