colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
562,835 Commits 125 Branches 0 Tags 3.4 GiB
4f3e29f3a3
Commit Graph

928 Commits

Author SHA1 Message Date
nicoo
1e9e8a0db0 nixos/sudo-rs: Removed unused let-binding 
Leftover from bcc2d1238a
 2023-12-24 13:58:08 +00:00
pennae
90c53f5341
Merge pull request #270224 from SuperSandro2000/patch-2 
nixos/acme: add syntax highlighting to code blocks
 2023-12-11 09:03:32 +01:00
Sandro
5a64fb2799
nixos/acme: add syntax highlighting to code blocks 2023-12-10 19:59:22 +01:00
Weijia Wang
feeae486de
Merge pull request #261702 from h7x4/replace-mkoption-with-mkpackageoption 
treewide: use `mkPackageOption`
 2023-11-30 02:49:30 +01:00
h7x4
0a37316d6c
treewide: use mkPackageOption 
This commit replaces a lot of usages of `mkOption` with the package
type, to be `mkPackageOption`, in order to reduce the amount of code.
 2023-11-27 01:28:36 +01:00
nicoo
bcc2d1238a nixos/sudo-rs: Move support for pam_ssh_agent_auth(8) to PAM's NixOS module 
Similar to delroth's suggestion in #262790.
 2023-11-25 14:11:25 +00:00
nicoo
f5d059b1f5 nixos/sudo-rs: Clarify security.sudo-rs.enable's description 2023-11-25 14:11:24 +00:00
nicoo
46aaa5be70 nixos/sudo-rs: Refactor option definitions 2023-11-25 14:11:24 +00:00
nicoo
03db94319a nixos/sudo-rs: refactor processing of cfg.extraRules 2023-11-25 14:11:24 +00:00
nicoo
9b0a63c2fe nixos/sudo-rs: Fix bug putting the wrong version of sudo in environment.systemPackages 2023-11-25 14:11:24 +00:00
nicoo
165b600f01 nixos/sudo-rs: Drop checks for sudo implementation 2023-11-25 14:11:23 +00:00
nicoo
cd42b18a2c nixos/sudo-rs: uniformize ssh-agent auth behaviour with security.sudo 2023-11-25 14:11:23 +00:00
nicoo
b05648b541 nixos/sudo-rs: Simplify activation 2023-11-25 14:11:23 +00:00
ners
ed31e0235e treewide: replace broken udev paths with systemd 2023-11-21 15:09:38 +01:00
Léo Gaspard
b1c25de57b
nixos/acme: do not eat Let's Encrypt's request limits if misconfigured on first try (#266155) 2023-11-14 20:29:50 +01:00
nicoo
d5a8e667d2 nixos/sudo: Update assertion message 2023-11-14 12:25:55 +00:00
Maciej Krüger
9c61d268a7
Merge pull request #265727 from nbraud/nixos/sudo-rs/google_oslogin 2023-11-11 18:09:39 +01:00
Anthony Roussel
e30f48be94
treewide: fix redirected and broken URLs 
Using the script in maintainers/scripts/update-redirected-urls.sh
 2023-11-11 10:49:01 +01:00
Yureka
b0206f9bf9 nixos/sudo: enable by default 
The default was accidentally changed to false in #262790
 2023-11-10 03:30:39 +01:00
nicoo
b942382216 nixos/sudo: refactor processing of cfg.extraRules 2023-11-08 19:41:39 +00:00
nicoo
1852b67bc6 nixos/sudo: Make the default rules' options configurable 2023-11-08 19:41:39 +00:00
nicoo
93011e31bd nixos/sudo: Handle root's default rule through extraRules 
This makes things more uniform; moreover, users can now inject rules before this.
 2023-11-08 19:41:39 +00:00
nicoo
77ed368b20 nixos/sudo: Refactor option definitions 2023-11-08 19:41:38 +00:00
nicoo
19e1420e13 nixos/sudo: Move support for pam_ssh_agent_auth(8) to PAM's NixOS module 2023-11-08 19:41:37 +00:00
nicoo
9259a8d279 nixos/google_oslogin: Handle sudo-rs too 2023-11-05 20:40:12 +00:00
nicoo
ad92951579 nixos/sudo: Don't include empty sections 
This makes the generated sudoers a touch easier to read.
 2023-11-05 17:23:41 +00:00
Maximilian Bosch
225d785e7d
Merge pull request #263475 from nbraud/nixos/sudo-bugfix 
nixos/sudo: fix `security.sudo.package`
 2023-11-03 11:26:03 +01:00
Linus Heckemann
8670794565
Merge pull request #263203 from nikstur/replace-activation 
Replace simple activationScripts
 2023-10-28 10:17:15 +02:00
nicoo
6e15779fda nixos/sudo: fix security.sudo.package 2023-10-26 19:00:25 +00:00
K900
5438b83028
nixos/acme: fix assertion, add actual values to message (#263543) 2023-10-26 11:28:43 +02:00
nikstur
47ff8d20d7 nixos/duosec: replace activationScript 
Replace with a separate systemd service.
 2023-10-26 01:51:07 +02:00
Yureka
8b37735e0e
nixos/acme: add s3Bucket option (#262806) 2023-10-25 21:08:05 +02:00
nikstur
f827f7ad7b nixos/wrappers: replace activationScript 
Create the wrappers via a separate systemd service.
 2023-10-24 23:51:37 +02:00
Lin Jian
23203f8e12
Merge pull request #262666 from SuperSandro2000/patch-1 
nixos/acme: fix upstream documentation link
 2023-10-22 17:13:26 +08:00
Sandro
4a97d6181c
nixos/acme: fix upstream documentation link 2023-10-22 05:47:45 +02:00
Martin Weinelt
d042a29613
Merge pull request #253764 from linj-fork/fix-ping-wrapper 
nixos/network-interfaces: stop wrapping ping with cap_net_raw
 2023-10-20 00:57:55 +02:00
Silvan Mosberger
e0b3b074fb
Merge pull request #255547 from Majiir/pam-modular-rules 
nixos/pam: assemble rules from modular configuration
 2023-10-16 19:41:00 +02:00
edef
89e45f23db nixos/modules/security/wrappers: drop dead code 2023-10-11 08:49:32 +00:00
Majiir Paktu
9d6e6e18bc nixos/pam: add maintainer 2023-10-10 21:11:35 -04:00
Majiir Paktu
e712b6e81d nixos/pam: generate apparmor includes from rules 
Removes redundant config from the module. Fixes a bug where some modules
(e.g. ussh) were added to apparmor even though they had no rules enabled.
 2023-10-10 21:11:35 -04:00
Majiir Paktu
43f7cb4a95 nixos/pam: add order comment to each rule line 2023-10-10 21:11:35 -04:00
Majiir Paktu
077cdcc7e9 nixos/pam: convert rules to attrs, add order field 
Makes it possible to override properties of a rule by name. Introduces
an 'order' field that can be overridden to change the sequence of rules.

For now, the order value for each built-in rule is derived from its
place in the hardcoded list of rules.
 2023-10-10 21:11:34 -04:00
Majiir Paktu
e86487e579 nixos/pam: remove empty text fields 2023-10-10 21:11:34 -04:00
Majiir Paktu
5b8439f966 nixos/pam: add settings option for common argument styles 
Adds easily overrideable settings for the most common PAM argument
styles. These are:

- Flag (e.g. "use_first_pass"): rendered for true boolean values. false
  values are ignored.

- Key-value (e.g. "action=validate"): rendered for non-null, non-boolean
  values.

Most PAM arguments can be configured this way. Others can still be
configured with the 'args' option.
 2023-10-10 21:11:34 -04:00
Ben Wolsieffer
b6876d5c86
nixos/security/wrappers: don't force PIE hardening (#259509) 
PIE causes problems with static binaries on ARM (see 76552e9). It is
enabled by default on other platforms anyway when musl is used, so we
don't need to specify it manually.
 2023-10-10 10:13:29 +02:00
Majiir Paktu
6eea7fb194 nixos/pam: extract args field 
Module arguments have common escaping rules for all PAMs.
 2023-10-09 23:17:37 -04:00
Majiir Paktu
12a488e89c nixos/pam: extract modulePath field 2023-10-09 23:17:36 -04:00
Majiir Paktu
25bc21f19a nixos/pam: extract control field 2023-10-09 23:17:36 -04:00
Majiir Paktu
0563e0a379 nixos/pam: give each rule a name 
These names are internal identifiers. They will be used as keys so that
users can reconfigure rules by merging a rule config with the same name.
The name is arbitrary. The built-in rules are named after the PAM where
practical.
 2023-10-09 23:17:36 -04:00
Majiir Paktu
fbd7427b14 nixos/pam: define rules as submodules 
Allows us to decompose rules into multiple fields that we later format
as textual rules. Eventually allows users to override individual fields.
 2023-10-09 23:17:36 -04:00