alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity
nixpkgs/nixos/modules/security
History
Vincent Bernat 632c8e1d54
nixos/acme: don't use --reuse-key 
Reusing the same private/public key on renewal has two issues:

 - some providers don't accept to sign the same public key
   again (Buypass Go SSL)

 - keeping the same private key forever partly defeats the purpose of
   renewing the certificate often

Therefore, let's remove this option. People wanting to keep the same
key can set extraLegoRenewFlags to `[ --reuse-key ]` to keep the
previous behavior. Alternatively, we could put this as an option whose
default value is true.
2021-06-01 00:43:45 +02:00
..
apparmor nixos/apparmor: improve code readability 2021-04-23 07:20:19 +02:00
wrappers Revert "Revert "apparmor: fix and improve the service"" 2021-04-23 07:17:55 +02:00
acme.nix nixos/acme: don't use --reuse-key 2021-06-01 00:43:45 +02:00
acme.xml nixos/acme: fix docs 2021-01-29 18:56:28 +01:00
apparmor.nix nixos/security/apparmor: utillinux -> util-linux 2021-05-17 17:14:08 +02:00
audit.nix
auditd.nix auditd service: make more useful 2019-06-10 18:55:11 +03:00
ca.nix nixos/security.pki: handle PEMs w/o a final newline 2021-05-16 17:23:11 -07:00
chromium-suid-sandbox.nix nixos/treewide: Move rename.nix imports to their respective modules 2019-12-10 02:51:19 +01:00
dhparams.nix dhparams module: add self as maintainer 2018-10-31 01:05:35 +09:00
doas.nix nixos/doas: add noLog option 2020-11-14 19:16:56 -08:00
duosec.nix treewide: fix modules options types where the default is null 2020-04-28 19:13:59 +02:00
google_oslogin.nix nixos/google-oslogin: add to system.nssDatabases.group too 2020-05-11 16:14:50 +02:00
lock-kernel-modules.nix
misc.nix nixos/apparmor: improve code readability 2021-04-23 07:20:19 +02:00
oath.nix
pam.nix Merge remote-tracking branch 'origin/master' into staging-next 2021-05-08 14:43:43 +02:00
pam_mount.nix utillinux: rename to util-linux 2020-11-24 12:42:06 -05:00
pam_usb.nix
polkit.nix nixos/polkit: remove root from adminIdentities 2019-12-09 19:11:09 -05:00
rngd.nix nixos/rngd: Remove module entirely, leave an explaination 2021-02-21 01:32:50 +01:00
rtkit.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
sudo.nix nixos/sudo: add option execWheelOnly 2021-05-08 23:48:00 +02:00
systemd-confinement.nix confinement: fix assert for serviceConfig.ProtectSystem 2020-10-14 11:56:18 +02:00
tpm2.nix nixos: remove StandardOutput=syslog, StandardError=syslog lines 2020-08-13 18:49:15 +02:00