dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
506bc7ba02
nixpkgs/nixos/modules/services
History
Martin Weinelt 506bc7ba02
nixos/nginx: update hardening settings 
- Set an explicit umask that allows u+rwx and g+r.
- Adds `ProtectControlGroups` and `ProtectKernelLogs`, there should be
  no need to access either.
- Adds `ProtectClock` to prevent write-access to the system clock.
- `ProtectProc` hides processes from other users within the /proc
  filesystem and `ProcSubSet` hides all files/directories unrelated to
  the process management of the units process.
- Sets `RemoveIPC`, as there is no SysV or POSIX IPC within nginx that I
  know of.
- Restricts the creation of arbitrary namespaces
- Adds a reasonable `SystemCallFilter` preventing calls to @privileged,
  @obsolete and others.

And finally applies some sorting based on the order these options appear
in systemd.exec(5).
2021-04-30 18:49:43 +02:00
..
admin utillinux: rename to util-linux 2020-11-24 12:42:06 -05:00
amqp activemq: add type to configurationDir (#110450) 2021-01-22 11:11:05 +01:00
audio Merge pull request #117554 from Zopieux/snapcast-meta 2021-04-07 10:30:32 +02:00
backup nixos/users: require one of users.users.name.{isSystemUser,isNormalUser} 2021-04-14 20:40:00 +02:00
blockchain/ethereum nixos/geth: initial service 2021-02-23 19:28:51 +01:00
cluster Merge pull request #103228 from ThinkChaos/fix_k3s_start 2021-04-14 09:01:33 +01:00
computing nixos/slurm: expose to path config files 2021-03-10 23:12:47 +01:00
continuous-integration nixos/github-runner: init at v2.277.1 (#116775) 2021-04-10 10:17:10 +00:00
databases Merge pull request #118961 from Izorkin/update-redis-sandbox 2021-04-20 21:12:10 +01:00
desktops pipewire: Add update script 2021-04-27 16:50:22 +02:00
development Revert "nixos/hoogle: add type" 2021-02-01 17:39:08 +01:00
display-managers nixos/greetd: Add greetd module (#118294) 2021-04-06 19:35:32 +00:00
editors treewide: fix double quoted strings in meta.description 2021-01-24 19:56:59 +07:00
games Merge pull request #111951 from f4814/add-quake3-module 2021-04-16 20:20:18 -04:00
hardware nixos/pcscd: fix #121088 2021-04-29 10:10:18 +08:00
logging nixos/promtail: Set TimeoutStopSec=10 2021-04-28 21:02:11 +02:00
mail Merge pull request #107604 from pkern/exim 2021-04-25 11:15:17 +01:00
misc Merge pull request #119672 from chessai/init-duckling-service 2021-04-27 20:58:28 -04:00
monitoring Merge pull request #120492 from SuperSandro2000/prometheus-unbound-exporter 2021-04-29 10:54:22 +02:00
network-filesystems nixos/ipfs: remove separate ipfs-init systemd unit 2021-04-22 21:13:05 +02:00
networking Merge #120493: nixos/kresd: allow package to be configured 2021-04-29 10:41:12 +02:00
printing nixos/printing: simplify filterGutenprint function 2021-03-14 11:59:00 +01:00
scheduling nixos/marathon: remove module 2020-08-15 16:59:58 +02:00
search nixos/elasticsearch-curator: add type 2021-01-27 11:50:19 -08:00
security Merge pull request #120324 from pennae/restart-sshguard 2021-04-23 16:56:30 -04:00
system treewide: fix eval without aliases after 9378fdf87e 2021-04-08 13:33:09 +02:00
torrent nixos/deluge: add type 2021-01-28 14:30:23 -08:00
ttys nixos/getty: add services.getty.extraArgs 2021-02-26 13:17:04 +01:00
video epgstation: 1.7.4 -> 1.7.5 2020-10-21 00:05:48 +09:00
wayland cage: drop maintainership (#121174) 2021-04-29 18:07:13 +02:00
web-apps Merge pull request #117072 from em0lar/keycloak-module-dbuser 2021-04-29 20:15:19 +02:00
web-servers nixos/nginx: update hardening settings 2021-04-30 18:49:43 +02:00
x11 Merge pull request #119259 from romildo/upd.e16 2021-04-13 01:23:27 +02:00