pennae
90c53f5341
Merge pull request #270224 from SuperSandro2000/patch-2
...
nixos/acme: add syntax highlighting to code blocks
2023-12-11 09:03:32 +01:00
Sandro
5a64fb2799
nixos/acme: add syntax highlighting to code blocks
2023-12-10 19:59:22 +01:00
Weijia Wang
feeae486de
Merge pull request #261702 from h7x4/replace-mkoption-with-mkpackageoption
...
treewide: use `mkPackageOption`
2023-11-30 02:49:30 +01:00
h7x4
0a37316d6c
treewide: use mkPackageOption
...
This commit replaces a lot of usages of `mkOption` with the package
type, to be `mkPackageOption`, in order to reduce the amount of code.
2023-11-27 01:28:36 +01:00
nicoo
bcc2d1238a
nixos/sudo-rs: Move support for pam_ssh_agent_auth(8)
to PAM's NixOS module
...
Similar to delroth's suggestion in #262790 .
2023-11-25 14:11:25 +00:00
nicoo
f5d059b1f5
nixos/sudo-rs: Clarify security.sudo-rs.enable
's description
2023-11-25 14:11:24 +00:00
nicoo
46aaa5be70
nixos/sudo-rs: Refactor option definitions
2023-11-25 14:11:24 +00:00
nicoo
03db94319a
nixos/sudo-rs: refactor processing of cfg.extraRules
2023-11-25 14:11:24 +00:00
nicoo
9b0a63c2fe
nixos/sudo-rs: Fix bug putting the wrong version of sudo in environment.systemPackages
2023-11-25 14:11:24 +00:00
nicoo
165b600f01
nixos/sudo-rs: Drop checks for sudo implementation
2023-11-25 14:11:23 +00:00
nicoo
cd42b18a2c
nixos/sudo-rs: uniformize ssh-agent auth behaviour with security.sudo
2023-11-25 14:11:23 +00:00
nicoo
b05648b541
nixos/sudo-rs: Simplify activation
2023-11-25 14:11:23 +00:00
ners
ed31e0235e
treewide: replace broken udev paths with systemd
2023-11-21 15:09:38 +01:00
Léo Gaspard
b1c25de57b
nixos/acme: do not eat Let's Encrypt's request limits if misconfigured on first try ( #266155 )
2023-11-14 20:29:50 +01:00
nicoo
d5a8e667d2
nixos/sudo: Update assertion message
2023-11-14 12:25:55 +00:00
Maciej Krüger
9c61d268a7
Merge pull request #265727 from nbraud/nixos/sudo-rs/google_oslogin
2023-11-11 18:09:39 +01:00
Anthony Roussel
e30f48be94
treewide: fix redirected and broken URLs
...
Using the script in maintainers/scripts/update-redirected-urls.sh
2023-11-11 10:49:01 +01:00
Yureka
b0206f9bf9
nixos/sudo: enable by default
...
The default was accidentally changed to false in #262790
2023-11-10 03:30:39 +01:00
nicoo
b942382216
nixos/sudo: refactor processing of cfg.extraRules
2023-11-08 19:41:39 +00:00
nicoo
1852b67bc6
nixos/sudo: Make the default rules' options configurable
2023-11-08 19:41:39 +00:00
nicoo
93011e31bd
nixos/sudo: Handle root
's default rule through extraRules
...
This makes things more uniform; moreover, users can now inject rules before this.
2023-11-08 19:41:39 +00:00
nicoo
77ed368b20
nixos/sudo: Refactor option definitions
2023-11-08 19:41:38 +00:00
nicoo
19e1420e13
nixos/sudo: Move support for pam_ssh_agent_auth(8)
to PAM's NixOS module
2023-11-08 19:41:37 +00:00
nicoo
9259a8d279
nixos/google_oslogin: Handle sudo-rs too
2023-11-05 20:40:12 +00:00
nicoo
ad92951579
nixos/sudo: Don't include empty sections
...
This makes the generated sudoers a touch easier to read.
2023-11-05 17:23:41 +00:00
Maximilian Bosch
225d785e7d
Merge pull request #263475 from nbraud/nixos/sudo-bugfix
...
nixos/sudo: fix `security.sudo.package`
2023-11-03 11:26:03 +01:00
Linus Heckemann
8670794565
Merge pull request #263203 from nikstur/replace-activation
...
Replace simple activationScripts
2023-10-28 10:17:15 +02:00
nicoo
6e15779fda
nixos/sudo: fix security.sudo.package
2023-10-26 19:00:25 +00:00
K900
5438b83028
nixos/acme: fix assertion, add actual values to message ( #263543 )
2023-10-26 11:28:43 +02:00
nikstur
47ff8d20d7
nixos/duosec: replace activationScript
...
Replace with a separate systemd service.
2023-10-26 01:51:07 +02:00
Yureka
8b37735e0e
nixos/acme: add s3Bucket option ( #262806 )
2023-10-25 21:08:05 +02:00
nikstur
f827f7ad7b
nixos/wrappers: replace activationScript
...
Create the wrappers via a separate systemd service.
2023-10-24 23:51:37 +02:00
Lin Jian
23203f8e12
Merge pull request #262666 from SuperSandro2000/patch-1
...
nixos/acme: fix upstream documentation link
2023-10-22 17:13:26 +08:00
Sandro
4a97d6181c
nixos/acme: fix upstream documentation link
2023-10-22 05:47:45 +02:00
Martin Weinelt
d042a29613
Merge pull request #253764 from linj-fork/fix-ping-wrapper
...
nixos/network-interfaces: stop wrapping ping with cap_net_raw
2023-10-20 00:57:55 +02:00
Silvan Mosberger
e0b3b074fb
Merge pull request #255547 from Majiir/pam-modular-rules
...
nixos/pam: assemble rules from modular configuration
2023-10-16 19:41:00 +02:00
edef
89e45f23db
nixos/modules/security/wrappers: drop dead code
2023-10-11 08:49:32 +00:00
Majiir Paktu
9d6e6e18bc
nixos/pam: add maintainer
2023-10-10 21:11:35 -04:00
Majiir Paktu
e712b6e81d
nixos/pam: generate apparmor includes from rules
...
Removes redundant config from the module. Fixes a bug where some modules
(e.g. ussh) were added to apparmor even though they had no rules enabled.
2023-10-10 21:11:35 -04:00
Majiir Paktu
43f7cb4a95
nixos/pam: add order comment to each rule line
2023-10-10 21:11:35 -04:00
Majiir Paktu
077cdcc7e9
nixos/pam: convert rules to attrs, add order field
...
Makes it possible to override properties of a rule by name. Introduces
an 'order' field that can be overridden to change the sequence of rules.
For now, the order value for each built-in rule is derived from its
place in the hardcoded list of rules.
2023-10-10 21:11:34 -04:00
Majiir Paktu
e86487e579
nixos/pam: remove empty text fields
2023-10-10 21:11:34 -04:00
Majiir Paktu
5b8439f966
nixos/pam: add settings option for common argument styles
...
Adds easily overrideable settings for the most common PAM argument
styles. These are:
- Flag (e.g. "use_first_pass"): rendered for true boolean values. false
values are ignored.
- Key-value (e.g. "action=validate"): rendered for non-null, non-boolean
values.
Most PAM arguments can be configured this way. Others can still be
configured with the 'args' option.
2023-10-10 21:11:34 -04:00
Ben Wolsieffer
b6876d5c86
nixos/security/wrappers: don't force PIE hardening ( #259509 )
...
PIE causes problems with static binaries on ARM (see 76552e9
). It is
enabled by default on other platforms anyway when musl is used, so we
don't need to specify it manually.
2023-10-10 10:13:29 +02:00
Majiir Paktu
6eea7fb194
nixos/pam: extract args field
...
Module arguments have common escaping rules for all PAMs.
2023-10-09 23:17:37 -04:00
Majiir Paktu
12a488e89c
nixos/pam: extract modulePath field
2023-10-09 23:17:36 -04:00
Majiir Paktu
25bc21f19a
nixos/pam: extract control field
2023-10-09 23:17:36 -04:00
Majiir Paktu
0563e0a379
nixos/pam: give each rule a name
...
These names are internal identifiers. They will be used as keys so that
users can reconfigure rules by merging a rule config with the same name.
The name is arbitrary. The built-in rules are named after the PAM where
practical.
2023-10-09 23:17:36 -04:00
Majiir Paktu
fbd7427b14
nixos/pam: define rules as submodules
...
Allows us to decompose rules into multiple fields that we later format
as textual rules. Eventually allows users to override individual fields.
2023-10-09 23:17:36 -04:00
Majiir Paktu
3c85d159f7
nixos/pam: automatically populate rule type
...
Eliminates a redundancy between the 'rules' suboptions and the type
specified in each rule.
We eventually want to give each rule a name so that we can merge config
overrides. The PAM name is a natural choice for rule name, but a PAM is
often used in multiple rule types. Organizing rules by type and rule
name avoids name collisions.
2023-10-09 23:17:15 -04:00