jolheiser/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2de3c4bd78
nixpkgs/nixos/modules/services/security
History
SLNOS 2de3c4bd78 nixos/tor: add tor-init service to fix directory ownerships, fix hardenings 
This reverts a part of 5bd12c694bfebaef1d03eb7f74a6eca01b86f546.

Apparently there's no way to specify user for RuntimeDirectory in systemd
service file (it's always root) but tor won't create control socket if the dir
is owned by anybody except the tor user.

These hardenings were adopted from the upstream service file, checked
against systemd.service(5) and systemd.exec(5) manuals, and tested to
actually work with all the options enabled.

`PrivateDevices` implies `DevicePolicy=closed` according to systemd.exec(5),
removed.

`--RunAsDaemon 0` is the default value according to tor(5), removed.
2018-06-11 15:52:24 +00:00
..
clamav.nix nixos/clamav: replace mkIf [] with optional 2018-01-06 16:52:14 +01:00
fail2ban.nix
fprintd.nix
fprot.nix
haka.nix nixos/treewide: remove boolean examples for options 2017-03-17 23:36:19 +01:00
haveged.nix
hologram-agent.nix nixos/modules: rename IP addresses/routes options 2018-02-17 14:57:07 +01:00
hologram-server.nix hologram-server module: add cache timeout option 2018-03-21 12:58:25 -04:00
munge.nix nixos/munge: run munge as user munge instead of root. (#41509) 2018-06-09 00:50:28 +02:00
oauth2_proxy.nix oauth2_proxy: use explicit upstream default for setXauthrequest 2018-04-27 16:45:38 +02:00
physlock.nix physlock: add allowAnyUser option 2018-02-02 14:03:00 +01:00
shibboleth-sp.nix shibboleth: Add Myself as a Maintainer (#25817) 2017-05-16 10:11:55 +01:00
sks.nix sks and pgpkeyserver-lite modules: init (#27515) 2017-08-22 12:27:00 +02:00
sshguard.nix sshguard: service creates /var/lib/sshguard 2018-05-05 00:29:44 -05:00
tor.nix nixos/tor: add tor-init service to fix directory ownerships, fix hardenings 2018-06-11 15:52:24 +00:00
torify.nix nixos: Move uses of stdenv.shell to runtimeShell. 2018-03-01 14:38:53 -05:00
torsocks.nix nixos: Move uses of stdenv.shell to runtimeShell. 2018-03-01 14:38:53 -05:00
usbguard.nix nixos/usbguard: Do not check permissions on rules file (using undocumented -P flag) 2018-02-27 18:34:02 +00:00
vault.nix vault: do not restart the service on "nixos-rebuild switch" 2017-07-03 19:46:02 +00:00