nixpkgs-bootstrap: 0-unstable-2024-10-26 -> 0-unstable-2024-10-30
This commit is contained in:
@@ -73,34 +73,7 @@ in
|
||||
serviceConfig.User = "avahi";
|
||||
serviceConfig.Group = "avahi";
|
||||
serviceConfig.AmbientCapabilities = "";
|
||||
serviceConfig.CapabilityBoundingSet = "";
|
||||
serviceConfig.LockPersonality = true;
|
||||
serviceConfig.MemoryDenyWriteExecute = true;
|
||||
serviceConfig.NoNewPrivileges = true;
|
||||
serviceConfig.PrivateDevices = true;
|
||||
serviceConfig.PrivateMounts = true;
|
||||
serviceConfig.PrivateTmp = true;
|
||||
serviceConfig.PrivateUsers = true;
|
||||
serviceConfig.ProcSubset = "all";
|
||||
serviceConfig.ProtectClock = true;
|
||||
serviceConfig.ProtectControlGroups = true;
|
||||
serviceConfig.ProtectHome = true;
|
||||
serviceConfig.ProtectHostname = true;
|
||||
serviceConfig.ProtectKernelLogs = true;
|
||||
serviceConfig.ProtectKernelModules = true;
|
||||
serviceConfig.ProtectKernelTunables = true;
|
||||
serviceConfig.ProtectProc = "noaccess";
|
||||
serviceConfig.ProtectSystem = "strict";
|
||||
serviceConfig.RemoveIPC = true; #< this *might* slow down the initial connection?
|
||||
serviceConfig.RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK";
|
||||
serviceConfig.RestrictRealtime = true;
|
||||
serviceConfig.RestrictSUIDSGID = true;
|
||||
serviceConfig.SystemCallArchitectures = "native";
|
||||
serviceConfig.SystemCallFilter = [
|
||||
"@system-service"
|
||||
"@mount"
|
||||
"~@resources"
|
||||
# "~@privileged"
|
||||
];
|
||||
serviceConfig.CapabilityBoundingSet = lib.mkForce "";
|
||||
serviceConfig.PrivateUsers = lib.mkForce true;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -121,12 +121,6 @@ in
|
||||
name = "playerctl: add settings to control which elements are displayed";
|
||||
hash = "sha256-OofS46wAI3EDE3JbYs/Nn+Vkw9TP1mwSFvk+vBERg2s=";
|
||||
})
|
||||
(pkgs.fetchpatch {
|
||||
# upstreaming: <https://github.com/nwg-piotr/nwg-panel/pull/328>
|
||||
url = "https://git.uninsane.org/colin/nwg-panel/commit/c70c0ffc9aaeab3a3ef9d547c6c9f81ce5568ff9.patch";
|
||||
name = "controls/PopupWindow: refresh parent outputs as part of our refresh";
|
||||
hash = "sha256-kq+XvG9Ed5g3nIatNTdfC9NYc2AudPtxIK5XWOoHgfU=";
|
||||
})
|
||||
];
|
||||
|
||||
# - disable the drop-down chevron by the controls.
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
mkNixpkgs ? import ./mkNixpkgs.nix {}
|
||||
}:
|
||||
mkNixpkgs {
|
||||
rev = "c3db199ef6f9717ab1a1c62c161aa424c10cc1d6";
|
||||
sha256 = "sha256-DA8i/zkynCrVHDVNU/hNy0eFnf+7/U+/aZdnN2uqVfA=";
|
||||
version = "0-unstable-2024-10-26";
|
||||
rev = "72bc35e74bc68177f92740d941cc62111c1df051";
|
||||
sha256 = "sha256-bz8XFlUYIQhyn2dMS7dBMGvqXDWcNn2qaOLcSkzSjSE=";
|
||||
version = "0-unstable-2024-10-30";
|
||||
branch = "master";
|
||||
}
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
mkNixpkgs ? import ./mkNixpkgs.nix {}
|
||||
}:
|
||||
mkNixpkgs {
|
||||
rev = "1889ebd947f76f0df7d5c4b3fd524749efc0e337";
|
||||
sha256 = "sha256-jQIvTKyDaqoeQ2UQfwlrMAkE5uXsTH0QUgBKoYko9Ls=";
|
||||
version = "0-unstable-2024-10-26";
|
||||
rev = "a37eba4c96ca51a50a2fb9ce70729f928a18034a";
|
||||
sha256 = "sha256-C7X9FpnbjhFfDYXXsOCTEVRmiB3xXT9k1NjJSB5O77Y=";
|
||||
version = "0-unstable-2024-10-30";
|
||||
branch = "staging-next";
|
||||
}
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
mkNixpkgs ? import ./mkNixpkgs.nix {}
|
||||
}:
|
||||
mkNixpkgs {
|
||||
rev = "88df199edfc3beab07c25b357159cd3b32dbc013";
|
||||
sha256 = "sha256-YWNChIijbTEtmqvJJirkjg/1IVe6AEp4Pmy56dceexw=";
|
||||
version = "0-unstable-2024-10-26";
|
||||
rev = "27e5ad03d2c54cbfbd29616dca1a75d4291beb5f";
|
||||
sha256 = "sha256-4vh9lG10A9VTKScLQI+VIaQ4g6606kBJ4zuVbDYW8Kk=";
|
||||
version = "0-unstable-2024-10-30";
|
||||
branch = "staging";
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user