Commit graph

286648 commits

Author SHA1 Message Date
Martin Weinelt
7d09d7f571
nixos/home-assistant: harden systemd service
This is what is still exposed, and it should still allow things to work
as usual.

✗ PrivateNetwork=                    Service has access to the host's …      0.5
✗ RestrictAddressFamilies=~AF_(INET… Service may allocate Internet soc…      0.3
✗ DeviceAllow=                       Service has a device ACL with som…      0.1
✗ IPAddressDeny=                     Service does not define an IP add…      0.2
✗ PrivateDevices=                    Service potentially has access to…      0.2
✗ PrivateUsers=                      Service has access to other users       0.2
✗ SystemCallFilter=~@resources       System call allow list defined fo…      0.2
✗ RootDirectory=/RootImage=          Service runs within the host's ro…      0.1
✗ SupplementaryGroups=               Service runs with supplementary g…      0.1
✗ RestrictAddressFamilies=~AF_UNIX   Service may allocate local sockets      0.1

→ Overall exposure level for home-assistant.service: 1.6 OK :-)

This can grow to as much as ~1.9 if you use one of the bluetooth or nmap
trackers or the emulated_hue component, all of which required elevated
permisssions.
2021-05-03 00:21:24 +02:00
Luke Granger-Brown
4518794ee5
Merge pull request #121534 from lukegb/bogus-mk2
tela-icon-theme: more changes to change the hash
2021-05-02 21:25:34 +01:00
Martin Weinelt
6c022654f6 python3Packages.csvw: 1.10.1 -> 1.10.2 2021-05-02 13:24:22 -07:00
Luke Granger-Brown
134c68a411 tela-icon-theme: use stdenvNoCC
This doesn't use any of the compilers tools, so it may as well use the
compilerless version of the stdenv.
2021-05-02 20:18:48 +00:00
Luke Granger-Brown
a494e0ce56 tela-icon-theme: switch to gpl3Only
Since the license isn't documented anywhere other than COPYING, it must
be assumed that the intent was to license only under the included
license, without any extra clauses such as the "(at your option) any
later version" clause.
2021-05-02 20:18:01 +00:00
Luke Granger-Brown
6f55db13eb tela-icon-theme: skip patchelf and symlink rewrite steps
* We don't have any ELFs to patch.
* Scanning all the symlinks is slow, and jdupes already makes them
  relative anyway.
2021-05-02 20:17:16 +00:00
Andreas Rammhold
e3ad419b87
Merge pull request #121461 from marsam/update-gopass
gopass: 1.12.5 -> 1.12.6
2021-05-02 20:11:54 +02:00
Anderson Torres
4e78613c05
Merge pull request #121424 from dotlambda/ophis-fix
ophis: fix build
2021-05-02 14:58:43 -03:00
Anderson Torres
bebfaab5ba
Merge pull request #121405 from branwright1/revert-121357-new-river
Revert "river: refactor"
2021-05-02 14:57:41 -03:00
Mario Rodas
fb5a9e4095
Merge pull request #121466 from marsam/update-lxc
lxc: 4.0.7 -> 4.0.8
2021-05-02 12:55:16 -05:00
Luke Granger-Brown
9775b39fd4
Merge pull request #121519 from NixOS/lukegb-tela-icon-theme
tela-icon-theme: format slightly differently
2021-05-02 17:34:25 +01:00
Bjørn Forsman
13cadfac15 zoom-us: fix overriding source
Without this using .overrideAttrs to change the source still uses the
old source.
2021-05-02 17:38:55 +02:00
Luke Granger-Brown
8142fd653f
tela-icon-theme: format slightly differently
This change is intended to cause the package hash to change, to work around a bug in Hydra that's causing the nixos-unstable channel advancement to fail (due to an invalid .ls file).
2021-05-02 15:49:37 +01:00
Atemu
1b10b0d579 kernel: clarify license 2021-05-02 14:44:54 +00:00
Ethan Edwards
e3763e4799
piston-cli: 1.2.2 -> 1.3.0 (#121448) 2021-05-02 16:33:41 +02:00
Martin Weinelt
2c21dba881
Merge pull request #121392 from daneads/mopidy-podcast
mopidy-podcast: init at 3.0.0
2021-05-02 15:52:24 +02:00
Sandro
a0842dff29
Merge pull request #121360 from r-ryantm/auto-update/krankerl
krankerl: 0.13.0 -> 0.13.1
2021-05-02 15:50:23 +02:00
Sandro
ed845591ad
Merge pull request #121291 from r-ryantm/auto-update/krapslog
krapslog: 0.1.2 -> 0.1.3
2021-05-02 15:49:58 +02:00
Sandro
b71e70b45a
Merge pull request #121271 from samuelgrf/libfaketime-add-meta.mainProgram
libfaketime: add meta.mainProgram
2021-05-02 15:48:53 +02:00
Sandro
333ed43c4b
Merge pull request #121273 from ktor/timeular-3.9.1
timeular: 3.4.1 -> 3.9.1
2021-05-02 15:48:30 +02:00
031d7e3e-4476-4fef-a076-26150f8ecc2f
75468c3907 mopidy-podcast: init at 3.0.0
Mopidy extension for browsing and playing podcasts

Update maintainer + add py3 tests
2021-05-02 09:38:06 -04:00
Martin Weinelt
4642f4809f
Merge pull request #121503 from daneads/patch-1
Add daneads to maintainers
2021-05-02 15:30:10 +02:00
Jan Tojnar
86ec321e63 link-grammar: 5.8.1 -> 5.9.1
https://github.com/opencog/link-grammar/blob/link-grammar-5.9.1/ChangeLog

Remove libz dependency since that has only been used by minisat.

Also clean up the expression.
2021-05-02 15:17:26 +02:00
239
9e94b036a1
pcloud: fix runtime dependencies (#121495) 2021-05-02 15:16:04 +02:00
Dan Eads
33682a80a1 maintainers: add daneads 2021-05-02 09:15:45 -04:00
Sandro
df3c94e6c8
Merge pull request #110562 from r-k-b/cypress/updateScript
cypress: add updateScript
2021-05-02 15:15:17 +02:00
Sandro
c6d2f34e88
Merge pull request #121353 from otavio/topic-add-cargo-rr
cargo-rr: init at 0.1.3
2021-05-02 15:13:46 +02:00
Martin Weinelt
e26c6b55ae
Merge pull request #121506 from fabaff/bump-pywizlight
python3Packages.pywizlight: 0.4.6 -> 0.4.7
2021-05-02 15:07:23 +02:00
Michael Raskin
3a07a89802
Merge pull request #119383 from jtojnar/geoclue-custom-key
geoclue2: Use our own mozilla API key
2021-05-02 13:05:38 +00:00
Fabian Affolter
12714a4726 python3Packages.pywizlight: 0.4.6 -> 0.4.7 2021-05-02 14:54:09 +02:00
José Romildo Malaquias
bc33b23cd0 ppx_deriving_cmdliner: init at 0.6.0 2021-05-02 14:52:52 +02:00
sternenseemann
d196216e11 man-pages-posix: use version format as repology
repology considers 2017a, not 2017-a as current since all other
distributions seem to use that versioning scheme.
2021-05-02 12:50:12 +00:00
Luke Granger-Brown
92eee1a1cd
Merge pull request #121502 from bennofs/update-librespot
librespot: 0.1.3 -> 0.1.6
2021-05-02 13:49:53 +01:00
alvar
aacbc7385c
pythonPackages.pynmea2: 1.17.0 -> 1.18.0 (#121484) 2021-05-02 14:39:16 +02:00
Luke Granger-Brown
7d0e9bb1a0
Merge pull request #109863 from r-ryantm/auto-update/hyperscan
hyperscan: 5.3.0 -> 5.4.0
2021-05-02 13:28:25 +01:00
Luke Granger-Brown
0ae084feb2
Merge pull request #110426 from r-ryantm/auto-update/thonny
thonny: 3.3.2 -> 3.3.6
2021-05-02 13:27:40 +01:00
Benno Fünfstück
8b882a5842 librespot: 0.1.3 -> 0.1.6 2021-05-02 14:26:40 +02:00
Luke Granger-Brown
8c04500313 thonny: 3.3.3 -> 3.3.6 2021-05-02 12:26:15 +00:00
Luke Granger-Brown
f587042bb9
Merge pull request #121463 from lukegb/pr103254
libsForQt5.quazip: 0.9.1 -> 1.1
2021-05-02 13:15:39 +01:00
Vojtěch Káně
9a943b4b42
maintainers: add vojta001 2021-05-02 08:01:44 -04:00
Michael Raskin
171f5fcd13
Merge pull request #121487 from Mazurel/master
ogre: Added SDL2 as a dependency
2021-05-02 11:59:26 +00:00
Luke Granger-Brown
8a92cdd9f5 teamspeak_client: fix for quazip 1.x 2021-05-02 11:55:06 +00:00
Michele Guerini Rocco
d5fe3a1270
Merge pull request #121488 from rnhmjoj/monero
quirc: 2016-08-16 -> 2020-04-06;  monero: 0.17.1.9 -> 0.17.2.0; monero-gui: 0.17.1.9 -> 0.17.2.1
2021-05-02 13:53:40 +02:00
Luke Granger-Brown
d50819f1a1
Merge pull request #103381 from r-ryantm/auto-update/dcm2niix
dcm2niix: 1.0.20200331 -> 1.0.20210317
2021-05-02 12:48:46 +01:00
Arijit Basu
637c7391ad
xplr: 0.5.10 -> 0.5.12 (#121473) 2021-05-02 13:40:58 +02:00
Mario Rodas
4da5de00a5
flexget: 3.1.110 -> 3.1.116 (#121464) 2021-05-02 13:39:39 +02:00
Mario Rodas
cf39deb8a3
python38Packages.flask-restx: 0.2.0 -> 0.3.0 (#121465)
https://github.com/python-restx/flask-restx/releases/tag/0.3.0
2021-05-02 13:37:21 +02:00
Luke Granger-Brown
884cf29501 dcm2niix: 1.0.20201102 -> 1.0.20210317 2021-05-02 11:10:40 +00:00
Daniël de Kok
219cbedb69
Merge pull request #121476 from siraben/knightos-updates
knightos-mkrom : 1.0.3 -> 1.0.4, knightos-scas: 0.5.3 -> 0.5.5
2021-05-02 12:43:37 +02:00
Mazurel
8309374a78 ogre: Added SDL2 as dependency 2021-05-02 11:53:36 +02:00