BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nixpkgs-suyu/nixos/modules/services/security
History
SLNOS 2de3c4bd78 nixos/tor: add tor-init service to fix directory ownerships, fix hardenings 
This reverts a part of 5bd12c694b.

Apparently there's no way to specify user for RuntimeDirectory in systemd
service file (it's always root) but tor won't create control socket if the dir
is owned by anybody except the tor user.

These hardenings were adopted from the upstream service file, checked
against systemd.service(5) and systemd.exec(5) manuals, and tested to
actually work with all the options enabled.

`PrivateDevices` implies `DevicePolicy=closed` according to systemd.exec(5),
removed.

`--RunAsDaemon 0` is the default value according to tor(5), removed.
2018-06-11 15:52:24 +00:00
..
clamav.nix
fail2ban.nix
fprintd.nix
fprot.nix
haka.nix
haveged.nix
hologram-agent.nix
hologram-server.nix hologram-server module: add cache timeout option 2018-03-21 12:58:25 -04:00
munge.nix nixos/munge: run munge as user munge instead of root. (#41509) 2018-06-09 00:50:28 +02:00
oauth2_proxy.nix oauth2_proxy: use explicit upstream default for setXauthrequest 2018-04-27 16:45:38 +02:00
physlock.nix
shibboleth-sp.nix
sks.nix
sshguard.nix sshguard: service creates /var/lib/sshguard 2018-05-05 00:29:44 -05:00
tor.nix nixos/tor: add tor-init service to fix directory ownerships, fix hardenings 2018-06-11 15:52:24 +00:00
torify.nix nixos: Move uses of stdenv.shell to runtimeShell. 2018-03-01 14:38:53 -05:00
torsocks.nix nixos: Move uses of stdenv.shell to runtimeShell. 2018-03-01 14:38:53 -05:00
usbguard.nix nixos/usbguard: Do not check permissions on rules file (using undocumented -P flag) 2018-02-27 18:34:02 +00:00
vault.nix