diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/networking/unifi.nix | 8 | ||||
-rw-r--r-- | nixos/modules/services/security/usbguard.nix | 21 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/wordpress.nix | 2 |
3 files changed, 22 insertions, 9 deletions
diff --git a/nixos/modules/services/networking/unifi.nix b/nixos/modules/services/networking/unifi.nix index 3579d67aa54b..37a739f41d48 100644 --- a/nixos/modules/services/networking/unifi.nix +++ b/nixos/modules/services/networking/unifi.nix @@ -5,6 +5,10 @@ let stateDir = "/var/lib/unifi"; cmd = '' @${cfg.jrePackage}/bin/java java \ + ${optionalString (lib.versionAtLeast (lib.getVersion cfg.jrePackage) "16") + "--add-opens java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.time=ALL-UNNAMED " + + "--add-opens java.base/sun.security.util=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED " + + "--add-opens java.rmi/sun.rmi.transport=ALL-UNNAMED"} \ ${optionalString (cfg.initialJavaHeapSize != null) "-Xms${(toString cfg.initialJavaHeapSize)}m"} \ ${optionalString (cfg.maximumJavaHeapSize != null) "-Xmx${(toString cfg.maximumJavaHeapSize)}m"} \ -jar ${stateDir}/lib/ace.jar @@ -24,8 +28,8 @@ in services.unifi.jrePackage = mkOption { type = types.package; - default = if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.3") then pkgs.jdk11 else pkgs.jre8; - defaultText = literalExpression ''if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.3" then pkgs.jdk11 else pkgs.jre8''; + default = if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.5") then pkgs.jdk17_headless else if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.3") then pkgs.jdk11 else pkgs.jre8; + defaultText = literalExpression ''if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.5") then pkgs.jdk17_headless else if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.3" then pkgs.jdk11 else pkgs.jre8''; description = lib.mdDoc '' The JRE package to use. Check the release notes to ensure it is supported. ''; diff --git a/nixos/modules/services/security/usbguard.nix b/nixos/modules/services/security/usbguard.nix index 9b158bb9d18c..483bfe046df2 100644 --- a/nixos/modules/services/security/usbguard.nix +++ b/nixos/modules/services/security/usbguard.nix @@ -7,10 +7,8 @@ let # valid policy options policy = (types.enum [ "allow" "block" "reject" "keep" "apply-policy" ]); - defaultRuleFile = "/var/lib/usbguard/rules.conf"; - # decide what file to use for rules - ruleFile = if cfg.rules != null then pkgs.writeText "usbguard-rules" cfg.rules else defaultRuleFile; + ruleFile = if cfg.rules != null then pkgs.writeText "usbguard-rules" cfg.rules else cfg.ruleFile; daemonConf = '' # generated by nixos/modules/services/security/usbguard.nix @@ -51,6 +49,19 @@ in ''; }; + ruleFile = mkOption { + type = types.nullOr types.path; + default = /var/lib/usbguard/rules.conf; + example = /run/secrets/usbguard-rules; + description = lib.mdDoc '' + This tells the USBGuard daemon which file to load as policy rule set. + + The file can be changed manually or via the IPC interface assuming it has the right file permissions. + + For more details see {manpage}`usbguard-rules.conf(5)`. + ''; + + }; rules = mkOption { type = types.nullOr types.lines; default = null; @@ -63,8 +74,7 @@ in be changed by the IPC interface. If you do not set this option, the USBGuard daemon will load - it's policy rule set from `${defaultRuleFile}`. - This file can be changed manually or via the IPC interface. + it's policy rule set from the option configured in `services.usbguard.ruleFile`. Running `usbguard generate-policy` as root will generate a config for your currently plugged in devices. @@ -248,7 +258,6 @@ in ''; }; imports = [ - (mkRemovedOptionModule [ "services" "usbguard" "ruleFile" ] "The usbguard module now uses ${defaultRuleFile} as ruleFile. Alternatively, use services.usbguard.rules to configure rules.") (mkRemovedOptionModule [ "services" "usbguard" "IPCAccessControlFiles" ] "The usbguard module now hardcodes IPCAccessControlFiles to /var/lib/usbguard/IPCAccessControl.d.") (mkRemovedOptionModule [ "services" "usbguard" "auditFilePath" ] "Removed usbguard module audit log files. Audit logs can be found in the systemd journal.") (mkRenamedOptionModule [ "services" "usbguard" "implictPolicyTarget" ] [ "services" "usbguard" "implicitPolicyTarget" ]) diff --git a/nixos/modules/services/web-apps/wordpress.nix b/nixos/modules/services/web-apps/wordpress.nix index d4c987da1144..5d2e775d4521 100644 --- a/nixos/modules/services/web-apps/wordpress.nix +++ b/nixos/modules/services/web-apps/wordpress.nix @@ -34,7 +34,7 @@ let # copy additional plugin(s), theme(s) and language(s) ${concatStringsSep "\n" (mapAttrsToList (name: theme: "cp -r ${theme} $out/share/wordpress/wp-content/themes/${name}") cfg.themes)} ${concatStringsSep "\n" (mapAttrsToList (name: plugin: "cp -r ${plugin} $out/share/wordpress/wp-content/plugins/${name}") cfg.plugins)} - ${concatMapStringsSep "\n" (language: "cp -r ${language} $out/share/wordpress/wp-content/languages/") cfg.languages} + ${concatMapStringsSep "\n" (language: "cp -r ${language}/* $out/share/wordpress/wp-content/languages/") cfg.languages} ''; }; |