mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-18 19:51:17 +00:00
Code Issues Wiki Activity
561826 commits 271 branches 124 tags 6.1 GiB
Commit graph

930 commits

Author SHA1 Message Date
Marco Rebhan 5ee94c0170
nixos/krb5: add h7x4 as maintainer 2023-12-21 11:38:22 +01:00
Marco Rebhan a4a9be35f4
nixos/krb5: add myself as maintainer for module & tests 2023-12-21 11:38:18 +01:00
Marco Rebhan fed77d1705
nixos/krb5: move to security.krb5 2023-12-21 11:35:26 +01:00
pennae 90c53f5341
Merge pull request #270224 from SuperSandro2000/patch-2 
nixos/acme: add syntax highlighting to code blocks
 2023-12-11 09:03:32 +01:00
Sandro 5a64fb2799
nixos/acme: add syntax highlighting to code blocks 2023-12-10 19:59:22 +01:00
Weijia Wang feeae486de
Merge pull request #261702 from h7x4/replace-mkoption-with-mkpackageoption 
treewide: use `mkPackageOption`
 2023-11-30 02:49:30 +01:00
h7x4 0a37316d6c
treewide: use mkPackageOption 
This commit replaces a lot of usages of `mkOption` with the package
type, to be `mkPackageOption`, in order to reduce the amount of code.
 2023-11-27 01:28:36 +01:00
nicoo bcc2d1238a nixos/sudo-rs: Move support for pam_ssh_agent_auth(8) to PAM's NixOS module 
Similar to delroth's suggestion in #262790.
 2023-11-25 14:11:25 +00:00
nicoo f5d059b1f5 nixos/sudo-rs: Clarify security.sudo-rs.enable's description 2023-11-25 14:11:24 +00:00
nicoo 46aaa5be70 nixos/sudo-rs: Refactor option definitions 2023-11-25 14:11:24 +00:00
nicoo 03db94319a nixos/sudo-rs: refactor processing of cfg.extraRules 2023-11-25 14:11:24 +00:00
nicoo 9b0a63c2fe nixos/sudo-rs: Fix bug putting the wrong version of sudo in environment.systemPackages 2023-11-25 14:11:24 +00:00
nicoo 165b600f01 nixos/sudo-rs: Drop checks for sudo implementation 2023-11-25 14:11:23 +00:00
nicoo cd42b18a2c nixos/sudo-rs: uniformize ssh-agent auth behaviour with security.sudo 2023-11-25 14:11:23 +00:00
nicoo b05648b541 nixos/sudo-rs: Simplify activation 2023-11-25 14:11:23 +00:00
ners ed31e0235e treewide: replace broken udev paths with systemd 2023-11-21 15:09:38 +01:00
Léo Gaspard b1c25de57b
nixos/acme: do not eat Let's Encrypt's request limits if misconfigured on first try (#266155) 2023-11-14 20:29:50 +01:00
nicoo d5a8e667d2 nixos/sudo: Update assertion message 2023-11-14 12:25:55 +00:00
Maciej Krüger 9c61d268a7
Merge pull request #265727 from nbraud/nixos/sudo-rs/google_oslogin 2023-11-11 18:09:39 +01:00
Anthony Roussel e30f48be94
treewide: fix redirected and broken URLs 
Using the script in maintainers/scripts/update-redirected-urls.sh
 2023-11-11 10:49:01 +01:00
Yureka b0206f9bf9 nixos/sudo: enable by default 
The default was accidentally changed to false in #262790
 2023-11-10 03:30:39 +01:00
nicoo b942382216 nixos/sudo: refactor processing of cfg.extraRules 2023-11-08 19:41:39 +00:00
nicoo 1852b67bc6 nixos/sudo: Make the default rules' options configurable 2023-11-08 19:41:39 +00:00
nicoo 93011e31bd nixos/sudo: Handle root's default rule through extraRules 
This makes things more uniform; moreover, users can now inject rules before this.
 2023-11-08 19:41:39 +00:00
nicoo 77ed368b20 nixos/sudo: Refactor option definitions 2023-11-08 19:41:38 +00:00
nicoo 19e1420e13 nixos/sudo: Move support for pam_ssh_agent_auth(8) to PAM's NixOS module 2023-11-08 19:41:37 +00:00
nicoo 9259a8d279 nixos/google_oslogin: Handle sudo-rs too 2023-11-05 20:40:12 +00:00
nicoo ad92951579 nixos/sudo: Don't include empty sections 
This makes the generated sudoers a touch easier to read.
 2023-11-05 17:23:41 +00:00
Maximilian Bosch 225d785e7d
Merge pull request #263475 from nbraud/nixos/sudo-bugfix 
nixos/sudo: fix `security.sudo.package`
 2023-11-03 11:26:03 +01:00
Linus Heckemann 8670794565
Merge pull request #263203 from nikstur/replace-activation 
Replace simple activationScripts
 2023-10-28 10:17:15 +02:00
nicoo 6e15779fda nixos/sudo: fix security.sudo.package 2023-10-26 19:00:25 +00:00
K900 5438b83028
nixos/acme: fix assertion, add actual values to message (#263543) 2023-10-26 11:28:43 +02:00
nikstur 47ff8d20d7 nixos/duosec: replace activationScript 
Replace with a separate systemd service.
 2023-10-26 01:51:07 +02:00
Yureka 8b37735e0e
nixos/acme: add s3Bucket option (#262806) 2023-10-25 21:08:05 +02:00
nikstur f827f7ad7b nixos/wrappers: replace activationScript 
Create the wrappers via a separate systemd service.
 2023-10-24 23:51:37 +02:00
Lin Jian 23203f8e12
Merge pull request #262666 from SuperSandro2000/patch-1 
nixos/acme: fix upstream documentation link
 2023-10-22 17:13:26 +08:00
Sandro 4a97d6181c
nixos/acme: fix upstream documentation link 2023-10-22 05:47:45 +02:00
Martin Weinelt d042a29613
Merge pull request #253764 from linj-fork/fix-ping-wrapper 
nixos/network-interfaces: stop wrapping ping with cap_net_raw
 2023-10-20 00:57:55 +02:00
Silvan Mosberger e0b3b074fb
Merge pull request #255547 from Majiir/pam-modular-rules 
nixos/pam: assemble rules from modular configuration
 2023-10-16 19:41:00 +02:00
edef 89e45f23db nixos/modules/security/wrappers: drop dead code 2023-10-11 08:49:32 +00:00
Majiir Paktu 9d6e6e18bc nixos/pam: add maintainer 2023-10-10 21:11:35 -04:00
Majiir Paktu e712b6e81d nixos/pam: generate apparmor includes from rules 
Removes redundant config from the module. Fixes a bug where some modules
(e.g. ussh) were added to apparmor even though they had no rules enabled.
 2023-10-10 21:11:35 -04:00
Majiir Paktu 43f7cb4a95 nixos/pam: add order comment to each rule line 2023-10-10 21:11:35 -04:00
Majiir Paktu 077cdcc7e9 nixos/pam: convert rules to attrs, add order field 
Makes it possible to override properties of a rule by name. Introduces
an 'order' field that can be overridden to change the sequence of rules.

For now, the order value for each built-in rule is derived from its
place in the hardcoded list of rules.
 2023-10-10 21:11:34 -04:00
Majiir Paktu e86487e579 nixos/pam: remove empty text fields 2023-10-10 21:11:34 -04:00
Majiir Paktu 5b8439f966 nixos/pam: add settings option for common argument styles 
Adds easily overrideable settings for the most common PAM argument
styles. These are:

- Flag (e.g. "use_first_pass"): rendered for true boolean values. false
  values are ignored.

- Key-value (e.g. "action=validate"): rendered for non-null, non-boolean
  values.

Most PAM arguments can be configured this way. Others can still be
configured with the 'args' option.
 2023-10-10 21:11:34 -04:00
Ben Wolsieffer b6876d5c86
nixos/security/wrappers: don't force PIE hardening (#259509) 
PIE causes problems with static binaries on ARM (see 76552e9). It is
enabled by default on other platforms anyway when musl is used, so we
don't need to specify it manually.
 2023-10-10 10:13:29 +02:00
Majiir Paktu 6eea7fb194 nixos/pam: extract args field 
Module arguments have common escaping rules for all PAMs.
 2023-10-09 23:17:37 -04:00
Majiir Paktu 12a488e89c nixos/pam: extract modulePath field 2023-10-09 23:17:36 -04:00
Majiir Paktu 25bc21f19a nixos/pam: extract control field 2023-10-09 23:17:36 -04:00