update for vulnerabilites

2025-02-18 18:57:32 -08:00 · 2024-07-06 10:14:18 -07:00 · 2024-07-06 10:14:18 -07:00 · 44445d431a
commit 44445d431a
parent 78ad8eb534
7 changed files with 90 additions and 71 deletions
--- a/provision/flake.lock
+++ b/provision/flake.lock
@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1717931644,
-        "narHash": "sha256-Sz8Wh9cAiD5FhL8UWvZxBfnvxETSCVZlqWSYWaCPyu0=",
+        "lastModified": 1720188602,
+        "narHash": "sha256-lC3byBmhVZFzWl/dCic8+cKUEEAXAswWOYjq4paFmbo=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "3d65009effd77cb0d6e7520b68b039836a7606cf",
+        "rev": "e3582e5151498bc4d757e8361431ace8529e7bb7",
        "type": "github"
      },
      "original": {
@ -36,11 +36,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1717181720,
-        "narHash": "sha256-yv+QZWsusu/NWjydkxixHC2g+tIJ9v+xkE2EiVpJj6g=",
+        "lastModified": 1718450675,
+        "narHash": "sha256-jpsns6buS4bK+1sF8sL8AaixAiCRjA+nldTKvcwmvUs=",
        "owner": "hyprwm",
        "repo": "hyprcursor",
-        "rev": "9e27a2c2ceb1e0b85bd55b0afefad196056fe87c",
+        "rev": "66d5b46ff94efbfa6fa3d1d1b66735f1779c34a6",
        "type": "github"
      },
      "original": {
@ -53,17 +53,18 @@
      "inputs": {
        "hyprcursor": "hyprcursor",
        "hyprlang": "hyprlang",
+        "hyprutils": "hyprutils",
        "hyprwayland-scanner": "hyprwayland-scanner",
        "nixpkgs": "nixpkgs",
        "systems": "systems",
        "xdph": "xdph"
      },
      "locked": {
-        "lastModified": 1717970802,
-        "narHash": "sha256-tDdvF6nY6m1KcpGzD56RfDiXgAB6imYddlZXMtdg6xw=",
+        "lastModified": 1720213509,
+        "narHash": "sha256-LXj38Y3H0+/YhOtz6tGrqgd6p9AyGFeq6EwLgYsE1KQ=",
        "owner": "hyprwm",
        "repo": "Hyprland",
-        "rev": "1423707dbefc0329e80895451903a77ab684f7ea",
+        "rev": "cc98594c3aed0b542e03818371a4636f549f80e1",
        "type": "github"
      },
      "original": {
@ -79,11 +80,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1716228712,
-        "narHash": "sha256-y+LOXuSRMfkR2Vfwl5K2NVrszi1h5MJpML+msLnVS8U=",
+        "lastModified": 1718476555,
+        "narHash": "sha256-fuWpgh8KasByIJWE+xVd37Al0LV5YAn6s871T50qVY0=",
        "owner": "hyprwm",
        "repo": "contrib",
-        "rev": "33b38358559054d316eb605ccb733980dfa7dc63",
+        "rev": "29a8374f4b9206d5c4af84aceb7fb5dff441ea60",
        "type": "github"
      },
      "original": {
@ -106,11 +107,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1691753796,
-        "narHash": "sha256-zOEwiWoXk3j3+EoF3ySUJmberFewWlagvewDRuWYAso=",
+        "lastModified": 1714869498,
+        "narHash": "sha256-vbLVOWvQqo4n1yvkg/Q70VTlPbMmTiCQfNTgcWDCfJM=",
        "owner": "hyprwm",
        "repo": "hyprland-protocols",
-        "rev": "0c2ce70625cb30aef199cb388f99e19a61a6ce03",
+        "rev": "e06482e0e611130cd1929f75e8c1cf679e57d161",
        "type": "github"
      },
      "original": {
@ -120,6 +121,35 @@
      }
    },
    "hyprlang": {
+      "inputs": {
+        "hyprutils": [
+          "hyprland",
+          "hyprutils"
+        ],
+        "nixpkgs": [
+          "hyprland",
+          "nixpkgs"
+        ],
+        "systems": [
+          "hyprland",
+          "systems"
+        ]
+      },
+      "locked": {
+        "lastModified": 1717881852,
+        "narHash": "sha256-XeeVoKHQgfKuXoP6q90sUqKyl7EYy3ol2dVZGM+Jj94=",
+        "owner": "hyprwm",
+        "repo": "hyprlang",
+        "rev": "ec6938c66253429192274d612912649a0cfe4d28",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hyprwm",
+        "repo": "hyprlang",
+        "type": "github"
+      }
+    },
+    "hyprutils": {
      "inputs": {
        "nixpkgs": [
          "hyprland",
@ -131,16 +161,16 @@
        ]
      },
      "locked": {
-        "lastModified": 1716473782,
-        "narHash": "sha256-+qLn4lsHU6iL3+HTo1gTQ1tWzet8K9h+IfVemzEQZj8=",
+        "lastModified": 1719316102,
+        "narHash": "sha256-dmRz128j/lJmMuTYeCYPfSBRHHQO3VeH4PbmoyAhHzw=",
        "owner": "hyprwm",
-        "repo": "hyprlang",
-        "rev": "87d5d984109c839482b88b4795db073eb9ed446f",
+        "repo": "hyprutils",
+        "rev": "1f6bbec5954f623ff8d68e567bddcce97cd2f085",
        "type": "github"
      },
      "original": {
        "owner": "hyprwm",
-        "repo": "hyprlang",
+        "repo": "hyprutils",
        "type": "github"
      }
    },
@ -156,11 +186,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1717784906,
-        "narHash": "sha256-YxmfxHfWed1fosaa7fC1u7XoKp1anEZU+7Lh/ojRKoM=",
+        "lastModified": 1719067853,
+        "narHash": "sha256-mAnZG/eQy72Fp1ImGtqCgUrDumnR1rMZv2E/zgP4U74=",
        "owner": "hyprwm",
        "repo": "hyprwayland-scanner",
-        "rev": "0f30f9eca6e404130988554accbb64d1c9ec877d",
+        "rev": "914f083741e694092ee60a39d31f693d0a6dc734",
        "type": "github"
      },
      "original": {
@ -172,11 +202,11 @@
    "jovian-nixos": {
      "flake": false,
      "locked": {
-        "lastModified": 1717685136,
-        "narHash": "sha256-S+C/DX5HOhlhJAmcGxbB+Tv6oqZOkr3z/WzPuydXI14=",
+        "lastModified": 1720205505,
+        "narHash": "sha256-KqGnYAKWxwRgWxc/78HbL3PHeuDJOSS/9+Pkm5doUk8=",
        "ref": "development",
-        "rev": "fd13986ede9b94c50e84aecb2c88863e297bbb52",
-        "revCount": 820,
+        "rev": "fdcaab38857f221eea20a0073f891feb36ea8e99",
+        "revCount": 861,
        "type": "git",
        "url": "https://github.com/Jovian-Experiments/Jovian-NixOS"
      },
@ -188,11 +218,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1717602782,
-        "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=",
+        "lastModified": 1719075281,
+        "narHash": "sha256-CyyxvOwFf12I91PBWz43iGT1kjsf5oi6ax7CrvaMyAo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6",
+        "rev": "a71e967ef3694799d0c418c98332f7ff4cc5f6af",
        "type": "github"
      },
      "original": {
@ -204,27 +234,27 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1717880976,
-        "narHash": "sha256-BRvSCsKtDUr83NEtbGfHLUOdDK0Cgbezj2PtcHnz+sQ=",
+        "lastModified": 1719720450,
+        "narHash": "sha256-57+R2Uj3wPeDeq8p8un19tzFFlgWiXJ8PbzgKtBgBX8=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "4913a7c3d8b8d00cb9476a6bd730ff57777f740c",
+        "rev": "78f8641796edff3bfabbf1ef5029deadfe4a21d0",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "release-23.11",
+        "ref": "release-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1717786204,
-        "narHash": "sha256-4q0s6m0GUcN7q+Y2DqD27iLvbcd1G50T2lv08kKxkSI=",
+        "lastModified": 1720031269,
+        "narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "051f920625ab5aabe37c920346e3e69d7d34400e",
+        "rev": "9f4128e00b0ae8ec65918efeba59db998750ead6",
        "type": "github"
      },
      "original": {
@ -236,11 +266,11 @@
    },
    "nixpkgs_3": {
      "locked": {
-        "lastModified": 1717774105,
-        "narHash": "sha256-HV97wqUQv9wvptiHCb3Y0/YH0lJ60uZ8FYfEOIzYEqI=",
+        "lastModified": 1719468428,
+        "narHash": "sha256-vN5xJAZ4UGREEglh3lfbbkIj+MPEYMuqewMn4atZFaQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d226935fd75012939397c83f6c385e4d6d832288",
+        "rev": "1e3deb3d8a86a870d925760db1a5adecc64d329d",
        "type": "github"
      },
      "original": {
@ -266,11 +296,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1717902109,
-        "narHash": "sha256-OQTjaEZcByyVmHwJlKp/8SE9ikC4w+mFd3X0jJs6wiA=",
+        "lastModified": 1720187017,
+        "narHash": "sha256-Zq+T1Bvd0ShZB9XM+bP0VJK3HjsSVQBLolkaCLBQnfQ=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "f0922ad001829b400f0160ba85b47d252fa3d925",
+        "rev": "1b11e208cee97c47677439625dc22e5289dcdead",
        "type": "github"
      },
      "original": {
@ -311,11 +341,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1716290197,
-        "narHash": "sha256-1u9Exrc7yx9qtES2brDh7/DDZ8w8ap1nboIOAtCgeuM=",
+        "lastModified": 1718619174,
+        "narHash": "sha256-FWW68AVYmB91ZDQnhLMBNCUUTCjb1ZpO2k2KIytHtkA=",
        "owner": "hyprwm",
        "repo": "xdg-desktop-portal-hyprland",
-        "rev": "91e48d6acd8a5a611d26f925e51559ab743bc438",
+        "rev": "c7894aa54f9a7dbd16df5cd24d420c8af22d5623",
        "type": "github"
      },
      "original": {
--- a/provision/hosts/bulwark/configuration.nix
+++ b/provision/hosts/bulwark/configuration.nix
@ -26,9 +26,7 @@
  hardware.bluetooth.enable = true;
  hardware.bluetooth.package = pkgs.bluez;
  hardware.sensor.iio.enable = true;
-  hardware.opengl.enable = true;
-  hardware.opengl.driSupport = true;
-  hardware.opengl.driSupport32Bit = true;
+  hardware.graphics.enable = true;

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
--- a/provision/hosts/kestrel/configuration.nix
+++ b/provision/hosts/kestrel/configuration.nix
@ -28,9 +28,7 @@
  hardware.bluetooth.enable = true;
  hardware.bluetooth.package = pkgs.bluez;
  hardware.sensor.iio.enable = true;
-  hardware.opengl.enable = true;
-  hardware.opengl.driSupport = true;
-  hardware.opengl.driSupport32Bit = true;
+  hardware.graphics.enable = true;

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
--- a/provision/hosts/shivan/configuration.nix
+++ b/provision/hosts/shivan/configuration.nix
@ -28,9 +28,7 @@
  hardware.bluetooth.enable = true;
  hardware.bluetooth.package = pkgs.bluez;
  hardware.sensor.iio.enable = true;
-  hardware.opengl.enable = true;
-  hardware.opengl.driSupport = true;
-  hardware.opengl.driSupport32Bit = true;
+  hardware.graphics.enable = true;

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
--- a/provision/hosts/torus/configuration.nix
+++ b/provision/hosts/torus/configuration.nix
@ -61,8 +61,6 @@

  hardware.opengl = {
    enable = true;
-    driSupport = true;
-    driSupport32Bit = true;
    setLdLibraryPath = true;
  };

--- a/provision/modules/desktop/gnome.nix
+++ b/provision/modules/desktop/gnome.nix
@ -27,8 +27,8 @@ in {

  config = lib.mkIf cfg.enable {
    environment.systemPackages = with pkgs; [
-      gnome.dconf-editor # Graphical tool for editing settings stored in the dconf database of GNOME.
-      gnome.gnome-tweaks # Utility for customizing various aspects of the GNOME desktop environment.
+      dconf-editor # Graphical tool for editing settings stored in the dconf database of GNOME.
+      gnome-tweaks # Utility for customizing various aspects of the GNOME desktop environment.
      evolution # Personal information management application that provides email, calendar, and contact management features.
      gnomeExtensions.focus-changer # GNOME Shell extension for changing window focus behavior.
      gnome-fullscreen-to-empty-workspace
@ -36,7 +36,7 @@ in {
      gnome-maximize-lonely-window
    ];

-    environment.gnome.excludePackages = with pkgs.gnome; [
+    environment.gnome.excludePackages = with pkgs; [
      baobab # Disk usage analyzer for the GNOME desktop environment.
      cheese # Webcam application for taking photos and videos.
      epiphany # Web browser for the GNOME desktop environment.
@ -47,14 +47,14 @@ in {
      evince # Document viewer for the GNOME desktop environment.
      geary # Email client for the GNOME desktop environment.
      seahorse # GNOME application for managing encryption keys and passwords.
-      pkgs.gnome-tour # Guided tour application for introducing users to GNOME desktop environment features.
-      pkgs.snapshot # Utility for taking and managing system snapshots in the GNOME desktop environment.
-      pkgs.gnome-connections # GNOME application for accessing remote machines and services.
+      gnome-tour # Guided tour application for introducing users to GNOME desktop environment features.
+      snapshot # Utility for taking and managing system snapshots in the GNOME desktop environment.
+      gnome-connections # GNOME application for accessing remote machines and services.
      gnome-font-viewer # Utility for previewing and managing fonts in the GNOME desktop environment.
-      gnome-logs # Log viewer application for GNOME.
-      gnome-maps # Map application for the GNOME desktop environment.
-      gnome-music # Music player and management application for GNOME.
-      gnome-shell-extensions # Extensions for enhancing functionality and customization in the GNOME.
+      gnome.gnome-logs # Log viewer application for GNOME.
+      gnome.gnome-maps # Map application for the GNOME desktop environment.
+      gnome.gnome-music # Music player and management application for GNOME.
+      gnome.gnome-shell-extensions # Extensions for enhancing functionality and customization in the GNOME.
    ];

    # Enable wayland gnome
--- a/provision/modules/gaming/steam.nix
+++ b/provision/modules/gaming/steam.nix
@ -4,10 +4,7 @@ let cfg = config.modules.gaming.steam;
 in {
  options.modules.gaming.steam.enable = lib.mkEnableOption "steam";
  config = lib.mkIf cfg.enable {
-    hardware.opengl = { # this fixes the "glXChooseVisual failed" bug, context: https://github.com/NixOS/nixpkgs/issues/47932
-      enable = true;
-      driSupport32Bit = true;
-    };
+    hardware.graphics.enable = true; # this fixes the "glXChooseVisual failed" bug, context: https://github.com/NixOS/nixpkgs/issues/47932

    # optionally enable 32bit pulseaudio support if pulseaudio is enabled
    hardware.pulseaudio.support32Bit = config.hardware.pulseaudio.enable;