nixpkgs

mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-16 02:33:25 +00:00

History

emilylange 08c37ba899 nixos/lldap: set service `UMask=0027` and `StateDirectoryMode=0750` While `/var/lib/lldap` isn't technically accessible by unprivileged users thanks to `DynamicUser=true`, a user might prefer and change it to `DynamicUser=false`. There is currently also a PR open that intends to make `DynamicUser` configurable via module option. As such, `jwt_secret_file`, if bootstrapped by the service start procedure, might be rendered world-readable due to its permissions (`0644/-rw-r--r--`) defaulting to the service's umask (`022`) and `/var/lib/lldap` to `0755/drwxr-xr-x` due to `StateDirectoryMode=0755`. This would usually be fixed by using `(umask 027; openssl ...)` instead of just `openssl ...`. However, it was found that another file (`users.db`), this time bootstrapped by `lldap` itself, also had insufficient permissions (`0644/-rw-r--r--`) inherited by the global umask and would be left world-readable as well. Due to this, we instead change the service's to `027`. And to lower the impact for already bootstrapped files on existing instances like `users.db`, set `StateDirectoryMode=0750`.		2024-03-11 17:34:29 +01:00
..
admin	pgadmin: 8.1 -> 8.2	2024-01-13 09:54:32 +01:00
amqp	nixos/rabbitmq: Rename cookie -> unsafeCookie	2024-02-04 21:41:29 +01:00
audio	Merge pull request #255707 from micahsoftdotexe/update-navidrome	2024-01-28 00:08:18 +01:00
backup	Merge pull request #292025 from RaHoni/baculaTls	2024-03-11 12:01:19 +01:00
blockchain/ethereum
cluster	kubelet: Set Kubelet Parameters Via A intermediate Configuration File	2024-02-23 08:55:02 +01:00
computing
continuous-integration	Merge pull request #287257 from 999eagle/fix/hydra-pg-application-name	2024-02-18 17:21:53 +02:00
databases	nixos/lldap: set service `UMask=0027` and `StateDirectoryMode=0750`	2024-03-11 17:34:29 +01:00
desktops	nixos/pipewire: add docs for `passthru.requiredLv2Packages`	2024-02-29 13:28:04 +01:00
development	nixos/nixseparatedebuginfod: fix compatibility with Nix 2.3	2024-02-29 23:10:31 +01:00
display-managers	nixos/greetd: only restart on success	2024-02-16 19:42:31 +03:00
editors	nixos/emacs: drop custom emacsclient desktop file	2024-01-20 08:21:08 +08:00
finance
games	Merge pull request #263765 from numinit/armagetronad-module	2024-03-01 00:46:34 +01:00
hardware	nixos/fwupd: fix silent failure for uefiCapsuleSettings to ever be added	2024-03-09 12:44:46 -05:00
home-automation	Merge pull request #292412 from bobrippling/fix/ebusd-logging	2024-03-02 11:46:35 +00:00
logging	nixos: fix a bunch of services missing dep on network-online.target	2024-01-19 00:11:34 -08:00
mail	listmonk: ensure correct application of data migration	2024-03-01 10:45:12 +01:00
matrix	nixos/matrix-sliding-sync: create runtime directory in /run/matrix-sliding-sync	2024-03-08 23:16:05 +01:00
misc	Merge pull request #292873 from ghthor/tabby	2024-03-07 21:51:06 +00:00
monitoring	nixos/scrutiny: default collector api endpoint port to point at web app port	2024-03-07 23:21:53 -05:00
network-filesystems	Merge pull request #280373 from h7x4/treewide-use-new-tmpfiles-api	2024-01-26 10:47:18 +01:00
networking	Merge pull request #294286 from SuperSandro2000/unbound-remote-config-check	2024-03-11 16:06:31 +01:00
printing	nixos/cupsd: allow cups package override	2023-12-28 08:58:01 -08:00
scheduling
search
security	nixos/esdm: simplify module	2024-03-11 14:28:26 +01:00
system	automatic-timezoned: 1.0.148 -> 2.0.0	2024-02-18 15:01:25 -08:00
torrent	nixos/transmission: fix log level bounds to match the transmission wiki	2024-02-18 23:45:10 +11:00
tracing
ttys
video	frigate: 0.12.1 -> 0.13.1	2024-02-06 22:54:22 +01:00
wayland
web-apps	Merge pull request #289009 from 999eagle/feat/miniflux-no-db	2024-03-04 09:47:14 -05:00
web-servers	Merge pull request #282160 from gaykitty/stargazer-debug-mode	2024-03-10 14:31:06 +01:00
x11	Merge pull request #294584 from MinerSebas/plasma-samba	2024-03-09 23:40:45 +00:00