1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-11 23:24:35 +00:00
Commit graph

10 commits

Author SHA1 Message Date
pennae c47fcb70c6 nixos/mosquitto: rewrite the test
expand the test to check all four forms of passwords, tls certificates (both
server and client), and that acl files are formatted properly.
2021-10-22 16:06:55 -04:00
pennae 56d0b5cd6a nixos/mosquitto: rewrite the module
mosquitto needs a lot of attention concerning its config because it doesn't
parse it very well, often ignoring trailing parts of lines, duplicated config
keys, or just looking back way further in the file to associated config keys
with previously defined items than might be expected.

this replaces the mosquitto module completely. we now have a hierarchical config
that flattens out to the mosquitto format (hopefully) without introducing spooky
action at a distance.
2021-10-22 16:06:55 -04:00
Martin Weinelt 33e867620e
nixos/mosquitto: harden systemd unit
It can still network, it can only access the ssl related files if ssl is
enabled.

✗ PrivateNetwork=                                             Service has access to the host's network                                            0.5
✗ RestrictAddressFamilies=~AF_(INET|INET6)                    Service may allocate Internet sockets                                               0.3
✗ DeviceAllow=                                                Service has a device ACL with some special devices                                  0.1
✗ IPAddressDeny=                                              Service does not define an IP address allow list                                    0.2
✗ RootDirectory=/RootImage=                                   Service runs within the host's root directory                                       0.1
✗ RestrictAddressFamilies=~AF_UNIX                            Service may allocate local sockets                                                  0.1

→ Overall exposure level for mosquitto.service: 1.1 OK 🙂
2021-05-01 19:46:48 +02:00
Dominik Xaver Hörl 25bef2d8f9 treewide: simplify pkgs.stdenv.lib -> pkgs.lib
The library does not depend on stdenv, that `stdenv` exposes `lib` is
an artifact of the ancient origins of nixpkgs.
2021-01-10 20:12:06 +01:00
Jacek Galowicz 432f8a424b nixos/mosquitto: Refactor integration test code 2019-11-20 19:13:01 +01:00
Jacek Galowicz 855eb6f264 nixos/mosquitto: Port integration test to python 2019-11-20 19:08:18 +01:00
volth 08f68313a4 treewide: remove redundant rec 2019-08-28 11:07:32 +00:00
volth 35d68ef143 treewide: remove redundant quotes 2019-08-26 21:40:19 +00:00
Peter Hoeg bab2a01ce8 nixos/mosquitto: make the tests run 2019-06-24 13:59:53 +08:00
Peter Hoeg c5af9fd4dd nixos/mosquitto: add test 2019-04-24 17:02:20 +08:00