From 44445d431a947c446303301f0ca4a3c691054a8f Mon Sep 17 00:00:00 2001 From: Tyler Starr Date: Sat, 6 Jul 2024 10:14:18 -0700 Subject: [PATCH] update for vulnerabilites --- provision/flake.lock | 122 ++++++++++++++-------- provision/hosts/bulwark/configuration.nix | 4 +- provision/hosts/kestrel/configuration.nix | 4 +- provision/hosts/shivan/configuration.nix | 4 +- provision/hosts/torus/configuration.nix | 2 - provision/modules/desktop/gnome.nix | 20 ++-- provision/modules/gaming/steam.nix | 5 +- 7 files changed, 90 insertions(+), 71 deletions(-) diff --git a/provision/flake.lock b/provision/flake.lock index d7e5dd31..ae2e2416 100644 --- a/provision/flake.lock +++ b/provision/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1717931644, - "narHash": "sha256-Sz8Wh9cAiD5FhL8UWvZxBfnvxETSCVZlqWSYWaCPyu0=", + "lastModified": 1720188602, + "narHash": "sha256-lC3byBmhVZFzWl/dCic8+cKUEEAXAswWOYjq4paFmbo=", "owner": "nix-community", "repo": "home-manager", - "rev": "3d65009effd77cb0d6e7520b68b039836a7606cf", + "rev": "e3582e5151498bc4d757e8361431ace8529e7bb7", "type": "github" }, "original": { @@ -36,11 +36,11 @@ ] }, "locked": { - "lastModified": 1717181720, - "narHash": "sha256-yv+QZWsusu/NWjydkxixHC2g+tIJ9v+xkE2EiVpJj6g=", + "lastModified": 1718450675, + "narHash": "sha256-jpsns6buS4bK+1sF8sL8AaixAiCRjA+nldTKvcwmvUs=", "owner": "hyprwm", "repo": "hyprcursor", - "rev": "9e27a2c2ceb1e0b85bd55b0afefad196056fe87c", + "rev": "66d5b46ff94efbfa6fa3d1d1b66735f1779c34a6", "type": "github" }, "original": { @@ -53,17 +53,18 @@ "inputs": { "hyprcursor": "hyprcursor", "hyprlang": "hyprlang", + "hyprutils": "hyprutils", "hyprwayland-scanner": "hyprwayland-scanner", "nixpkgs": "nixpkgs", "systems": "systems", "xdph": "xdph" }, "locked": { - "lastModified": 1717970802, - "narHash": "sha256-tDdvF6nY6m1KcpGzD56RfDiXgAB6imYddlZXMtdg6xw=", + "lastModified": 1720213509, + "narHash": "sha256-LXj38Y3H0+/YhOtz6tGrqgd6p9AyGFeq6EwLgYsE1KQ=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "1423707dbefc0329e80895451903a77ab684f7ea", + "rev": "cc98594c3aed0b542e03818371a4636f549f80e1", "type": "github" }, "original": { @@ -79,11 +80,11 @@ ] }, "locked": { - "lastModified": 1716228712, - "narHash": "sha256-y+LOXuSRMfkR2Vfwl5K2NVrszi1h5MJpML+msLnVS8U=", + "lastModified": 1718476555, + "narHash": "sha256-fuWpgh8KasByIJWE+xVd37Al0LV5YAn6s871T50qVY0=", "owner": "hyprwm", "repo": "contrib", - "rev": "33b38358559054d316eb605ccb733980dfa7dc63", + "rev": "29a8374f4b9206d5c4af84aceb7fb5dff441ea60", "type": "github" }, "original": { @@ -106,11 +107,11 @@ ] }, "locked": { - "lastModified": 1691753796, - "narHash": "sha256-zOEwiWoXk3j3+EoF3ySUJmberFewWlagvewDRuWYAso=", + "lastModified": 1714869498, + "narHash": "sha256-vbLVOWvQqo4n1yvkg/Q70VTlPbMmTiCQfNTgcWDCfJM=", "owner": "hyprwm", "repo": "hyprland-protocols", - "rev": "0c2ce70625cb30aef199cb388f99e19a61a6ce03", + "rev": "e06482e0e611130cd1929f75e8c1cf679e57d161", "type": "github" }, "original": { @@ -120,6 +121,35 @@ } }, "hyprlang": { + "inputs": { + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1717881852, + "narHash": "sha256-XeeVoKHQgfKuXoP6q90sUqKyl7EYy3ol2dVZGM+Jj94=", + "owner": "hyprwm", + "repo": "hyprlang", + "rev": "ec6938c66253429192274d612912649a0cfe4d28", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprlang", + "type": "github" + } + }, + "hyprutils": { "inputs": { "nixpkgs": [ "hyprland", @@ -131,16 +161,16 @@ ] }, "locked": { - "lastModified": 1716473782, - "narHash": "sha256-+qLn4lsHU6iL3+HTo1gTQ1tWzet8K9h+IfVemzEQZj8=", + "lastModified": 1719316102, + "narHash": "sha256-dmRz128j/lJmMuTYeCYPfSBRHHQO3VeH4PbmoyAhHzw=", "owner": "hyprwm", - "repo": "hyprlang", - "rev": "87d5d984109c839482b88b4795db073eb9ed446f", + "repo": "hyprutils", + "rev": "1f6bbec5954f623ff8d68e567bddcce97cd2f085", "type": "github" }, "original": { "owner": "hyprwm", - "repo": "hyprlang", + "repo": "hyprutils", "type": "github" } }, @@ -156,11 +186,11 @@ ] }, "locked": { - "lastModified": 1717784906, - "narHash": "sha256-YxmfxHfWed1fosaa7fC1u7XoKp1anEZU+7Lh/ojRKoM=", + "lastModified": 1719067853, + "narHash": "sha256-mAnZG/eQy72Fp1ImGtqCgUrDumnR1rMZv2E/zgP4U74=", "owner": "hyprwm", "repo": "hyprwayland-scanner", - "rev": "0f30f9eca6e404130988554accbb64d1c9ec877d", + "rev": "914f083741e694092ee60a39d31f693d0a6dc734", "type": "github" }, "original": { @@ -172,11 +202,11 @@ "jovian-nixos": { "flake": false, "locked": { - "lastModified": 1717685136, - "narHash": "sha256-S+C/DX5HOhlhJAmcGxbB+Tv6oqZOkr3z/WzPuydXI14=", + "lastModified": 1720205505, + "narHash": "sha256-KqGnYAKWxwRgWxc/78HbL3PHeuDJOSS/9+Pkm5doUk8=", "ref": "development", - "rev": "fd13986ede9b94c50e84aecb2c88863e297bbb52", - "revCount": 820, + "rev": "fdcaab38857f221eea20a0073f891feb36ea8e99", + "revCount": 861, "type": "git", "url": "https://github.com/Jovian-Experiments/Jovian-NixOS" }, @@ -188,11 +218,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1717602782, - "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", + "lastModified": 1719075281, + "narHash": "sha256-CyyxvOwFf12I91PBWz43iGT1kjsf5oi6ax7CrvaMyAo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", + "rev": "a71e967ef3694799d0c418c98332f7ff4cc5f6af", "type": "github" }, "original": { @@ -204,27 +234,27 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1717880976, - "narHash": "sha256-BRvSCsKtDUr83NEtbGfHLUOdDK0Cgbezj2PtcHnz+sQ=", + "lastModified": 1719720450, + "narHash": "sha256-57+R2Uj3wPeDeq8p8un19tzFFlgWiXJ8PbzgKtBgBX8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4913a7c3d8b8d00cb9476a6bd730ff57777f740c", + "rev": "78f8641796edff3bfabbf1ef5029deadfe4a21d0", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-23.11", + "ref": "release-24.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_2": { "locked": { - "lastModified": 1717786204, - "narHash": "sha256-4q0s6m0GUcN7q+Y2DqD27iLvbcd1G50T2lv08kKxkSI=", + "lastModified": 1720031269, + "narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "051f920625ab5aabe37c920346e3e69d7d34400e", + "rev": "9f4128e00b0ae8ec65918efeba59db998750ead6", "type": "github" }, "original": { @@ -236,11 +266,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1717774105, - "narHash": "sha256-HV97wqUQv9wvptiHCb3Y0/YH0lJ60uZ8FYfEOIzYEqI=", + "lastModified": 1719468428, + "narHash": "sha256-vN5xJAZ4UGREEglh3lfbbkIj+MPEYMuqewMn4atZFaQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d226935fd75012939397c83f6c385e4d6d832288", + "rev": "1e3deb3d8a86a870d925760db1a5adecc64d329d", "type": "github" }, "original": { @@ -266,11 +296,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1717902109, - "narHash": "sha256-OQTjaEZcByyVmHwJlKp/8SE9ikC4w+mFd3X0jJs6wiA=", + "lastModified": 1720187017, + "narHash": "sha256-Zq+T1Bvd0ShZB9XM+bP0VJK3HjsSVQBLolkaCLBQnfQ=", "owner": "Mic92", "repo": "sops-nix", - "rev": "f0922ad001829b400f0160ba85b47d252fa3d925", + "rev": "1b11e208cee97c47677439625dc22e5289dcdead", "type": "github" }, "original": { @@ -311,11 +341,11 @@ ] }, "locked": { - "lastModified": 1716290197, - "narHash": "sha256-1u9Exrc7yx9qtES2brDh7/DDZ8w8ap1nboIOAtCgeuM=", + "lastModified": 1718619174, + "narHash": "sha256-FWW68AVYmB91ZDQnhLMBNCUUTCjb1ZpO2k2KIytHtkA=", "owner": "hyprwm", "repo": "xdg-desktop-portal-hyprland", - "rev": "91e48d6acd8a5a611d26f925e51559ab743bc438", + "rev": "c7894aa54f9a7dbd16df5cd24d420c8af22d5623", "type": "github" }, "original": { diff --git a/provision/hosts/bulwark/configuration.nix b/provision/hosts/bulwark/configuration.nix index 0aca6fa9..3f0f8f5f 100644 --- a/provision/hosts/bulwark/configuration.nix +++ b/provision/hosts/bulwark/configuration.nix @@ -26,9 +26,7 @@ hardware.bluetooth.enable = true; hardware.bluetooth.package = pkgs.bluez; hardware.sensor.iio.enable = true; - hardware.opengl.enable = true; - hardware.opengl.driSupport = true; - hardware.opengl.driSupport32Bit = true; + hardware.graphics.enable = true; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; diff --git a/provision/hosts/kestrel/configuration.nix b/provision/hosts/kestrel/configuration.nix index 86dd99f5..8c9690aa 100644 --- a/provision/hosts/kestrel/configuration.nix +++ b/provision/hosts/kestrel/configuration.nix @@ -28,9 +28,7 @@ hardware.bluetooth.enable = true; hardware.bluetooth.package = pkgs.bluez; hardware.sensor.iio.enable = true; - hardware.opengl.enable = true; - hardware.opengl.driSupport = true; - hardware.opengl.driSupport32Bit = true; + hardware.graphics.enable = true; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; diff --git a/provision/hosts/shivan/configuration.nix b/provision/hosts/shivan/configuration.nix index e112232d..448a990a 100644 --- a/provision/hosts/shivan/configuration.nix +++ b/provision/hosts/shivan/configuration.nix @@ -28,9 +28,7 @@ hardware.bluetooth.enable = true; hardware.bluetooth.package = pkgs.bluez; hardware.sensor.iio.enable = true; - hardware.opengl.enable = true; - hardware.opengl.driSupport = true; - hardware.opengl.driSupport32Bit = true; + hardware.graphics.enable = true; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; diff --git a/provision/hosts/torus/configuration.nix b/provision/hosts/torus/configuration.nix index 4f481d22..f4246546 100644 --- a/provision/hosts/torus/configuration.nix +++ b/provision/hosts/torus/configuration.nix @@ -61,8 +61,6 @@ hardware.opengl = { enable = true; - driSupport = true; - driSupport32Bit = true; setLdLibraryPath = true; }; diff --git a/provision/modules/desktop/gnome.nix b/provision/modules/desktop/gnome.nix index c3da1a10..073a7463 100644 --- a/provision/modules/desktop/gnome.nix +++ b/provision/modules/desktop/gnome.nix @@ -27,8 +27,8 @@ in { config = lib.mkIf cfg.enable { environment.systemPackages = with pkgs; [ - gnome.dconf-editor # Graphical tool for editing settings stored in the dconf database of GNOME. - gnome.gnome-tweaks # Utility for customizing various aspects of the GNOME desktop environment. + dconf-editor # Graphical tool for editing settings stored in the dconf database of GNOME. + gnome-tweaks # Utility for customizing various aspects of the GNOME desktop environment. evolution # Personal information management application that provides email, calendar, and contact management features. gnomeExtensions.focus-changer # GNOME Shell extension for changing window focus behavior. gnome-fullscreen-to-empty-workspace @@ -36,7 +36,7 @@ in { gnome-maximize-lonely-window ]; - environment.gnome.excludePackages = with pkgs.gnome; [ + environment.gnome.excludePackages = with pkgs; [ baobab # Disk usage analyzer for the GNOME desktop environment. cheese # Webcam application for taking photos and videos. epiphany # Web browser for the GNOME desktop environment. @@ -47,14 +47,14 @@ in { evince # Document viewer for the GNOME desktop environment. geary # Email client for the GNOME desktop environment. seahorse # GNOME application for managing encryption keys and passwords. - pkgs.gnome-tour # Guided tour application for introducing users to GNOME desktop environment features. - pkgs.snapshot # Utility for taking and managing system snapshots in the GNOME desktop environment. - pkgs.gnome-connections # GNOME application for accessing remote machines and services. + gnome-tour # Guided tour application for introducing users to GNOME desktop environment features. + snapshot # Utility for taking and managing system snapshots in the GNOME desktop environment. + gnome-connections # GNOME application for accessing remote machines and services. gnome-font-viewer # Utility for previewing and managing fonts in the GNOME desktop environment. - gnome-logs # Log viewer application for GNOME. - gnome-maps # Map application for the GNOME desktop environment. - gnome-music # Music player and management application for GNOME. - gnome-shell-extensions # Extensions for enhancing functionality and customization in the GNOME. + gnome.gnome-logs # Log viewer application for GNOME. + gnome.gnome-maps # Map application for the GNOME desktop environment. + gnome.gnome-music # Music player and management application for GNOME. + gnome.gnome-shell-extensions # Extensions for enhancing functionality and customization in the GNOME. ]; # Enable wayland gnome diff --git a/provision/modules/gaming/steam.nix b/provision/modules/gaming/steam.nix index 50d18226..f11f3f59 100644 --- a/provision/modules/gaming/steam.nix +++ b/provision/modules/gaming/steam.nix @@ -4,10 +4,7 @@ let cfg = config.modules.gaming.steam; in { options.modules.gaming.steam.enable = lib.mkEnableOption "steam"; config = lib.mkIf cfg.enable { - hardware.opengl = { # this fixes the "glXChooseVisual failed" bug, context: https://github.com/NixOS/nixpkgs/issues/47932 - enable = true; - driSupport32Bit = true; - }; + hardware.graphics.enable = true; # this fixes the "glXChooseVisual failed" bug, context: https://github.com/NixOS/nixpkgs/issues/47932 # optionally enable 32bit pulseaudio support if pulseaudio is enabled hardware.pulseaudio.support32Bit = config.hardware.pulseaudio.enable;