From 761385fe8b350627b314a568dcc4ab6e282c7e1c Mon Sep 17 00:00:00 2001 From: Daniel Olsen Date: Sun, 17 Nov 2024 01:14:06 +0100 Subject: [PATCH] drop when #332699 is used: Use nixpkgs taler branch --- base/services/auto-upgrade.nix | 2 +- base/services/logrotate.nix | 3 +-- flake.nix | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/base/services/auto-upgrade.nix b/base/services/auto-upgrade.nix index fae8bb8..d99a3f7 100644 --- a/base/services/auto-upgrade.nix +++ b/base/services/auto-upgrade.nix @@ -7,7 +7,7 @@ # --update-input is deprecated since nix 2.22, and removed in lix 2.90 # https://git.lix.systems/lix-project/lix/issues/400 "--refresh" - "--override-input" "nixpkgs" "github:nixos/nixpkgs/nixos-24.05-small" + "--override-input" "nixpkgs" "github:NixOS/nixpkgs/refs/pull/332699/merge" "--override-input" "nixpkgs-unstable" "github:nixos/nixpkgs/nixos-unstable-small" "--no-write-lock-file" ]; diff --git a/base/services/logrotate.nix b/base/services/logrotate.nix index 2db259e..f315638 100644 --- a/base/services/logrotate.nix +++ b/base/services/logrotate.nix @@ -31,7 +31,6 @@ ProtectSystem = "full"; RestrictNamespaces = true; RestrictRealtime = true; - RestrictSUIDSGID = true; # disable for creating setgid directories SocketBindDeny = [ "any" ]; SystemCallArchitectures = "native"; SystemCallFilter = [ @@ -39,4 +38,4 @@ ]; }; }; -} \ No newline at end of file +} diff --git a/flake.nix b/flake.nix index b6761b1..7c98901 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "PVV System flake"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small"; # remember to also update the url in base/services/auto-upgrade.nix + nixpkgs.url = "github:NixOS/nixpkgs/refs/pull/332699/merge"; # remember to also update the url in base/services/auto-upgrade.nix nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small"; sops-nix.url = "github:Mic92/sops-nix";