Guillaume Girol
ceb2e6667b
Merge pull request #126289 from rnhmjoj/wrappers
...
nixos/security/wrappers: make well-typed
2021-09-18 15:28:49 +00:00
rnhmjoj
fedd7cd690
nixos: explicitely set security.wrappers ownership
...
This is slightly more verbose and inconvenient, but it forces you
to think about what the wrapper ownership and permissions will be.
2021-09-13 13:48:13 +02:00
rnhmjoj
8f76a6eefc
nixos: add implict security.wrappers options
...
This is to keep the same permissions/setuid/setgid as before the change
in security.wrappers defaults.
2021-09-13 13:48:13 +02:00
Guillaume Girol
bc3bca822a
nixos: define the primary group of users where needed
2021-09-12 14:59:30 +02:00
Bjørn Forsman
225d915e5c
nixos/atd: prefer 'install' over 'mkdir/chmod/chown'
...
I don't think there was a security issue here, but using 'install' is
preferred.
Ref #121293 .
2021-05-01 15:16:19 +02:00
Florian Klink
645ea787c9
nixos/marathon: remove module
...
The corresponding package failed to build for >9 months.
2020-08-15 16:59:58 +02:00
Florian Klink
a90b929020
nixos/chronos: remove module
...
The chronos package has been broken for > 9 months due to the breakage
of the mesos package.
2020-08-15 16:59:38 +02:00
Peter Hoeg
53a51f212a
atd: systemd-udev-settle serves no purpose
2020-03-21 11:15:06 +08:00
rnhmjoj
1d61efb7f1
treewide: use attrs instead of list for types.loaOf options
2020-01-06 10:39:18 -05:00
Janne Heß
d6c08776ba
treewide: Switch to system users
2019-10-12 22:25:28 +02:00
Florian Klink
f74735c9d7
nixos: remove dependencies on local-fs.target
...
Since https://github.com/NixOS/nixpkgs/pull/61321 , local-fs.target is
part of sysinit.target again, meaning units without
DefaultDependencies=no will automatically depend on it, and the manual
set dependencies can be dropped.
2019-09-01 19:06:38 +02:00
Florian Klink
2457510db4
Merge pull request #51918 from bobvanderlinden/var-run
...
tree-wide: nixos: /var/run -> /run
2019-04-07 20:09:46 +02:00
Benjamin Hipple
8b3500c650
nixos.cron: fix docstring sentence
2019-03-26 23:22:20 -04:00
Bob van der Linden
798931135e
nixos/fcron: /var/run -> /run
2019-03-24 21:15:30 +01:00
Florian Klink
fff5923686
nixos/modules: users.(extraUsers|extraGroup->users|group)
2018-06-30 03:02:58 +02:00
Alex Brandt
fdebbce726
nixos/modules/services/scheduling/fcron: add setuid to fcrontab
...
Without fcrontab being setuid, every attempt by an user in the fcron
group to edit their own crontab (via `fcrontab -e`) results in the
following error:
```
2018-05-06 11:29:07 ERROR could not change euid to 273: Operation not permitted
2018-05-06 11:29:07 ERROR fcron child aborted: this does not affect the main fcron daemon, but this may prevent a job from being run or an email from being sent.
```
Adding setuid by hand has resolved this issue and aligns with the way
fcrontab is installed on other distributions.
2018-05-06 11:24:09 -07:00
Léo Gaspard
341583b2d2
fcron module: be compatible with non-wrapped sendmail's, like opensmtpd's
2017-12-31 03:34:11 +01:00
Bjørn Forsman
497108b456
nixos/atd: remove "batch" from setuid wrappers
...
"batch" is a shell script so invoking it via setuid wrapper never worked
anyway. (The kernel drops perms on executables with shebang.) A previous
nixpkgs commit made "batch" invoke the NixOS setuid "at" wrapper to gain
needed privileges.
Thanks to @yesbox for noticing.
2017-10-16 19:08:19 +02:00
Léo Gaspard
1afd97aa8f
fcron module: fix use with hardlink-optimized store
2017-10-09 23:44:28 +02:00
Joerg Thalheim
e34e28e573
nixos/fcron: service needs fcron in PATH
...
otherwise fcronsighup is not found.
Set PATH to /run/current-system/sw/bin does not seems to be used by service file anyway.
2017-10-09 11:43:24 +01:00
Linus Heckemann
46e41da543
cron service: fix reliance on etc.timezone
...
This does not fully address the issue, as cron will not restart when
the timezone is changed imperatively as it presumably needs to.
2017-08-30 21:35:17 +02:00
Jörg Thalheim
44c3726dca
fcron: install systab
...
fixes #25072
2017-04-23 11:44:04 +02:00
Jörg Thalheim
5ca7e8a69a
fcron: do not chmod at all
...
fcron does handle permissions on its own correctly
2017-04-13 12:28:19 +02:00
Franz Pletz
9536169074
nixos/treewide: remove boolean examples for options
...
They contain no useful information and increase the length of the
autogenerated options documentation.
See discussion in #18816 .
2017-03-17 23:36:19 +01:00
Jörg Thalheim
947815f59f
fcron: 3.1.2 -> 3.2.1
...
fixes #23320 #23413
2017-03-05 22:41:11 +01:00
Bjørn Forsman
a45821e7a8
nixos/cron: unbreak since new security.wrapper
2017-02-15 08:30:58 +01:00
Bjørn Forsman
aaac02f6c4
nixos/atd: unbreak after new security.wrappers
...
* convert list -> attrset
* 'atd' doesn't exist, 'at' does
2017-02-15 08:25:59 +01:00
Parnell Springmeyer
628e6a83d0
More derp
2017-01-29 05:33:56 -06:00
Parnell Springmeyer
4aa0923009
Getting rid of the var indirection and using a bin path instead
2017-01-29 04:11:01 -06:00
Parnell Springmeyer
a8cb2afa98
Fixing a bunch of issues
2017-01-29 01:58:12 -06:00
Parnell Springmeyer
e92b8402b0
Addressing PR feedback
2017-01-28 20:48:03 -08:00
Parnell Springmeyer
bae00e8aa8
setcap-wrapper: Merging with upstream master and resolving conflicts
2017-01-25 11:08:05 -08:00
Joachim Fasting
b6e5c620a3
marathon service: remove use of network-interfaces.target
2016-09-13 11:19:22 +02:00
Joachim Fasting
3826c19392
chronos service: remove use of network-interfaces.target
2016-09-13 11:19:22 +02:00
Parnell Springmeyer
98c058a1ee
Adapting everything for the merged permissions wrappers work.
2016-09-01 19:21:06 -05:00
Parnell Springmeyer
390ab0b3ef
everything?: Updating every package that depended on the old setuidPrograms configuration.
2016-09-01 19:17:43 -05:00
Robin Gloster
88292fdf09
jobs -> systemd.services
2016-01-07 06:39:06 +00:00
Eelco Dolstra
dec09c2220
services.cron.enable: Remove misleading default
...
Elsewhere we set it to "mkDefault (allFiles != [])" to the default has
no effect.
2015-11-19 14:25:16 +01:00
michael bishop
54fe2f8c5c
build the crontab localy, there is nothing to gain from building it remotely
2015-10-03 03:33:13 -03:00
Shea Levy
e3c374fac4
cron: Actually enable the service if enabled
2015-07-24 12:15:37 -04:00
Eelco Dolstra
e2b25f9434
Use environment.etc to manage /etc/crontab
...
Otherwise, /etc/crontab won't be deleted when cron is disabled.
2015-07-22 15:15:09 +02:00
Eelco Dolstra
201f9beddb
Don't enable cron by default
...
The rationale for disabling this is: 1) systemd timers are better; 2)
it gets rid of one usually unnecessary process, which makes containers
more light-weight.
Note that cron is still enabled if services.cron.systemCronJobs is
non-empty, so this only matters if you have no declarative cron jobs
but do have user cron jobs.
2015-07-22 15:15:09 +02:00
Eelco Dolstra
c738b309ee
types.uniq types.bool -> types.bool
2015-06-15 18:10:26 +02:00
rushmorem
9c7fae83ee
Make it easy to override the marathon framework user
...
Currently the module hardcodes the systemd service user to "marathon".
With this change one would not need to create an extra systemd config to
override the user.
So why would one need to override the Marathon user? Some apps require
root access to run. You can't run those with Marathon unless you
override the default user to root. Marathon also provides a
`--mesos_user` command line flag which allows you to run apps using
arbitrary users. You need to run the framework as root to enable this
functionality.
2015-05-29 18:07:07 +02:00
rushmorem
b5820a5ebd
Update Marathon module
...
The new module makes it possible to pass extra commandline
arguments to Marathon as well as environment variables.
2015-05-21 15:45:13 +02:00
Jaka Hudoklin
ebfadc2fc9
Merge pull request #6452 from rushmorem/update-chronos-port
...
Update chronos default port
2015-02-19 14:13:00 +01:00
rushmorem
74b40e9a43
Add marathon mesos framework
2015-02-19 13:30:00 +02:00
rushmorem
a661802d29
Update chronos default port
...
Update chronos default port to match the one documented on
their website (http://airbnb.github.io/chronos ). The one in
their repo (the current one) clashes with the marathon documented
one.
2015-02-19 12:31:12 +02:00
Rob Vermaas
b48e41b8d7
cron: make into systemd.service and make it depend on /etc/localtime
...
so that changes in timezone will trigger a restart of cron service.
2014-12-15 14:50:12 +01:00
Jaka Hudoklin
099eabb490
nixos: add chronos service
2014-12-03 15:49:14 +01:00