nixpkgs/nixos/modules/security
Vincent Bernat 632c8e1d54
nixos/acme: don't use --reuse-key
Reusing the same private/public key on renewal has two issues:

 - some providers don't accept to sign the same public key
   again (Buypass Go SSL)

 - keeping the same private key forever partly defeats the purpose of
   renewing the certificate often

Therefore, let's remove this option. People wanting to keep the same
key can set extraLegoRenewFlags to `[ --reuse-key ]` to keep the
previous behavior. Alternatively, we could put this as an option whose
default value is true.
2021-06-01 00:43:45 +02:00
..
apparmor nixos/apparmor: improve code readability 2021-04-23 07:20:19 +02:00
wrappers Revert "Revert "apparmor: fix and improve the service"" 2021-04-23 07:17:55 +02:00
acme.nix nixos/acme: don't use --reuse-key 2021-06-01 00:43:45 +02:00
acme.xml nixos/acme: fix docs 2021-01-29 18:56:28 +01:00
apparmor.nix nixos/security/apparmor: utillinux -> util-linux 2021-05-17 17:14:08 +02:00
audit.nix
auditd.nix
ca.nix nixos/security.pki: handle PEMs w/o a final newline 2021-05-16 17:23:11 -07:00
chromium-suid-sandbox.nix
dhparams.nix
doas.nix nixos/doas: add noLog option 2020-11-14 19:16:56 -08:00
duosec.nix
google_oslogin.nix
lock-kernel-modules.nix
misc.nix nixos/apparmor: improve code readability 2021-04-23 07:20:19 +02:00
oath.nix
pam_mount.nix utillinux: rename to util-linux 2020-11-24 12:42:06 -05:00
pam_usb.nix
pam.nix Merge remote-tracking branch 'origin/master' into staging-next 2021-05-08 14:43:43 +02:00
polkit.nix
rngd.nix nixos/rngd: Remove module entirely, leave an explaination 2021-02-21 01:32:50 +01:00
rtkit.nix
sudo.nix nixos/sudo: add option execWheelOnly 2021-05-08 23:48:00 +02:00
systemd-confinement.nix confinement: fix assert for serviceConfig.ProtectSystem 2020-10-14 11:56:18 +02:00
tpm2.nix