mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-20 04:31:52 +00:00
Code Issues Wiki Activity
nixpkgs/nixos/modules/services/security
History
David Anderson 089da1c14d nixos/sshguard: create ipsets before starting, and clean up after stopping. 
The fix for #62874 introduced a race condition on startup: the postStart
commands that configure the firewall run concurrently with sshguard's
creation of the ipsets that the rules depend on. Unfortunately iptables
fails hard when referencing an ipset that doesn't exist, so this causes
non-deterministic crashlooping until sshguard wins the race.

This change fixes that race condition by always creating the ipset and
reconfiguring the firewall before starting sshguard, so that the order
of operations is always deterministic.

This change also cleans up the ipsets on sshguard shutdown, so that
removing sshguard from a running system doesn't leave state behind.

Fixes #65985.
2019-08-04 16:23:22 -07:00
..
bitwarden_rs nixos/bitwarden_rs: init 2019-04-23 23:46:57 +02:00
certmgr.nix certmgr service: add package option 2019-01-24 12:11:15 +01:00
cfssl.nix nixos/cfssl: don't create user/group unless service is enabled 2018-08-21 16:24:31 -04:00
clamav.nix nixos/clamav: fix freshclam service if db up to date 2018-10-02 00:26:38 +02:00
fail2ban.nix fail2ban service : improve ssh jail (#21131) 2016-12-14 14:58:02 +01:00
fprintd.nix nixos: add StateDirectory for fprintd 2019-05-26 18:06:46 +01:00
fprot.nix nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
haka.nix nixos/treewide: remove boolean examples for options 2017-03-17 23:36:19 +01:00
haveged.nix haveged module: clean up service configuration (#18513) 2016-09-13 07:07:46 +02:00
hologram-agent.nix nixos/hologram-agent: /var/run -> /run 2019-03-24 21:15:30 +01:00
hologram-server.nix hologram-server module: add cache timeout option 2018-03-21 12:58:25 -04:00
munge.nix nixos/munge: replace deprecated usage of PermissionsStartOnly 2019-04-13 07:00:56 -04:00
nginx-sso.nix nixos: add nginx-sso service 2019-01-29 19:54:14 +01:00
oauth2_proxy.nix treewide: Remove usage of isNull 2019-04-29 14:05:50 +02:00
oauth2_proxy_nginx.nix [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
physlock.nix physlock: add allowAnyUser option 2018-02-02 14:03:00 +01:00
shibboleth-sp.nix shibboleth: Add Myself as a Maintainer (#25817) 2017-05-16 10:11:55 +01:00
sks.nix nixos/sks: Fix another regression from ab5dcc7068 2019-04-28 14:45:21 +02:00
sshguard.nix nixos/sshguard: create ipsets before starting, and clean up after stopping. 2019-08-04 16:23:22 -07:00
tor.nix nixos/tor: fix obfs4 package 2019-07-19 04:11:17 +08:00
torify.nix nixos: Move uses of stdenv.shell to runtimeShell. 2018-03-01 14:38:53 -05:00
torsocks.nix nixos: Move uses of stdenv.shell to runtimeShell. 2018-03-01 14:38:53 -05:00
usbguard.nix nixos/usbguard: ensure the audit log file can be created 2018-08-30 21:54:22 +01:00
vault.nix nixos/vault: replace deprecated usage of PermissionsStartOnly 2019-04-13 07:01:01 -04:00