swendel/nixpkgs
1
0
Fork 0
mirror of https://github.com/SebastianWendel/nixpkgs.git synced 2024-09-21 12:59:04 +02:00
Code Issues Packages Projects Releases Wiki Activity
nixpkgs/nixos/modules/services/security
History
SLNOS 2de3c4bd78 nixos/tor: add tor-init service to fix directory ownerships, fix hardenings 
This reverts a part of 5bd12c694b.

Apparently there's no way to specify user for RuntimeDirectory in systemd
service file (it's always root) but tor won't create control socket if the dir
is owned by anybody except the tor user.

These hardenings were adopted from the upstream service file, checked
against systemd.service(5) and systemd.exec(5) manuals, and tested to
actually work with all the options enabled.

`PrivateDevices` implies `DevicePolicy=closed` according to systemd.exec(5),
removed.

`--RunAsDaemon 0` is the default value according to tor(5), removed.
2018-06-11 15:52:24 +00:00
..
clamav.nix nixos/clamav: replace mkIf [] with optional 2018-01-06 16:52:14 +01:00
fail2ban.nix fail2ban service : improve ssh jail (#21131) 2016-12-14 14:58:02 +01:00
fprintd.nix nixos/fprintd: add service and pam support 2015-01-03 19:50:40 +03:00
fprot.nix jobs -> systemd.services 2016-01-07 06:39:06 +00:00
haka.nix nixos/treewide: remove boolean examples for options 2017-03-17 23:36:19 +01:00
haveged.nix haveged module: clean up service configuration (#18513) 2016-09-13 07:07:46 +02:00
hologram-agent.nix nixos/modules: rename IP addresses/routes options 2018-02-17 14:57:07 +01:00
hologram-server.nix hologram-server module: add cache timeout option 2018-03-21 12:58:25 -04:00
munge.nix nixos/munge: run munge as user munge instead of root. (#41509) 2018-06-09 00:50:28 +02:00
oauth2_proxy.nix oauth2_proxy: use explicit upstream default for setXauthrequest 2018-04-27 16:45:38 +02:00
physlock.nix physlock: add allowAnyUser option 2018-02-02 14:03:00 +01:00
shibboleth-sp.nix shibboleth: Add Myself as a Maintainer (#25817) 2017-05-16 10:11:55 +01:00
sks.nix sks and pgpkeyserver-lite modules: init (#27515) 2017-08-22 12:27:00 +02:00
sshguard.nix sshguard: service creates /var/lib/sshguard 2018-05-05 00:29:44 -05:00
tor.nix nixos/tor: add tor-init service to fix directory ownerships, fix hardenings 2018-06-11 15:52:24 +00:00
torify.nix nixos: Move uses of stdenv.shell to runtimeShell. 2018-03-01 14:38:53 -05:00
torsocks.nix nixos: Move uses of stdenv.shell to runtimeShell. 2018-03-01 14:38:53 -05:00
usbguard.nix nixos/usbguard: Do not check permissions on rules file (using undocumented -P flag) 2018-02-27 18:34:02 +00:00
vault.nix vault: do not restart the service on "nixos-rebuild switch" 2017-07-03 19:46:02 +00:00