nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-11 16:23:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
ae5481883d
nixpkgs/nixos/modules/services/misc
History
Felix Singer 0f599d1e68 nixos/redmine: Apply initial hardening using the systemd unit 
These options are a good start for sandboxing the service. It's planned
to set `ProtectSystem` to `strict` instead of `full`, but that requires
specific directories to be configured as writable. It's also planned to
filter system calls. However, that requires more testing but it
shouldn't prevent us from applying these options for now and add others
later.

In my tests, Redmine only bound to an IPv4 address and Unix socket,
which is why I restricted the address families to these both.

The command `systemd-analyze security redmine.service` reports an
overall exposure level of 2.9 with this patch.

Signed-off-by: Felix Singer <felixsinger@posteo.net>
2024-10-05 22:13:37 +02:00
..
guix Merge pull request #274192 from foo-dogsquared/nixos-guix-add-guix-home-support 2024-01-03 01:28:11 +01:00
sourcehut Merge pull request #314917 from christoph-heiss/sourcehut-fix 2024-06-23 18:43:57 -04:00
taskserver nixos/services.taskserver: remove with lib; 2024-09-02 22:29:22 +02:00
airsonic.nix nixos/services.airsonic: remove with lib; 2024-08-30 23:00:12 +02:00
amazon-ssm-agent.nix amazon-ssm-agent: add the system's software to the path 2024-09-18 23:18:28 -04:00
ananicy.nix nixos/ananicy: fix typo (#332771) 2024-08-06 23:07:39 +05:30
anki-sync-server.md ankisyncd: remove 2024-09-11 13:53:06 +08:00
anki-sync-server.nix nixos/anki-sync-server: minor cleanup 2023-11-30 17:32:03 +01:00
apache-kafka.nix nixos/services.apache-kafka: remove with lib; 2024-08-30 23:00:13 +02:00
atuin.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
autofs.nix nixos/services.autofs: remove with lib; 2024-08-30 23:00:13 +02:00
autorandr.nix nixos/services.autorandr: remove with lib; 2024-08-28 22:38:13 +02:00
autosuspend.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
bazarr.nix nixos/services.bazarr: remove with lib; 2024-08-30 23:00:13 +02:00
bcg.nix nixos/services.bcg: remove with lib; 2024-08-30 23:00:13 +02:00
beanstalkd.nix nixos/services.beanstalkd: remove with lib; 2024-08-30 23:00:14 +02:00
bees.nix nixos/services.bees: Fix evaluation 2024-09-02 19:23:52 +08:00
bepasty.nix nixos/services.bepasty: remove with lib; 2024-08-30 23:00:14 +02:00
blenderfarm.nix treewide: remove periods from lib.mkEnableOption 2024-08-02 23:55:32 +08:00
calibre-server.nix nixos/services.calibre-server: remove with lib; 2024-08-30 23:00:14 +02:00
canto-daemon.nix nixos/services.canto-daemon: remove with lib; 2024-08-30 23:00:14 +02:00
cfdyndns.nix nixos/services.cfdyndns: remove with lib; 2024-08-30 23:00:15 +02:00
cgminer.nix nixos/services.cgminer: remove with lib; 2024-08-30 23:00:15 +02:00
clipcat.nix nixos/services.clipcat: remove with lib; 2024-08-30 23:00:15 +02:00
clipmenu.nix nixos/services.clipmenu: remove with lib; 2024-08-30 23:00:15 +02:00
confd.nix nixos/services.confd: remove with lib; 2024-08-30 23:00:16 +02:00
cpuminer-cryptonight.nix nixos/services.cpuminer-cryptonight: remove with lib; 2024-08-30 23:00:16 +02:00
db-rest.nix nixos/db-rest: init 2024-04-16 10:42:02 +02:00
devmon.nix nixos/services.devmon: remove with lib; 2024-08-30 23:00:16 +02:00
devpi-server.nix nixos/services.devpi-server: remove with lib; 2024-08-30 23:00:16 +02:00
dictd.nix nixos/services.dictd: remove with lib; 2024-08-30 23:00:16 +02:00
disnix.nix nixos/services.disnix: remove with lib; 2024-08-30 23:00:17 +02:00
docker-registry.nix nixos/services.docker-registry: remove with lib; 2024-08-30 23:00:17 +02:00
domoticz.nix nixos/services.domoticz: remove with lib; 2024-08-30 23:00:17 +02:00
duckling.nix nixos/services.duckling: remove with lib; 2024-08-30 23:00:17 +02:00
dwm-status.nix nixos/services.dwm-status: remove with lib; 2024-08-30 23:00:17 +02:00
dysnomia.nix nixos/services.dysnomia: remove with lib; 2024-08-30 23:00:41 +02:00
errbot.nix nixos/services.errbot: remove with lib; 2024-08-30 23:00:48 +02:00
etebase-server.nix nixos/services.etebase-server: remove with lib; 2024-08-30 23:00:48 +02:00
etesync-dav.nix nixos/services.etesync-dav: remove with lib; 2024-08-30 23:00:48 +02:00
evdevremapkeys.nix nixos/services.evdevremapkeys: remove with lib; 2024-08-30 23:00:48 +02:00
felix.nix nixos/services.felix: remove with lib; 2024-08-30 23:00:49 +02:00
flaresolverr.nix nixos/flaresolverr: initial commit 2024-07-19 20:55:21 +03:00
forgejo.md treewide: Fix all Nix ASTs in all markdown files 2024-03-28 09:28:12 +01:00
forgejo.nix nixos/forgejo: default to forgejo-lts 2024-07-31 03:59:11 +02:00
freeswitch.nix nixos/services.freeswitch: remove with lib; 2024-08-30 23:00:49 +02:00
fstrim.nix nixos: enable fstrim by default 2024-09-29 14:04:18 +02:00
gammu-smsd.nix nixos/services.gammu-smsd: remove with lib; 2024-08-28 22:40:21 +02:00
geoipupdate.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
gitea.nix gitea,nixos/gitea: add SuperSandro2000 as maintainer, remove inactive maintainers, unify maintainers 2024-05-27 22:48:14 +02:00
gitlab.md treewide: Fix all Nix ASTs in all markdown files 2024-03-28 09:28:12 +01:00
gitlab.nix nixos/gitlab: add services to systemd slice 2024-09-28 11:27:05 +02:00
gitolite.nix nixos/services.gitolite: remove with lib; 2024-09-15 10:43:49 +02:00
gitweb.nix nixos/services.gitweb: remove with lib; 2024-08-30 23:00:49 +02:00
gogs.nix nixos/services.gogs: remove with lib; 2024-09-15 10:43:49 +02:00
gollum.nix nixos/services.gollum: remove with lib; 2024-08-30 23:00:49 +02:00
gotenberg.nix nixos/gotenberg: Fix coredumps on service start 2024-09-26 21:37:41 -04:00
gpsd.nix nixos/services.gpsd: remove with lib; 2024-08-30 23:00:50 +02:00
graphical-desktop.nix nixos/graphical-desktop: enable Pipewire audio by default 2024-09-04 13:56:42 +03:00
greenclip.nix nixos/services.greenclip: remove with lib; 2024-08-30 23:00:50 +02:00
headphones.nix nixos/services.headphones: remove with lib; 2024-08-30 23:00:50 +02:00
heisenbridge.nix nixos/services.heisenbridge: remove with lib; 2024-08-30 23:00:50 +02:00
homepage-dashboard.nix nixos/homepage-dashboard: set an explicit cache dir 2024-08-28 10:09:03 +01:00
ihaskell.nix nixos/services.ihaskell: remove with lib; 2024-08-30 23:00:50 +02:00
input-remapper.nix nixos/services.input-remapper: remove with lib; 2024-08-30 23:00:51 +02:00
invidious-router.nix nixos/invidious-router: remove redundant "Enables" in description 2024-06-02 13:27:22 +02:00
irkerd.nix nixos/services.irkerd: remove with lib; 2024-08-30 23:00:51 +02:00
jackett.nix nixos/services.jackett: remove with lib; 2024-08-30 23:00:51 +02:00
jellyfin.nix maintainers: rename nu-nu-ko to fsnkty 2024-06-15 14:21:38 +12:00
jellyseerr.nix nixos/services.jellyseerr: remove with lib; 2024-08-30 23:00:51 +02:00
kafka.md nixos/apache-kafka: Add manual chapter 2023-11-22 06:47:09 +01:00
klipper.nix nixos/services.klipper: remove with lib; 2024-08-30 23:00:52 +02:00
languagetool.nix nixos/services.languagetool: remove with lib; 2024-08-30 23:00:52 +02:00
leaps.nix nixos/services.leaps: remove with lib; 2024-08-30 23:00:52 +02:00
lidarr.nix nixos/services.lidarr: remove with lib; 2024-08-30 23:00:52 +02:00
lifecycled.nix nixos/services.lifecycled: remove with lib; 2024-08-30 23:00:52 +02:00
llama-cpp.nix nixos/llama-cpp: fix rocm support 2024-05-13 17:01:33 +02:00
logkeys.nix nixos/services.logkeys: remove with lib; 2024-08-30 23:00:53 +02:00
mame.nix treewide: replace stdenv.is with stdenv.hostPlatform.is 2024-09-25 00:04:37 +03:00
mbpfan.nix nixos/services.mbpfan: remove with lib; 2024-08-30 23:00:53 +02:00
mediatomb.nix nixos/services.mediatomb: drop not supported transcoding profile for the current vlc version 2024-09-18 00:04:56 +02:00
metabase.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
mollysocket.nix nixos/mollysocket: init 2024-03-28 09:55:10 -07:00
moonraker.nix nixos/services.moonraker: remove with lib; 2024-08-30 23:00:53 +02:00
mqtt2influxdb.nix nixos/services.mqtt2influxdb: remove with lib; 2024-08-28 22:47:09 +02:00
n8n.nix nixos/services.n8n: remove with lib; 2024-08-30 23:00:53 +02:00
nitter.nix nixos/services.nitter: remove with lib; 2024-08-28 22:47:45 +02:00
nix-gc.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
nix-optimise.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
nix-ssh-serve.nix nixos/nix.sshServe: remove with lib; 2024-08-30 23:00:54 +02:00
novacomd.nix nixos/services.novacomd: remove with lib; 2024-08-30 23:00:54 +02:00
ntfy-sh.nix nixos/services.ntfy-sh: remove with lib; 2024-08-30 23:00:54 +02:00
nzbget.nix nixos/services.nzbget: remove with lib; 2024-08-30 23:00:54 +02:00
nzbhydra2.nix nixos/services.nzbhydra2: remove with lib; 2024-08-30 23:00:54 +02:00
octoprint.nix nixos/services.octoprint: remove with lib; 2024-08-30 23:00:55 +02:00
ollama.nix nixos/ollama: fix rocmOverrideGfx description 2024-08-27 08:13:37 -04:00
ombi.nix nixos/services.ombi: remove with lib; 2024-08-30 23:00:55 +02:00
open-webui.nix nixos/open-webui: fix opensearch 2024-09-30 17:28:11 +02:00
osrm.nix nixos/services.osrm: remove with lib; 2024-08-30 23:00:55 +02:00
owncast.nix nixos/services.owncast: remove with lib; 2024-08-30 23:00:55 +02:00
packagekit.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
paperless.nix nixos: improve systemd slice names 2024-10-02 20:24:13 +02:00
parsoid.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
persistent-evdev.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
pghero.nix nixos/pghero: init 2024-05-29 03:40:48 +03:00
pinnwand.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
plex.nix nixos/plex: add systemd hardening configuration 2024-05-12 14:22:04 -04:00
plikd.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
podgrab.nix Merge pull request #297805 from ambroisie/podgrab-user 2024-04-19 10:08:04 +01:00
polaris.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
portunus.nix nixos/services.portunus: remove with lib; 2024-09-02 22:27:08 +02:00
preload.nix nixos/preload: fix log permission 2023-12-02 19:19:33 +01:00
private-gpt.nix treewide: remove unused with statements from maintainer lists 2024-07-29 10:06:20 +08:00
prowlarr.nix nixos/prowlarr: set HOME for the service 2024-06-05 23:42:14 +03:00
pufferpanel.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
pykms.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
radarr.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
radicle.nix nixos/services.radicle: remove with lib; 2024-09-02 22:27:51 +02:00
readarr.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
redlib.nix libreddit: remove as unmaintained upstream 2024-07-17 23:03:14 +08:00
redmine.nix nixos/redmine: Apply initial hardening using the systemd unit 2024-10-05 22:13:37 +02:00
renovate.nix nixos/renovate: allow AF_UNIX access 2024-07-02 20:09:12 +02:00
ripple-data-api.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
rippled.nix nixos/services.rippled: remove with lib; 2024-09-02 22:28:20 +02:00
rkvm.nix treewide: remove unused with statements from maintainer lists 2024-07-29 10:06:20 +08:00
rmfakecloud.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
rshim.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
safeeyes.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
sdrplay.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
serviio.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
sickbeard.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
signald.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
siproxd.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
snapper.nix nixos/snapper: use more precise type definition 2024-09-27 07:40:06 +02:00
soft-serve.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
sonarr.nix nixos/sonarr: use lib.getExe and escape args 2024-06-19 04:44:07 +03:00
spice-autorandr.nix treewide: fix mkEnableOption usage 2024-06-14 02:41:42 -04:00
spice-vdagentd.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
spice-webdavd.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
sssd.nix nixos/sssd: fix KCM to use new krb5 settings 2024-07-14 16:43:56 +10:00
subsonic.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
sundtek.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
svnserve.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
synergy.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
sysprof.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
tabby.nix treewide: replace stdenv.is with stdenv.hostPlatform.is 2024-09-25 00:04:37 +03:00
tandoor-recipes.nix nixos/tandoor-recipes: revert 'GUNICORN_MEDIA=1' 2024-07-22 09:17:41 +00:00
taskchampion-sync-server.nix nixos/taskchampion-sync-server: init 2024-08-14 08:06:11 +03:00
tautulli.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
tiddlywiki.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
tp-auto-kbbl.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
transfer-sh.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
turn-rs.nix nixos/turn-rs: init 2024-09-19 07:33:51 +08:00
tuxclocker.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
tzupdate.nix nixos/tzupdate: use timedatectl to actually set the timezone 2024-09-17 09:32:44 +03:00
uhub.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
wastebin.nix nixos/wastebin: fix typo 2024-05-04 13:00:34 +08:00
weechat.md treewide: Mark Nix blocks in markdown as Nix 2024-03-28 09:28:12 +01:00
weechat.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
workout-tracker.nix nixos/workout-tracker: init 2024-03-28 20:08:28 +05:30
xmrig.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
zoneminder.nix nixos/zoneminder: set fcgiwrap socket owner 2024-07-31 11:03:06 +02:00
zookeeper.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00