diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2023-11-03 12:01:07 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-11-03 12:01:07 +0000 |
commit | db0a71076b55bd8c326190eacd63eb7810205597 (patch) | |
tree | cb54f73eee52c21e6868efb677fc63ba7c99b06a /nixos | |
parent | ddefebe702b501473e802f46c6008432b0d85042 (diff) | |
parent | b957e614ea9806ec3c729752408c5902ea5d56af (diff) | |
download | nixlib-db0a71076b55bd8c326190eacd63eb7810205597.tar nixlib-db0a71076b55bd8c326190eacd63eb7810205597.tar.gz nixlib-db0a71076b55bd8c326190eacd63eb7810205597.tar.bz2 nixlib-db0a71076b55bd8c326190eacd63eb7810205597.tar.lz nixlib-db0a71076b55bd8c326190eacd63eb7810205597.tar.xz nixlib-db0a71076b55bd8c326190eacd63eb7810205597.tar.zst nixlib-db0a71076b55bd8c326190eacd63eb7810205597.zip |
Merge master into staging-next
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/programs/firefox.nix | 2 | ||||
-rw-r--r-- | nixos/modules/security/sudo.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/hardware/fwupd.nix | 13 |
3 files changed, 14 insertions, 5 deletions
diff --git a/nixos/modules/programs/firefox.nix b/nixos/modules/programs/firefox.nix index 85f47530cf5a..1edf935d1649 100644 --- a/nixos/modules/programs/firefox.nix +++ b/nixos/modules/programs/firefox.nix @@ -90,7 +90,7 @@ in description = mdDoc '' Group policies to install. - See [Mozilla's documentation](https://github.com/mozilla/policy-templates/blob/master/README.md) + See [Mozilla's documentation](https://mozilla.github.io/policy-templates/) for a list of available options. This can be used to install extensions declaratively! Check out the diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix index d225442773c6..c665c15242a5 100644 --- a/nixos/modules/security/sudo.nix +++ b/nixos/modules/security/sudo.nix @@ -6,8 +6,6 @@ let cfg = config.security.sudo; - inherit (pkgs) sudo; - toUserString = user: if (isInt user) then "#${toString user}" else "${user}"; toGroupString = group: if (isInt group) then "%#${toString group}" else "%${group}"; @@ -247,7 +245,7 @@ in }; }; - environment.systemPackages = [ sudo ]; + environment.systemPackages = [ cfg.package ]; security.pam.services.sudo = { sshAgentAuth = true; usshAuth = true; }; diff --git a/nixos/modules/services/hardware/fwupd.nix b/nixos/modules/services/hardware/fwupd.nix index 4e5913fd2751..7a938459d0cb 100644 --- a/nixos/modules/services/hardware/fwupd.nix +++ b/nixos/modules/services/hardware/fwupd.nix @@ -181,7 +181,18 @@ in { # required to update the firmware of disks services.udisks2.enable = true; - systemd.packages = [ cfg.package ]; + systemd = { + packages = [ cfg.package ]; + + # fwupd-refresh expects a user that we do not create, so just run with DynamicUser + # instead and ensure we take ownership of /var/lib/fwupd + services.fwupd-refresh.serviceConfig = { + DynamicUser = true; + StateDirectory = "fwupd"; + }; + + timers.fwupd-refresh.wantedBy = [ "timers.target" ]; + }; security.polkit.enable = true; }; |