dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
1e3607d331
nixpkgs/nixos/modules/security
History
Lucas Savva 1e3607d331 nixos/acme: replace simp-le with lego client 
Lego allows users to use the DNS-01 challenge to validate their
certificates. It is mostly backwards compatible, with a few
caveats.

 - extraDomains can no longer have different webroots to the
   main webroot for the cert.
 - An email address is now mandatory for account creation

The following other changes were required:
 - Deprecate security.acme.certs.<name>.plugins, as this was
   specific to simp-le
 - Rename security.acme.validMin to validMinDays, to avoid
   confusion and errors. Lego requires the TTL to be specified in
   days
 - Add options to cover DNS challenge (dnsProvider,
   credentialsFile, dnsPropagationCheck)
 - A shared state directory is now used (/var/lib/acme/.lego)
   to avoid account creation rate limits and share credentials
   between certs
2020-01-12 21:28:53 +00:00
..
wrappers nixos/treewide: Move rename.nix imports to their respective modules 2019-12-10 02:51:19 +01:00
acme.nix nixos/acme: replace simp-le with lego client 2020-01-12 21:28:53 +00:00
acme.xml nixos/acme: replace simp-le with lego client 2020-01-12 21:28:53 +00:00
apparmor-suid.nix nixos/treewide: Move rename.nix imports to their respective modules 2019-12-10 02:51:19 +01:00
apparmor.nix nixos/apparmor: ensure that apparmor is selected at boot 2019-05-11 18:21:38 +02:00
audit.nix nixos: Move uses of stdenv.shell to runtimeShell. 2018-03-01 14:38:53 -05:00
auditd.nix auditd service: make more useful 2019-06-10 18:55:11 +03:00
ca.nix nixos: add preferLocalBuild=true; on derivations for config files 2019-02-22 20:11:27 +01:00
chromium-suid-sandbox.nix nixos/treewide: Move rename.nix imports to their respective modules 2019-12-10 02:51:19 +01:00
dhparams.nix dhparams module: add self as maintainer 2018-10-31 01:05:35 +09:00
duosec.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
google_oslogin.nix config.security.googleOsLogin: add module 2018-12-21 17:52:37 +01:00
hidepid.nix [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
hidepid.xml Revert "nixos/doc: re-format" 2019-09-19 19:17:30 +02:00
lock-kernel-modules.nix nixos/lock-kernel-modules: add myself to maintainers 2018-10-15 01:33:30 +02:00
misc.nix nixos/hardened: make pti=on overridable 2019-07-30 02:24:56 +02:00
oath.nix [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
pam_mount.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
pam_usb.nix [bot] treewide: remove unused 'inherit' in let blocks 2018-07-20 19:38:19 +00:00
pam.nix nixos/pam: cleanup services (#76885) 2020-01-09 10:09:13 +00:00
polkit.nix nixos/polkit: remove root from adminIdentities 2019-12-09 19:11:09 -05:00
prey.nix treewide: remove redundant quotes 2019-08-26 21:40:19 +00:00
rngd.nix rngd: harden service config, from arch 2019-05-07 22:53:09 -05:00
rtkit.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
sudo.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
systemd-confinement.nix nixos/confinement: Use PrivateMounts option 2019-03-27 20:34:32 +01:00