Merge staging-next into staging

author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> 2021-07-22 18:01:39 +0000
committer: GitHub <noreply@github.com> 2021-07-22 18:01:39 +0000
commit: 0b0a8c7c9ac81a7d4e2936aee4a27915194e8bac (patch)
tree: 6475a18d8f5d3fd9ea110fd7db803c8ad312842c /nixos
parent: 741be6dfc1fdd013ee52c4154dd82cd69d328be3 (diff)
parent: 4df8d6305c414a172f167f900e852724dedbca3a (diff)
download: nixpkgs-0b0a8c7c9ac81a7d4e2936aee4a27915194e8bac.tar
nixpkgs-0b0a8c7c9ac81a7d4e2936aee4a27915194e8bac.tar.gz
nixpkgs-0b0a8c7c9ac81a7d4e2936aee4a27915194e8bac.tar.bz2
nixpkgs-0b0a8c7c9ac81a7d4e2936aee4a27915194e8bac.tar.lz
nixpkgs-0b0a8c7c9ac81a7d4e2936aee4a27915194e8bac.tar.xz
nixpkgs-0b0a8c7c9ac81a7d4e2936aee4a27915194e8bac.tar.zst
nixpkgs-0b0a8c7c9ac81a7d4e2936aee4a27915194e8bac.zip
3 files changed, 46 insertions, 9 deletions
diff --git a/nixos/modules/programs/udevil.nix b/nixos/modules/programs/udevil.nix
index ba5670f9dfe..25975d88ec8 100644
--- a/nixos/modules/programs/udevil.nix
+++ b/nixos/modules/programs/udevil.nix
@@ -10,5 +10,8 @@ in {
 
   config = mkIf cfg.enable {
     security.wrappers.udevil.source = "${lib.getBin pkgs.udevil}/bin/udevil";
+
+    systemd.packages = [ pkgs.udevil ];
+    systemd.services."devmon@".wantedBy = [ "multi-user.target" ];
   };
 }
diff --git a/nixos/modules/programs/zsh/zsh.nix b/nixos/modules/programs/zsh/zsh.nix
index 48638fda28d..6c824a692b7 100644
--- a/nixos/modules/programs/zsh/zsh.nix
+++ b/nixos/modules/programs/zsh/zsh.nix
@@ -53,7 +53,7 @@ in
       };
 
       shellAliases = mkOption {
-        default = {};
+        default = { };
         description = ''
           Set of aliases for zsh shell, which overrides <option>environment.shellAliases</option>.
           See <option>environment.shellAliases</option> for an option format description.
@@ -118,7 +118,9 @@ in
       setOptions = mkOption {
         type = types.listOf types.str;
         default = [
-          "HIST_IGNORE_DUPS" "SHARE_HISTORY" "HIST_FCNTL_LOCK"
+          "HIST_IGNORE_DUPS"
+          "SHARE_HISTORY"
+          "HIST_FCNTL_LOCK"
         ];
         example = [ "EXTENDED_HISTORY" "RM_STAR_WAIT" ];
         description = ''
@@ -278,15 +280,29 @@ in
 
     environment.etc.zinputrc.source = ./zinputrc;
 
-    environment.systemPackages = [ pkgs.zsh ]
-      ++ optional cfg.enableCompletion pkgs.nix-zsh-completions;
+    environment.systemPackages =
+      let
+        completions =
+          if lib.versionAtLeast (lib.getVersion config.nix.package) "2.4pre"
+          then
+            pkgs.nix-zsh-completions.overrideAttrs
+              (_: {
+                postInstall = ''
+                  rm $out/share/zsh/site-functions/_nix
+                '';
+              })
+          else pkgs.nix-zsh-completions;
+      in
+      [ pkgs.zsh ]
+      ++ optional cfg.enableCompletion completions;
 
     environment.pathsToLink = optional cfg.enableCompletion "/share/zsh";
 
     #users.defaultUserShell = mkDefault "/run/current-system/sw/bin/zsh";
 
     environment.shells =
-      [ "/run/current-system/sw/bin/zsh"
+      [
+        "/run/current-system/sw/bin/zsh"
         "${pkgs.zsh}/bin/zsh"
       ];
 
diff --git a/nixos/modules/services/networking/pppd.nix b/nixos/modules/services/networking/pppd.nix
index c1cbdb46176..37f44f07ac4 100644
--- a/nixos/modules/services/networking/pppd.nix
+++ b/nixos/modules/services/networking/pppd.nix
@@ -82,13 +82,21 @@ in
           LD_PRELOAD = "${pkgs.libredirect}/lib/libredirect.so";
           NIX_REDIRECTS = "/var/run=/run/pppd";
         };
-        serviceConfig = {
+        serviceConfig = let
+          capabilities = [
+            "CAP_BPF"
+            "CAP_SYS_TTY_CONFIG"
+            "CAP_NET_ADMIN"
+            "CAP_NET_RAW"
+          ];
+        in
+        {
           ExecStart = "${getBin cfg.package}/sbin/pppd call ${peerCfg.name} nodetach nolog";
           Restart = "always";
           RestartSec = 5;
 
-          AmbientCapabilities = "CAP_SYS_TTY_CONFIG CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_ADMIN";
-          CapabilityBoundingSet = "CAP_SYS_TTY_CONFIG CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_ADMIN";
+          AmbientCapabilities = capabilities;
+          CapabilityBoundingSet = capabilities;
           KeyringMode = "private";
           LockPersonality = true;
           MemoryDenyWriteExecute = true;
@@ -103,7 +111,17 @@ in
           ProtectKernelTunables = false;
           ProtectSystem = "strict";
           RemoveIPC = true;
-          RestrictAddressFamilies = "AF_PACKET AF_UNIX AF_PPPOX AF_ATMPVC AF_ATMSVC AF_INET AF_INET6 AF_IPX";
+          RestrictAddressFamilies = [
+            "AF_ATMPVC"
+            "AF_ATMSVC"
+            "AF_INET"
+            "AF_INET6"
+            "AF_IPX"
+            "AF_NETLINK"
+            "AF_PACKET"
+            "AF_PPPOX"
+            "AF_UNIX"
+          ];
           RestrictNamespaces = true;
           RestrictRealtime = true;
           RestrictSUIDSGID = true;
author	github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2021-07-22 18:01:39 +0000
committer	GitHub <noreply@github.com>	2021-07-22 18:01:39 +0000
commit	0b0a8c7c9ac81a7d4e2936aee4a27915194e8bac (patch)
tree	6475a18d8f5d3fd9ea110fd7db803c8ad312842c /nixos
parent	741be6dfc1fdd013ee52c4154dd82cd69d328be3 (diff)
parent	4df8d6305c414a172f167f900e852724dedbca3a (diff)
download	nixpkgs-0b0a8c7c9ac81a7d4e2936aee4a27915194e8bac.tar nixpkgs-0b0a8c7c9ac81a7d4e2936aee4a27915194e8bac.tar.gz nixpkgs-0b0a8c7c9ac81a7d4e2936aee4a27915194e8bac.tar.bz2 nixpkgs-0b0a8c7c9ac81a7d4e2936aee4a27915194e8bac.tar.lz nixpkgs-0b0a8c7c9ac81a7d4e2936aee4a27915194e8bac.tar.xz nixpkgs-0b0a8c7c9ac81a7d4e2936aee4a27915194e8bac.tar.zst nixpkgs-0b0a8c7c9ac81a7d4e2936aee4a27915194e8bac.zip