nixpkgs/nixos/modules/security
aszlig 78b4b90d6c
Merge pull request #39526 (improve dhparams)
This introduces an option that allows us to turn off stateful generation
of Diffie-Hellman parameters, which in some way is still "stateful" as
the generated DH params file is non-deterministic.

However what we can avoid with this is to have an increased surface for
failures during system startup, because generation of the parameters is
done during build-time.

Aside from adding a NixOS VM test it also restructures the type of the
security.dhparams.params option, so that it's a submodule.

A new defaultBitSize option is also there to allow users to set a
system-wide default.

I added a release notes entry that described what has changed and also
included a few notes for module developers using this module, as the
first usage already popped up in NixOS/nixpkgs#39507.

Thanks to @Ekleog and @abbradar for reviewing.
2018-05-08 02:09:46 +02:00
..
wrappers wrapper.c: fixup includes to work w/musl 2018-03-25 18:06:02 -05:00
acme.nix nixos/acme: Fix broken post-stop script 2018-04-29 13:32:02 -04:00
acme.xml Added cross-references to NixOS manual 2018-04-12 09:39:14 +10:00
apparmor-suid.nix Getting rid of the var indirection and using a bin path instead 2017-01-29 04:11:01 -06:00
apparmor.nix apparmor: support for lxc profiles 2017-01-10 23:01:03 +01:00
audit.nix nixos: Move uses of stdenv.shell to runtimeShell. 2018-03-01 14:38:53 -05:00
auditd.nix nixos/auditd: break ordering cycle (#27577) 2017-08-01 20:45:01 +01:00
ca.nix cacerts: refactor, add blacklist option 2016-10-09 02:00:18 +02:00
chromium-suid-sandbox.nix nixos/chromium-suid-sandbox: remove reference to grsecurity 2017-09-02 20:35:28 +02:00
dhparams.nix nixos/dhparams: Add a defaultBitSize option 2018-05-07 04:58:52 +02:00
duosec.nix duosec: use root uid as sshd uid has been retired (#33597) 2018-03-21 18:46:35 -05:00
hidepid.nix hidepid: polkit and systemd-logind compatibility 2016-12-07 01:12:05 +01:00
hidepid.xml Added cross-references to NixOS manual 2018-04-12 09:39:14 +10:00
lock-kernel-modules.nix nixos/lock-kernel-modules: fix deferred fileSystem mounts 2017-09-22 23:55:04 +02:00
oath.nix
pam_mount.nix
pam_usb.nix security.pam.usb: link to wiki on github.com 2017-09-28 16:00:28 +02:00
pam.nix Merge pull request #31969 from Assassinkin/master 2018-04-21 14:36:47 -05:00
polkit.nix network-link-*.service: Set stopIfChanged = false 2017-04-04 15:13:49 +02:00
prey.nix
rngd.nix rngd: update modalias to match cpu type 2016-09-17 18:36:57 -07:00
rtkit.nix
sudo.nix nixos/security: fix description of sudo.wheelNeedsPassword 2018-03-16 21:50:46 +00:00