swendel/nixpkgs
1
0
Fork 0
mirror of https://github.com/SebastianWendel/nixpkgs.git synced 2024-09-20 20:39:04 +02:00
Code Issues Packages Projects Releases Wiki Activity
77759 commits 5 branches 0 tags 27 GiB
Commit graph

129 commits

Author SHA1 Message Date
Leroy Hopson 24d5d28820 cacert: fix formatting of example 2016-02-27 22:25:39 +13:00
zimbatm 2c7e5a6d8e Merge pull request #13434 from spacefrogg/oath-module 
config.security.oath: new module
 2016-02-26 18:06:28 +00:00
tg(x) 629a89343e simp_le: external_pem.sh plugin is now called external.sh 2016-02-26 01:31:58 +01:00
Michael Raitza d09c7986de config.security.oath: new module 
Add a module to make options to pam_oath module configurable.
These are:
 - enable - enable the OATH pam module
 - window - number of OTPs to check
 - digits - length of the OTP (adds support for two-factor auth)
 - usersFile - filename to store OATH credentials in
 2016-02-25 13:52:45 +00:00
Vladimír Čunát e9520e81b3 Merge branch 'master' into staging 2016-02-17 10:06:31 +01:00
Nikolay Amiantov c420a6f1ef acme service: update plugins enum 2016-02-10 02:06:01 +03:00
Guillaume Maudoux 9f358f809d Configure a default trust store for openssl 2016-02-03 12:42:01 +01:00
Eelco Dolstra bfebc7342e Fix some references to deprecated /etc/ssl/certs/ca-bundle.crt 2016-01-29 02:32:05 +01:00
Eelco Dolstra 2352e2589e audit: Disable in containers 
This barfs:

Jan 18 12:46:32 machine 522i0x9l80z7gw56iahxjjsdjp0xi10q-audit-start[506]: The audit system is disabled
 2016-01-26 16:25:40 +01:00
Domen Kožar 7fe7138968 nixos: fix acme service @abbradar 2016-01-12 11:50:34 +01:00
Nikolay Amiantov f92cec4c1b nixos/acme: add allowKeysForGroup 2016-01-10 07:28:19 +03:00
Dan Peebles 63bfe20b72 security.audit: add NixOS module 
Part of the way towards #11864. We still don't have the auditd
userland logging daemon, but journald also tracks audit logs so we
can already use this.
 2016-01-07 03:06:10 +00:00
Nikolay Amiantov 5250582396 nixos/acme: fix timer unit 2015-12-13 17:01:59 +03:00
Franz Pletz 1685b9d06e nixos/acme: Add module documentation 2015-12-12 16:06:53 +01:00
Franz Pletz 9374ddb895 nixos/acme: validMin & renewInterval aren't cert-specific 2015-12-12 16:06:53 +01:00
Franz Pletz 0517d59a66 nixos/acme: Improve documentation 2015-12-12 16:06:52 +01:00
Franz Pletz de24b00d41 nixos/simp_le: Rename to security.acme 2015-12-12 16:06:52 +01:00
obadz a05a340e26 PAM: reorganize the way pam_ecryptfs and pam_mount get their password 
Run pam_unix an additional time rather than switching it from sufficient
to required. This fixes a potential security issue for
ecryptfs/pam_mount users as with pam_deny gone, if cfg.unixAuth = False
then it is possible to login without a password.
 2015-11-21 21:10:40 +00:00
Jan Malakhovski 6eadb16022 nixos: fix some types 2015-09-18 18:48:50 +00:00
Tobias Geerinckx-Rice c90eb862fc nixos: prey module: fix option descriptions 2015-09-06 23:50:03 +02:00
Jaka Hudoklin c7bb64cb97 Merge pull request #7344 from joachifm/apparmor-pam 
nixos: add AppArmor PAM support
 2015-08-29 18:59:53 +02:00
obadz 172522e153 ecryptfs: 
- upgrade 106 -> 108
- fix passphrase rewrapper (password changing should now work fine) as
  discussed on https://bugs.launchpad.net/ecryptfs/+bug/1486470
- add lsof dependency so ecryptfs-migrate-home should work out of the
  box
 2015-08-19 12:16:57 +01:00
Joachim Fasting 2e0933787b nixos: add AppArmor PAM support 
Enables attaching AppArmor profiles at the user/group level.

This is not intended to be used directly, but as part of a
role-based access control scheme. For now, profile attachment
is 'session optional', but should be changed to 'required' once
a more comprehensive solution is in place.
 2015-07-15 12:40:06 +02:00
William A. Kennington III d605663ae2 Merge branch 'master.upstream' into staging.upstream 2015-07-05 13:06:02 -07:00
Thomas Strobel 7b6f279142 pam_mount module: integrate pam_mount into PAM of NixOS 2015-07-04 23:42:31 +02:00
William A. Kennington III 8e19ac8d7c Merge branch 'master.upstream' into staging.upstream 2015-06-17 11:57:40 -07:00
Eelco Dolstra 6e6a96d42c Some more type cleanup 2015-06-15 18:18:46 +02:00
William A. Kennington III 9d6555dc0a Merge branch 'master.upstream' into staging.upstream 2015-06-06 12:04:42 -07:00
William A. Kennington III ffd0539eba cacert: store ca-bundle.crt in $out/etc/ssl/certs instead of $out 2015-06-05 13:00:52 -07:00
William A. Kennington III 867d2c5c46 openssl: Remove References to OPENSSL_X509_CERT_FILE 2015-05-31 15:50:51 -07:00
William A. Kennington III d6cbb061e3 cacert: Build directly from nss instead of our own tarball 2015-05-29 13:52:07 -07:00
Ricardo M. Correia aa75bb25d8 grsecurity: Update stable and test patches 
stable: 3.1-3.14.41-201505072056 -> 3.1-3.14.41-201505101121
test:   3.1-4.0.2-201505072057   -> 3.1-4.0.2-201505101122
 2015-05-11 02:45:38 +02:00
Philip Potter 2216728979 add support for pam_u2f to nixos pam module 
This adds support for authenticating using a U2F device such as a
yubikey neo.
 2015-05-03 19:22:00 +01:00
Austin Seipp 8d3b8d0dc8 Merge pull request #7149 from joachifm/grsec-gradm-optional 
grsecurity module: configure gradm iff RBAC is enabled
 2015-04-13 17:11:29 -05:00
Austin Seipp b86f6a3ed6 Merge pull request #7148 from joachifm/grsec-trivial 
grsecurity module: trivial improvements
 2015-04-13 17:10:47 -05:00
Nicolas B. Pierron 6de931a0f8 Merge rename.nix changes. 2015-04-03 23:12:12 +02:00
Arseniy Seroka 8592c6c004 Merge pull request #7150 from joachifm/grsec-types 
grsecurity module: use types.enum
 2015-04-03 16:03:49 +03:00
Joachim Fasting 3e847d512d grsecurity module: configure gradm iff RBAC is enabled 2015-04-03 13:45:57 +02:00
Joachim Fasting ba93a75724 grsecurity module: use types.enum 
Also
- set desktop as default system
- make virtualisationSoftware nullOr
- make virtualisationConfig nullOr
 2015-04-03 13:45:45 +02:00
Joachim Fasting 66c4f51046 grsecurity module: simplify assertion 2015-04-03 13:38:32 +02:00
Joachim Fasting 2e88605a91 grsecurity module: remove reference to systemd-sysctl 
First, that's not what the service is called, and secondly it's
most likely irrelevant to the user.
 2015-04-03 13:38:32 +02:00
Arseniy Seroka 4fa554e32b Merge pull request #7017 from obadz/sg+sudo-g 
Ability to switch groups with sg and sudo -g
 2015-04-02 02:11:10 +03:00
obadz be7f104502 sg: add setuid wrapper. (newgrp is a symlink to sg and was already setuid). 
sudo: add ability for wheel users to change group (as well as user)
 2015-03-30 23:50:45 +01:00
Austin Seipp 3ff22a924f Merge pull request #6871 from joachifm/apparmor-fixups 
Apparmor fixups
 2015-03-20 15:36:42 -05:00
Joachim Fasting 532337d673 Cleanup AppArmor module 
Remove excessive whitespace & comment sections
 2015-03-18 12:07:43 +01:00
Austin Seipp ef95600372 Merge pull request #6771 from joachifm/apparmor-2.9 
Apparmor 2.9
 2015-03-15 14:16:24 -05:00
Ricardo M. Correia 7c8247a8c5 grsecurity: Update stable and test patches 
stable: 3.1-3.14.35-201503071140 -> 3.1-3.14.35-201503092203
test:   3.1-3.18.9-201503071142  -> 3.1-3.19.1-201503122205
 2015-03-15 03:49:58 +01:00
Shea Levy 1d62ad4746 modules.nix: Generate the extra argument set from the configuration 
This allows for module arguments to be handled modularly, in particular
allowing the nixpkgs module to handle the nixpkgs import internally.
This creates the __internal option namespace, which should only be added
to by the module system itself.
 2015-03-12 23:42:57 +01:00
Joachim Fasting 7a9a24a95e Update AppArmor service module 
- Use AppArmor 2.9
- Enable PAM support
 2015-03-12 11:49:05 +01:00
obadz e5d4624420 PAM/eCryptfs now able to mount ecryptfs'd home directories on login 2015-03-08 16:03:51 -07:00