diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/hardware')
5 files changed, 26 insertions, 5 deletions
diff --git a/nixpkgs/nixos/modules/services/hardware/kanata.nix b/nixpkgs/nixos/modules/services/hardware/kanata.nix index 0b77bfbc33b3..05e76d843215 100644 --- a/nixpkgs/nixos/modules/services/hardware/kanata.nix +++ b/nixpkgs/nixos/modules/services/hardware/kanata.nix @@ -78,7 +78,13 @@ let mkName = name: "kanata-${name}"; mkDevices = devices: - optionalString ((length devices) > 0) "linux-dev ${concatStringsSep ":" devices}"; + let + devicesString = pipe devices [ + (map (device: "\"" + device + "\"")) + (concatStringsSep " ") + ]; + in + optionalString ((length devices) > 0) "linux-dev (${devicesString})"; mkConfig = name: keyboard: pkgs.writeText "${mkName name}-config.kdb" '' (defcfg diff --git a/nixpkgs/nixos/modules/services/hardware/keyd.nix b/nixpkgs/nixos/modules/services/hardware/keyd.nix index 724e9b956847..77297401a51c 100644 --- a/nixpkgs/nixos/modules/services/hardware/keyd.nix +++ b/nixpkgs/nixos/modules/services/hardware/keyd.nix @@ -143,7 +143,7 @@ in RuntimeDirectory = "keyd"; # Hardening - CapabilityBoundingSet = ""; + CapabilityBoundingSet = [ "CAP_SYS_NICE" ]; DeviceAllow = [ "char-input rw" "/dev/uinput rw" @@ -152,7 +152,7 @@ in PrivateNetwork = true; ProtectHome = true; ProtectHostname = true; - PrivateUsers = true; + PrivateUsers = false; PrivateMounts = true; PrivateTmp = true; RestrictNamespaces = true; @@ -165,9 +165,9 @@ in LockPersonality = true; ProtectProc = "invisible"; SystemCallFilter = [ + "nice" "@system-service" "~@privileged" - "~@resources" ]; RestrictAddressFamilies = [ "AF_UNIX" ]; RestrictSUIDSGID = true; diff --git a/nixpkgs/nixos/modules/services/hardware/sane.nix b/nixpkgs/nixos/modules/services/hardware/sane.nix index 8408844c4f94..8f64afe60734 100644 --- a/nixpkgs/nixos/modules/services/hardware/sane.nix +++ b/nixpkgs/nixos/modules/services/hardware/sane.nix @@ -4,7 +4,7 @@ with lib; let - pkg = pkgs.sane-backends.override { + pkg = config.hardware.sane.backends-package.override { scanSnapDriversUnfree = config.hardware.sane.drivers.scanSnap.enable; scanSnapDriversPackage = config.hardware.sane.drivers.scanSnap.package; }; @@ -57,6 +57,13 @@ in ''; }; + hardware.sane.backends-package = mkOption { + type = types.package; + default = pkgs.sane-backends; + defaultText = literalExpression "pkgs.sane-backends"; + description = lib.mdDoc "Backends driver package to use."; + }; + hardware.sane.snapshot = mkOption { type = types.bool; default = false; diff --git a/nixpkgs/nixos/modules/services/hardware/thermald.nix b/nixpkgs/nixos/modules/services/hardware/thermald.nix index 7ae602823cd6..a4839f326cc4 100644 --- a/nixpkgs/nixos/modules/services/hardware/thermald.nix +++ b/nixpkgs/nixos/modules/services/hardware/thermald.nix @@ -19,6 +19,12 @@ in ''; }; + ignoreCpuidCheck = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Whether to ignore the cpuid check to allow running on unsupported platforms"; + }; + configFile = mkOption { type = types.nullOr types.path; default = null; @@ -42,6 +48,7 @@ in ${cfg.package}/sbin/thermald \ --no-daemon \ ${optionalString cfg.debug "--loglevel=debug"} \ + ${optionalString cfg.ignoreCpuidCheck "--ignore-cpuid-check"} \ ${optionalString (cfg.configFile != null) "--config-file ${cfg.configFile}"} \ --dbus-enable \ --adaptive diff --git a/nixpkgs/nixos/modules/services/hardware/vdr.nix b/nixpkgs/nixos/modules/services/hardware/vdr.nix index afa64fa16c4a..5feb379b50d1 100644 --- a/nixpkgs/nixos/modules/services/hardware/vdr.nix +++ b/nixpkgs/nixos/modules/services/hardware/vdr.nix @@ -45,6 +45,7 @@ in { systemd.services.vdr = { description = "VDR"; wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; serviceConfig = { ExecStart = '' ${cfg.package}/bin/vdr \ |