movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-12 04:35:41 +03:00
Code Issues Projects Releases Packages Wiki Activity
nixpkgs/nixos/modules/security
History
Lucas Savva 84af416af6 nixos/acme: Refactor setup process 
Over time, we added a lot of setup services to the ACME module, namely:

- acme-selfsigned-ca.service: Creates the selfsigned CA certificates
 used to generate selfsigned certs for each configured cert.
- acme-fixperms.service: Ensures permissions correctness on certs after
 system configuration changes.
- acme-lockfiles.service: Create lockfiles used to implement
 maxConcurrentRenewals.

These numerous setup services complicated the dependency chain for any
cert renewal, and also made it difficult to track responsibility for
specific setup steps, for example, creating /var/lib/acme or setting
permissions of shared folders.

This change proposes a new acme-setup.service which encapsulates the
functionality of the previous 3 services into one. The service is still
defined in 3 separate chunks (using lib.mkMerge) which allows us to
keep a logical separation between each step and preserve some
optionality in the features.

The result is a generally simplified definition of systemd unit
dependencies and an obvious entrypoint for future setup extensions.
2025-02-22 21:14:56 +00:00
..
acme nixos/acme: Refactor setup process 2025-02-22 21:14:56 +00:00
apparmor treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
krb5 treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
wrappers nixos/wrappers: add per-wrapper enable option (#376196) 2025-02-12 20:02:52 +08:00
apparmor.nix nixos/apparmor: profile activation tristate and profile path support 2024-12-16 15:32:42 +01:00
audit.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
auditd.nix auditd: add a dependency on systemd-tmpfiles-setup 2024-09-05 10:05:18 +02:00
ca.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
chromium-suid-sandbox.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
dhparams.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
doas.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
duosec.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
google_oslogin.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
ipa.nix nixos/ipa: Lower default sssd debug_level (#310662) 2024-06-22 11:31:18 -04:00
isolate.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
lock-kernel-modules.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
misc.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
oath.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
pam.nix nixos/*: tag manpage references 2025-01-27 02:47:01 +01:00
pam_mount.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
please.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
polkit.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
rngd.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
rtkit.nix nixos/rtkit: Add option for rtkit-daemon command-line args (#299696) 2024-12-11 23:00:50 +01:00
soteria.nix nixos/soteria: init module 2024-11-14 23:23:20 +05:30
sudo-rs.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
sudo.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
systemd-confinement.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
tpm2.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00