Skip to content

Commit

Permalink
Merge staging-next into staging
Browse files Browse the repository at this point in the history
  • Loading branch information
github-actions[bot] authored Mar 29, 2024
2 parents 1500fe6 + c9c063b commit e5bc6d6
Show file tree
Hide file tree
Showing 5 changed files with 43 additions and 17 deletions.
2 changes: 2 additions & 0 deletions nixos/doc/manual/release-notes/rl-2405.section.md
Original file line number Diff line number Diff line change
Expand Up @@ -376,6 +376,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- The Matrix homeserver [Synapse](https://element-hq.github.io/synapse/) module now supports configuring UNIX domain socket [listeners](#opt-services.matrix-synapse.settings.listeners) through the `path` option.
The default replication worker on the main instance has been migrated away from TCP sockets to UNIX domain sockets.

- The initrd ssh daemon module got a new option to add authorized keys via a list of files using `boot.initrd.network.ssh.authorizedKeyFiles`.

- Programs written in [Nim](https://nim-lang.org/) are built with libraries selected by lockfiles.
The `nimPackages` and `nim2Packages` sets have been removed.
See https://nixos.org/manual/nixpkgs/unstable#nim for more information.
Expand Down
30 changes: 26 additions & 4 deletions nixos/modules/system/boot/initrd-ssh.nix
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,21 @@ in
defaultText = literalExpression "config.users.users.root.openssh.authorizedKeys.keys";
description = lib.mdDoc ''
Authorized keys for the root user on initrd.
You can combine the `authorizedKeys` and `authorizedKeyFiles` options.
'';
example = [
"ssh-rsa AAAAB3NzaC1yc2etc/etc/etcjwrsh8e596z6J0l7 example@host"
"ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ foo@bar"
];
};

authorizedKeyFiles = mkOption {
type = types.listOf types.path;
default = config.users.users.root.openssh.authorizedKeys.keyFiles;
defaultText = literalExpression "config.users.users.root.openssh.authorizedKeys.keyFiles";
description = lib.mdDoc ''
Authorized keys taken from files for the root user on initrd.
You can combine the `authorizedKeyFiles` and `authorizedKeys` options.
'';
};

Expand Down Expand Up @@ -152,7 +167,7 @@ in
in mkIf enabled {
assertions = [
{
assertion = cfg.authorizedKeys != [];
assertion = cfg.authorizedKeys != [] || cfg.authorizedKeyFiles != [];
message = "You should specify at least one authorized key for initrd SSH";
}

Expand Down Expand Up @@ -206,6 +221,9 @@ in
${concatStrings (map (key: ''
echo ${escapeShellArg key} >> /root/.ssh/authorized_keys
'') cfg.authorizedKeys)}
${concatStrings (map (keyFile: ''
cat ${keyFile} >> /root/.ssh/authorized_keys
'') cfg.authorizedKeyFiles)}
${flip concatMapStrings cfg.hostKeys (path: ''
# keys from Nix store are world-readable, which sshd doesn't like
Expand Down Expand Up @@ -236,9 +254,13 @@ in

users.root.shell = mkIf (config.boot.initrd.network.ssh.shell != null) config.boot.initrd.network.ssh.shell;

contents."/etc/ssh/authorized_keys.d/root".text =
concatStringsSep "\n" config.boot.initrd.network.ssh.authorizedKeys;
contents."/etc/ssh/sshd_config".text = sshdConfig;
contents = {
"/etc/ssh/sshd_config".text = sshdConfig;
"/etc/ssh/authorized_keys.d/root".text =
concatStringsSep "\n" (
config.boot.initrd.network.ssh.authorizedKeys ++
(map (file: lib.fileContents file) config.boot.initrd.network.ssh.authorizedKeyFiles));
};
storePaths = ["${package}/bin/sshd"];

services.sshd = {
Expand Down
14 changes: 8 additions & 6 deletions pkgs/applications/graphics/pureref/default.nix
Original file line number Diff line number Diff line change
@@ -1,14 +1,16 @@
{ lib, appimageTools, requireFile }:
{ lib, appimageTools, runCommand, curl, gnugrep, cacert }:

appimageTools.wrapType1 rec {
pname = "pureref";
version = "1.11.1";

src = requireFile {
name = "PureRef-${version}_x64.Appimage";
sha256 = "05naywdgykqrsgc3xybskr418cyvbx7vqs994yv9w8zf98gxvbvm";
url = "https://www.pureref.com/download.php";
};
src = runCommand "PureRef-${version}_x64.Appimage" {
nativeBuildInputs = [ curl gnugrep cacert ];
outputHash = "sha256-da/dH0ruI562JylpvE9f2zMUSJ56+T7Y0xlP/xr3yhY=";
} ''
key="$(curl "https://www.pureref.com/download.php" --silent | grep '%3D%3D' | cut -d '"' -f2)"
curl "https://www.pureref.com/files/build.php?build=LINUX64.Appimage&version=${version}&downloadKey=$key" --output $out
'';

extraInstallCommands = ''
mv $out/bin/${pname}-${version} $out/bin/${pname}
Expand Down
4 changes: 2 additions & 2 deletions pkgs/by-name/pg/pgmoneta/package.nix
Original file line number Diff line number Diff line change
Expand Up @@ -19,13 +19,13 @@

stdenv.mkDerivation rec {
pname = "pgmoneta";
version = "0.9.0";
version = "0.10.0";

src = fetchFromGitHub {
owner = "pgmoneta";
repo = "pgmoneta";
rev = version;
hash = "sha256-KVweAsmAQGUkBAxR7gPJe6mygfG7xApvJFRiCbSFq9E=";
hash = "sha256-wNBomyyr078Twzg7fuu3et1NUxpb+vqIbsnpmF73t18=";
};

nativeBuildInputs = [
Expand Down
10 changes: 5 additions & 5 deletions pkgs/os-specific/linux/kernel/zen-kernels.nix
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,16 @@ let
# comments with variant added for update script
# ./update-zen.py zen
zenVariant = {
version = "6.8"; #zen
suffix = "zen1"; #zen
sha256 = "19rsi8747xw5lsq4pwizq2va6inmwrywgy8b5f2ppcd6ny0whn1i"; #zen
version = "6.8.2"; #zen
suffix = "zen2"; #zen
sha256 = "0v8y7d7mn0y5g8bbw2nm89a7jsvdwfjg6d3zqyga9mpr16xpsssa"; #zen
isLqx = false;
};
# ./update-zen.py lqx
lqxVariant = {
version = "6.7.9"; #lqx
version = "6.7.11"; #lqx
suffix = "lqx1"; #lqx
sha256 = "0hhkn2098h69l8slz5f0krkckf3qm7hmh5z233j341jpc0qv8p6b"; #lqx
sha256 = "180a39qrpldq4y2gn12pynhk62w46bzqi7zgciawznxyp8rr673x"; #lqx
isLqx = true;
};
zenKernelsFor = { version, suffix, sha256, isLqx }: buildLinux (args // {
Expand Down

0 comments on commit e5bc6d6

Please sign in to comment.