diff --git a/modules/services/buffyboard.nix b/modules/services/buffyboard.nix index 7832d8a11..c49c82b61 100644 --- a/modules/services/buffyboard.nix +++ b/modules/services/buffyboard.nix @@ -81,49 +81,6 @@ in # we need only a single buffyboard instance and it can input to any tty wantedBy = [ "getty.target" ]; before = [ "getty.target" ]; - - # TODO(2024-10-25): remove once !34 is merged - # serviceConfig.Type = "simple"; - # serviceConfig.ExecStart = "${lib.getExe' cfg.package "buffyboard"} ${lib.escapeShellArgs cfg.extraFlags}"; - # serviceConfig.Restart = "on-failure"; - # serviceConfig.RestartSec = "2s"; - - # # hardening - # # serviceConfig.AmbientCapabilities = ""; #< extraneous, with CapabilityBoundingSet - # serviceConfig.CapabilityBoundingSet = ""; - # serviceConfig.MemoryDenyWriteExecute = true; - # serviceConfig.NoNewPrivileges = true; - # serviceConfig.LockPersonality = true; - # serviceConfig.RestrictSUIDSGID = true; - # serviceConfig.PrivateMounts = true; - # serviceConfig.PrivateTmp = true; - # serviceConfig.PrivateUsers = true; - # serviceConfig.ProtectClock = true; - # serviceConfig.ProtectControlGroups = true; - # serviceConfig.ProtectHome = true; - # serviceConfig.ProtectKernelModules = true; - # serviceConfig.ProtectHostname = true; - # serviceConfig.ProtectKernelLogs = true; - # serviceConfig.ProtectKernelTunables = true; - # serviceConfig.RemoveIPC = true; - # serviceConfig.ProtectSystem = "strict"; - # serviceConfig.RestrictAddressFamilies = "AF_NETLINK"; #< AF_NETLINK required to access udev - # serviceConfig.SystemCallArchitectures = "native"; - # serviceConfig.SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ]; - # serviceConfig.DevicePolicy = "closed"; - # serviceConfig.DeviceAllow = [ - # "/dev/uinput rw" - # "char-fb rw" - # "char-input rw" - # "char-tty rw" - # ]; - # # PrivateDevices=true #< breaks everything - # # PrivateNetwork=true #< breaks udev - # # - # # root user is unaffected by Proc* - # # ProcSubset=pid - # # ProtectProc=noaccess - # # DynamicUser=true }; environment.etc."buffyboard.conf".source = ini.generate "buffyboard.conf" cfg.settings; diff --git a/pkgs/by-name/buffybox/package.nix b/pkgs/by-name/buffybox/package.nix index 2fdec6acd..cc0b93db3 100644 --- a/pkgs/by-name/buffybox/package.nix +++ b/pkgs/by-name/buffybox/package.nix @@ -1,7 +1,6 @@ { fetchFromGitLab, fetchFromGitea, - fetchpatch, inih, lib, libdrm, @@ -17,7 +16,7 @@ stdenv.mkDerivation (finalAttrs: { pname = "buffybox"; - version = "3.2.0-unstable-2024-10-05"; + version = "3.2.0-unstable-2024-11-10"; # src = fetchFromGitea { # domain = "git.uninsane.org"; @@ -29,22 +28,14 @@ stdenv.mkDerivation (finalAttrs: { # }; src = fetchFromGitLab { - domain = "gitlab.com"; + domain = "gitlab.postmarketos.org"; owner = "postmarketOS"; repo = "buffybox"; fetchSubmodules = true; # to use its vendored lvgl - rev = "c683350b9fb944e38cb484f04f98e4e3f85b41a5"; - hash = "sha256-z7siroBDauvs8TxfO/h+5HUU5G5aOWwNUxDaZm80I5A="; + rev = "07e324c17564cb9aab573259a8e0824a6806a751"; + hash = "sha256-JY9WqtRjDsQf1UVFnM6oTwyAuhlJvrhcSNJdEZ0zIus="; }; - patches = [ - (fetchpatch { - url = "https://gitlab.postmarketos.org/postmarketOS/buffybox/-/merge_requests/34.patch"; - name = "add buffyboard systemd service"; - hash = "sha256-FUPDdj9BkC4Mj17X5fZAmIhLHwt8k626OnY07NM14tc="; - }) - ]; - depsBuildBuild = [ pkg-config ]; @@ -65,6 +56,9 @@ stdenv.mkDerivation (finalAttrs: { strictDeps = true; + env.PKG_CONFIG_SYSTEMD_SYSTEMD_SYSTEM_UNIT_DIR = "$out/lib/systemd/system"; + # env.PKG_CONFIG_SYSTEMD_SYSTEMDSYSTEMUNITDIR = "$out/lib/systemd/system"; + passthru.updateScript = unstableGitUpdater { }; meta = with lib; {