movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-14 14:10:33 +03:00
Code Activity
nixpkgs/nixos/modules/security
History
Yuriy Taraday 28ba9e2c27 nixos/acme: Set /var/lib/acme permissions to 755 
It was being created with the default home permissions of 700, and then
set to 755 at runtime by something either some script or systemd as
part of service startup.

It worked fine without sysusers, but when it's enabed with:

    systemd.sysusers.enable = true;

systemd-tmpfiles is resetting permissions on each activation, which
breaks, for example, nginx reload, because it cannot load certificates
anymore, because it doesn't have any access to `/var/lib/acme`.

Fix this by setting `homeMode = "755";` explicitely so that it's set to
the final value from the beginning.

(cherry picked from commit 64a6e8292a)
2024-11-27 13:52:09 +00:00
..
acme nixos/acme: Set /var/lib/acme permissions to 755 2024-11-27 13:52:09 +00:00
apparmor treewide: remove unused lib (and other) arguments 2024-07-26 11:18:09 +02:00
krb5 nixos/kerberos_server: use krb format generator, plus misc cleanup 2024-06-08 23:29:53 +02:00
wrappers Merge remote-tracking branch 'origin/master' into staging-next 2024-10-27 16:10:56 -06:00
apparmor.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
audit.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
auditd.nix auditd: add a dependency on systemd-tmpfiles-setup 2024-09-05 10:05:18 +02:00
ca.nix nixos/ca: fix description formatting 2024-10-28 15:03:11 +01:00
chromium-suid-sandbox.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
dhparams.nix security/dhparams: shellcheck fixes 2024-09-08 12:31:15 +02:00
doas.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
duosec.nix nixos/duosec: Split mkdir mode into chmod command for clarity 2024-04-22 01:40:55 +10:00
google_oslogin.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
ipa.nix nixos/ipa: Lower default sssd debug_level (#310662) 2024-06-22 11:31:18 -04:00
isolate.nix nixos: improve systemd slice names 2024-10-02 20:24:13 +02:00
lock-kernel-modules.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
misc.nix nixos/security: remove with lib; 2024-09-15 10:43:46 +02:00
oath.nix nixos/security.pam: remove with lib; 2024-09-15 10:43:46 +02:00
pam.nix nixos/pam: Strip config in documentation and messages 2024-10-10 16:07:36 +02:00
pam_mount.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
please.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
polkit.nix nixos/security.polkit: remove with lib; 2024-08-30 00:30:38 +02:00
rngd.nix
rtkit.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
soteria.nix nixos/soteria: init module 2024-11-15 08:58:37 +00:00
sudo-rs.nix nixos/security.sudo-rs: remove with lib; 2024-08-30 00:10:54 +02:00
sudo.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00
systemd-confinement.nix nixos/confinement: Use prio 100 for RootDirectory 2024-05-13 00:40:41 +02:00
tpm2.nix nixos: remove all uses of lib.mdDoc 2024-04-13 10:07:35 -07:00