BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nixpkgs-suyu/nixos/modules/services/networking
History
Maximilian Bosch 00a5222499
nixos/sshd: validate ssh configs during build 
With `sshd -t` config validation for SSH is possible. Until now, the
config generated by Nix was applied without any validation (which is
especially a problem for advanced config like `Match` blocks).

When deploying broken ssh config with nixops to a remote machine it gets
even harder to fix the problem due to the broken ssh that makes reverts
with nixops impossible.

This change performs the validation in a Nix build environment by
creating a store path with the config and generating a mocked host key
which seems to be needed for the validation. With a broken config, the
deployment already fails during the build of the derivation.

The original attempt was done in #56345 by adding a submodule for Match
groups to make it harder screwing that up, however that made the module
far more complex and config should be described in an easier way as
described in NixOS/rfcs#42.
2019-05-24 20:16:53 +02:00
..
firefox nixos/syncserver: mild cleanup 2019-01-30 15:59:01 +01:00
hylafax nixos: add preferLocalBuild=true; on derivations for config files 2019-02-22 20:11:27 +01:00
ircd-hybrid
keepalived
nghttpx [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
ssh nixos/sshd: validate ssh configs during build 2019-05-24 20:16:53 +02:00
strongswan-swanctl strongswan-swanctl: fix module by setting the new SWANCTL_DIR envvar 2019-03-08 16:11:38 +01:00
znc nixos/znc: Fix confOptions.uriPrefix not being applied 2018-10-20 20:56:30 +02:00
amuled.nix
aria2.nix
asterisk.nix
atftpd.nix
autossh.nix
avahi-daemon.nix nixos/avahi: add support for extraConfig 2018-07-28 12:48:08 +03:00
babeld.nix
bind.nix
bird.nix bird: set reloadIfChanged to true (#45924) 2018-09-02 06:51:32 +02:00
bitlbee.nix nixos/bitlbee: use purple-2 as purple_plugin_path (#49440) 2018-10-30 15:37:41 +01:00
btsync.nix
charybdis.nix charybdis service: bin/charybdis-ircd -> bin/charybdis 2018-10-07 13:10:50 +02:00
chrony.nix nixos/chrony: fix misplaced ConditionCapability= directive 2018-12-02 20:32:47 -06:00
cjdns.nix [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
cntlm.nix
connman.nix
consul.nix treewide: systemd timeout arguments to use infinity instead of 0 (#50934) 2018-11-25 13:33:22 +01:00
coredns.nix nixos/coredns: init (#54931) 2019-03-01 11:10:44 +02:00
coturn.nix
dante.nix
ddclient.nix Revert "nixos/ddclient: make RuntimeDirectory and configFile private" 2018-12-29 16:53:43 +01:00
dhcpcd.nix nixos/dhcpcd: (try to) restart chrony in the exitHook 2018-11-30 18:50:33 -06:00
dhcpd.nix
dnscache.nix nixos: add preferLocalBuild=true; on derivations for config files 2019-02-22 20:11:27 +01:00
dnschain.nix
dnscrypt-proxy.nix
dnscrypt-proxy.xml docs: format 2018-09-29 20:51:11 -04:00
dnscrypt-wrapper.nix
dnsdist.nix
dnsmasq.nix
ejabberd.nix
epmd.nix
eternal-terminal.nix Address more review feedback. 2018-10-24 17:57:33 -07:00
fakeroute.nix
ferm.nix
fireqos.nix
firewall.nix nixos/firewall: canonicalize firewall ports lists 2019-03-09 20:02:04 +01:00
flannel.nix nixos/flannel: Add iptables package to service path 2019-03-12 15:30:33 +00:00
flashpolicyd.nix nixos/flashpolicyd: fix url and use https 2018-11-24 23:13:09 +01:00
freenet.nix
freeradius.nix
gale.nix
gateone.nix
gdomap.nix [bot]: remove unreferenced code 2018-07-20 18:48:37 +00:00
git-daemon.nix
gnunet.nix nixos/gnunet: fix typo in PrivateTmp parameter (#56343) 2019-02-25 15:53:36 +01:00
gogoclient.nix
gvpe.nix
hans.nix
haproxy.nix
heyefi.nix
hostapd.nix Fix hostapd's place in systemd dependency tree. (#45464) 2018-10-17 09:18:52 +02:00
htpdate.nix
i2p.nix
i2pd.nix nixos/i2pd: Update options to encompass recent additions to the daemon 2018-09-09 18:48:51 +02:00
iodine.nix
iperf3.nix nixos/iperf: Init the module 2018-09-06 12:38:30 +02:00
iwd.nix iwd: 0.7 -> 0.8 2018-09-23 15:26:55 +03:00
keybase.nix
kippo.nix
knot.nix nixos/knot: init 2019-03-14 01:28:53 +01:00
kresd.nix
lambdabot.nix
libreswan.nix
lldpd.nix
logmein-hamachi.nix
mailpile.nix
matterbridge.nix
minidlna.nix
miniupnpd.nix nixos: miniupnpd: use iptables scripts 2018-09-15 23:10:24 +02:00
miredo.nix
mjpg-streamer.nix
monero.nix
morty.nix [bot]: remove unreferenced code 2018-07-20 18:48:37 +00:00
mosquitto.nix mosquitto (nixos): notify systemd when started 2019-03-01 18:54:24 +08:00
mstpd.nix
murmur.nix nixos/murmur: mention mumble in description 2018-10-08 13:33:36 +02:00
mxisd.nix modules: add mxisd with test 2018-11-25 14:24:10 +01:00
namecoind.nix
nat.nix
ndppd.nix ndppd: don't use weird upstream systemd service unit 2019-02-03 14:39:28 +01:00
networkmanager.nix nixos/nm-setup-hostsdir: RemainAfterExist -> RemainAfterExit 2018-12-15 08:33:28 +01:00
nftables.nix
ngircd.nix
nix-serve.nix Merge pull request #56004 from eskimor/add-nix-serve-help 2019-02-21 09:43:50 +00:00
nixops-dns.nix
nntp-proxy.nix
nsd.nix nixos/nsd: Improve checking for empty dnssec zones 2019-01-04 01:59:28 +01:00
ntopng.nix
ntpd.nix nixos/ntp: use upstream default restrictions to avoid DDoS (#50762) 2018-11-28 10:15:25 +00:00
nullidentdmod.nix nixos/nullidentdmod: Init 2018-09-06 16:31:20 +02:00
nylon.nix types.optionSet: deprecate and remove last usages 2019-01-31 00:41:10 +02:00
ocserv.nix ocserv: init at 0.12.1 (#42871) 2018-08-01 21:39:09 +02:00
oidentd.nix oidentd: 2.2.2 -> 2.3.1 2018-11-07 14:51:45 +02:00
openfire.nix
openntpd.nix
openvpn.nix
ostinato.nix
owamp.nix
pdns-recursor.nix
pdnsd.nix
polipo.nix
powerdns.nix
pptpd.nix nixos: correct improper uses of mkEnableOption, clarify service descriptions 2018-10-05 13:14:45 +07:00
prayer.nix nixos: add preferLocalBuild=true; on derivations for config files 2019-02-22 20:11:27 +01:00
privoxy.nix
prosody.nix nixos/prosody: add ExecReload 2019-01-26 03:12:09 +01:00
quagga.nix
quassel.nix nixos/quassel: Add support for certificate file 2019-02-14 14:36:21 +01:00
racoon.nix
radicale.nix Revert "nixos: rename system.{stateVersion,defaultChannel} -> system.nixos.\1" 2018-07-28 00:12:55 +03:00
radvd.nix
rdnssd.nix
redsocks.nix redsocks module: add self as maintainer 2018-10-31 01:06:14 +09:00
resilio.nix
rpcbind.nix
rxe.nix
sabnzbd.nix
searx.nix
seeks.nix
shadowsocks.nix
shairport-sync.nix shairport-sync service: fix default arguments 2019-01-02 19:17:22 +01:00
shout.nix nixos: add preferLocalBuild=true; on derivations for config files 2019-02-22 20:11:27 +01:00
skydns.nix
smokeping.nix
sniproxy.nix
softether.nix
spiped.nix
squid.nix
sslh.nix
strongswan.nix
stubby.nix
stunnel.nix
supplicant.nix
supybot.nix
syncthing-relay.nix syncthing-relay module: init 2018-11-19 01:09:54 +01:00
syncthing.nix nixos/syncthing: setup user only on system service 2019-02-06 20:23:13 +01:00
tcpcrypt.nix
teamspeak3.nix teamspeak: ipv6 support 2019-02-08 10:28:20 +00:00
tftpd.nix
tinc.nix tinc: remove unnecessary networking.interfaces 2018-10-18 21:37:56 +01:00
tinydns.nix
tox-bootstrapd.nix
toxvpn.nix [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
tvheadend.nix [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
unbound.nix
unifi.nix nixos/unifi: Update TCP ports 2019-02-07 13:18:57 -08:00
vsftpd.nix reewide: Purge all uses stdenv.system and top-level system 2018-08-30 17:20:32 -04:00
wakeonlan.nix
websockify.nix
wicd.nix
wireguard.nix wireguard: don't modprobe if boot.isContainer is set 2018-11-20 01:17:04 +01:00
wpa_supplicant.nix nixos/wpa_supplicant: use <citerefentry> 2019-02-10 13:23:28 +01:00
xinetd.nix
xl2tpd.nix nixos: correct improper uses of mkEnableOption, clarify service descriptions 2018-10-05 13:14:45 +07:00
xrdp.nix nixos: add preferLocalBuild=true; on derivations for config files 2019-02-22 20:11:27 +01:00
zerobin.nix [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
zeronet.nix nixos/zeronet: Fix TOR permissions, add torAlways option 2018-09-08 12:12:11 -05:00
zerotierone.nix nixos/zerotier: binds to network-online.target to avoid the 1m30s timeout before kill on shutdown 2018-11-01 23:00:25 +00:00