nixpkgs-suyu/nixos/modules/services/web-servers
Martin Weinelt 506bc7ba02
nixos/nginx: update hardening settings
- Set an explicit umask that allows u+rwx and g+r.
- Adds `ProtectControlGroups` and `ProtectKernelLogs`, there should be
  no need to access either.
- Adds `ProtectClock` to prevent write-access to the system clock.
- `ProtectProc` hides processes from other users within the /proc
  filesystem and `ProcSubSet` hides all files/directories unrelated to
  the process management of the units process.
- Sets `RemoveIPC`, as there is no SysV or POSIX IPC within nginx that I
  know of.
- Restricts the creation of arbitrary namespaces
- Adds a reasonable `SystemCallFilter` preventing calls to @privileged,
  @obsolete and others.

And finally applies some sorting based on the order these options appear
in systemd.exec(5).
2021-04-30 18:49:43 +02:00
..
apache-httpd nixos/httpd: Fix httpd module for php8 2021-03-02 09:22:32 +01:00
hitch
jboss nixos/module/jboss: Add types to options (#110451) 2021-01-22 11:11:40 +01:00
lighttpd treewide: fix double quoted strings in meta.description 2021-01-24 19:56:59 +07:00
nginx nixos/nginx: update hardening settings 2021-04-30 18:49:43 +02:00
phpfpm nixos/phpfpm: remove unnecessary sendmail configuration 2020-10-02 09:11:14 +02:00
unit nixos/unit: add stateDir and logDir types 2021-01-31 13:41:53 +01:00
varnish
caddy.nix Merge pull request #97618 from lf-/fix-bad-caddy-configs 2021-01-29 10:08:46 -05:00
darkhttpd.nix
fcgiwrap.nix
hydron.nix
mighttpd2.nix
minio.nix nixos/minio: allow multiple data directories for erasure coding 2021-04-10 14:44:45 +03:00
molly-brown.nix nixos/molly-brown: refactor module to use a TOML generator 2020-09-28 14:38:31 +02:00
pomerium.nix nixos/pomerium: fix useACMEHost 2021-04-07 01:26:44 +00:00
shellinabox.nix
tomcat.nix nixos/tomcat: add extraGroups type (#110486) 2021-01-22 16:22:06 +01:00
traefik.nix nixos/modules: fix systemd start rate-limits 2020-10-31 01:35:56 -07:00
ttyd.nix
uwsgi.nix nixos/uwsgi: set up the default runtime directory 2021-01-25 14:05:39 +01:00
zope2.nix