swendel/nixpkgs
1
0
Fork 0
mirror of https://github.com/SebastianWendel/nixpkgs.git synced 2024-09-20 20:39:04 +02:00
Code Issues Packages Projects Releases Wiki Activity
578943 commits 5 branches 0 tags 27 GiB
Commit graph

954 commits

Author SHA1 Message Date
Pierre Bourdon 3484985991
Merge pull request #285587 from edef1c/wrapper-cve-2023-6246 
nixos/modules/security/wrappers: limit argv0 to 512 bytes
 2024-02-01 19:18:45 +01:00
edef b4c9840652 nixos/modules/security/wrappers: limit argv0 to 512 bytes 
This mitigates CVE-2023-6246, crucially without a mass-rebuild.

Change-Id: I762a0d489ade88dafd3775d54a09f555dc8c2527
 2024-02-01 18:16:55 +00:00
Adam Stephens 75ec325cb9
nixos/pam: remove pam_cgfs 
pam_cgfs is a cgroups-v1 pam module. Verified with upstream that
this module no longer necessary on cgroups-v2 systems.
 2024-01-31 17:19:23 -05:00
éclairevoyant b43dcaf48f
nixos/acme: fix assertion for renamed option 2024-01-19 16:28:56 -05:00
mian | mian fbe9d95ed9
fix semi-colon missing 2024-01-18 16:31:54 +08:00
Peder Bergebakken Sundt dff635f38d
Merge pull request #243169 from 2xsaiko/outgoing/krb5 
nixos/krb5: cleanup, fix and RFC42-ify
 2024-01-10 21:06:15 +01:00
nicoo 0e5c95035d nixos/pam: Fix use of renamed enableSSHAgentAuth option 2024-01-08 18:13:46 +00:00
Maciej Krüger b5b2f6bec4
Merge pull request #277620 from nbraud/nixos/pam/ssh-agent-auth-31611 
nixos/pam: Add option for ssh-agent auth's trusted authorized_keys files
 2024-01-08 17:42:02 +01:00
Maciej Krüger c931d73fba
Merge pull request #276499 from nbraud/nixos/pam/ssh-agent-auth 
nixos/pam: Add assertion for SSH-agent auth
 2024-01-07 13:54:27 +01:00
nicoo 2eac5106f1 nixos/sudo: Remove unused enableSSHAgentAuth let-binding 2024-01-04 17:30:09 +00:00
nicoo 9ed1423dcf nixos/pam: Warn on insecure sshAgentAuth configurations 2024-01-04 17:30:09 +00:00
nicoo 822c0a86bd nixos/pam: Add sshAgentAuth.authorizedKeysFiles option 2024-01-03 14:49:36 +00:00
nicoo a46ea51ca3 nixos/pam: Rename option enableSSHAgentAuth to sshAgentAuth.enable 2024-01-03 14:49:36 +00:00
Maciej Krüger 4f9e98905e
nixos/auditd: fix typo 
Would otherwise fail with

```
       error: A definition for option `systemd.services.auditd.conflicts."[definition 1-entry 1]"' is not of type `string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)'. Definition values:
       - In `/nix/store/x2khl2yx0vz2i357x7mz5xm1kagql8ag-source/nixos/modules/security/auditd.nix': "shutdown.target "
```
 2024-01-01 17:28:46 +01:00
nicoo 607679c6d3 nixos/pam: Assert that authorizedKeysFiles is non-empty when using pam_ssh_agent_auth 2023-12-30 22:19:38 +00:00
nikstur d0014a531e nixos/wrappers: order service after sysusers service 2023-12-29 03:41:45 +01:00
nikstur 65ff518a0d nixos/ipa: replace activationScript 
Replaced with a dedicated systemd service.
 2023-12-29 03:41:45 +01:00
nikstur c9569af3e0
Merge pull request #271326 from philiptaron/shutdown.target 
treewide: depend on `shutdown.target` if `DefaultDependencies=no` in almost every case
 2023-12-27 08:33:26 +01:00
Sandro Jäckel 35ca689119
nixos/wrapper: add basename of the wrapped program to the wrappers name to easily identify it 
Also fix the comment with test instructions
 2023-12-24 20:36:12 +01:00
nicoo 1e9e8a0db0 nixos/sudo-rs: Removed unused let-binding 
Leftover from bcc2d1238a
 2023-12-24 13:58:08 +00:00
Marco Rebhan 5ee94c0170
nixos/krb5: add h7x4 as maintainer 2023-12-21 11:38:22 +01:00
Marco Rebhan a4a9be35f4
nixos/krb5: add myself as maintainer for module & tests 2023-12-21 11:38:18 +01:00
Marco Rebhan fed77d1705
nixos/krb5: move to security.krb5 2023-12-21 11:35:26 +01:00
pennae 90c53f5341
Merge pull request #270224 from SuperSandro2000/patch-2 
nixos/acme: add syntax highlighting to code blocks
 2023-12-11 09:03:32 +01:00
Sandro 5a64fb2799
nixos/acme: add syntax highlighting to code blocks 2023-12-10 19:59:22 +01:00
Philip Taron a7a5b2eca1
nixos/suid-sgid-wrappers: ensure correct ordering w.r.t. shutdown.target 2023-11-30 15:03:56 -08:00
Philip Taron d7ab46ed87
nixos/duosec: ensure correct ordering w.r.t. shutdown.target 2023-11-30 15:02:51 -08:00
Philip Taron 407ef67228
nixos/auditd: ensure correct ordering w.r.t. shutdown.target 
This looks like it's got a few other idiosyncrasies, but I'll leave it
alone for now.
 2023-11-30 15:00:39 -08:00
Philip Taron 454f3cb58d
nixos/apparmor: ensure correct ordering w.r.t. shutdown.target 2023-11-30 14:57:59 -08:00
Weijia Wang feeae486de
Merge pull request #261702 from h7x4/replace-mkoption-with-mkpackageoption 
treewide: use `mkPackageOption`
 2023-11-30 02:49:30 +01:00
h7x4 0a37316d6c
treewide: use mkPackageOption 
This commit replaces a lot of usages of `mkOption` with the package
type, to be `mkPackageOption`, in order to reduce the amount of code.
 2023-11-27 01:28:36 +01:00
nicoo bcc2d1238a nixos/sudo-rs: Move support for pam_ssh_agent_auth(8) to PAM's NixOS module 
Similar to delroth's suggestion in #262790.
 2023-11-25 14:11:25 +00:00
nicoo f5d059b1f5 nixos/sudo-rs: Clarify security.sudo-rs.enable's description 2023-11-25 14:11:24 +00:00
nicoo 46aaa5be70 nixos/sudo-rs: Refactor option definitions 2023-11-25 14:11:24 +00:00
nicoo 03db94319a nixos/sudo-rs: refactor processing of cfg.extraRules 2023-11-25 14:11:24 +00:00
nicoo 9b0a63c2fe nixos/sudo-rs: Fix bug putting the wrong version of sudo in environment.systemPackages 2023-11-25 14:11:24 +00:00
nicoo 165b600f01 nixos/sudo-rs: Drop checks for sudo implementation 2023-11-25 14:11:23 +00:00
nicoo cd42b18a2c nixos/sudo-rs: uniformize ssh-agent auth behaviour with security.sudo 2023-11-25 14:11:23 +00:00
nicoo b05648b541 nixos/sudo-rs: Simplify activation 2023-11-25 14:11:23 +00:00
ners ed31e0235e treewide: replace broken udev paths with systemd 2023-11-21 15:09:38 +01:00
Léo Gaspard b1c25de57b
nixos/acme: do not eat Let's Encrypt's request limits if misconfigured on first try (#266155) 2023-11-14 20:29:50 +01:00
nicoo d5a8e667d2 nixos/sudo: Update assertion message 2023-11-14 12:25:55 +00:00
Maciej Krüger 9c61d268a7
Merge pull request #265727 from nbraud/nixos/sudo-rs/google_oslogin 2023-11-11 18:09:39 +01:00
Anthony Roussel e30f48be94
treewide: fix redirected and broken URLs 
Using the script in maintainers/scripts/update-redirected-urls.sh
 2023-11-11 10:49:01 +01:00
Yureka b0206f9bf9 nixos/sudo: enable by default 
The default was accidentally changed to false in #262790
 2023-11-10 03:30:39 +01:00
nicoo b942382216 nixos/sudo: refactor processing of cfg.extraRules 2023-11-08 19:41:39 +00:00
nicoo 1852b67bc6 nixos/sudo: Make the default rules' options configurable 2023-11-08 19:41:39 +00:00
nicoo 93011e31bd nixos/sudo: Handle root's default rule through extraRules 
This makes things more uniform; moreover, users can now inject rules before this.
 2023-11-08 19:41:39 +00:00
nicoo 77ed368b20 nixos/sudo: Refactor option definitions 2023-11-08 19:41:38 +00:00
nicoo 19e1420e13 nixos/sudo: Move support for pam_ssh_agent_auth(8) to PAM's NixOS module 2023-11-08 19:41:37 +00:00