nixpkgs/nixos/modules/services/networking
Félix Baylac-Jacqué 353a8b58e6
nixos/prosody: leverage systemd sandbox features to harden service
We are leveraging the systemd sandboxing features to prevent the
service accessing locations it shouldn't do. Most notably, we are here
preventing the prosody service from accessing /home and providing it
with a private /dev and /tmp.

Please consult man systemd.exec for further informations.
2020-04-30 20:40:00 +02:00
..
firefox nixos/syncserver: mild cleanup 2019-01-30 15:59:01 +01:00
hylafax Merge staging-next into staging 2019-08-28 08:26:42 +02:00
ircd-hybrid treewide: add bool type to enable options, or make use of mkEnableOption 2020-04-21 08:55:36 +02:00
keepalived nixos/keepalived: Implemented vrrp-instance tracking scripts and interfaces. 2018-05-08 11:25:53 +02:00
nghttpx treewide: Switch to system users 2019-10-12 22:25:28 +02:00
ntp treewide: add bool type to enable options, or make use of mkEnableOption 2020-04-21 08:55:36 +02:00
ssh treewide: add bool type to enable options, or make use of mkEnableOption 2020-04-21 08:55:36 +02:00
strongswan-swanctl Merge staging-next into staging 2019-08-31 10:04:20 +02:00
znc treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
3proxy.nix nixos/treewide: Fix incorrectly rendered examples 2020-04-02 07:49:25 +02:00
amuled.nix treewide: add bool type to enable options, or make use of mkEnableOption 2020-04-21 08:55:36 +02:00
aria2.nix nixos: remove dependencies on local-fs.target 2019-09-01 19:06:38 +02:00
asterisk.nix nixos/asterisk: /var/run -> /run 2019-03-24 21:13:19 +01:00
atftpd.nix
autossh.nix nixos/modules: Remove all usages of types.string 2019-08-31 18:19:00 +02:00
avahi-daemon.nix nixos/avahi: refactor module, add option extraServiceFiles 2019-06-04 00:22:48 +02:00
babeld.nix treewide: add bool type to enable options, or make use of mkEnableOption 2020-04-21 08:55:36 +02:00
bind.nix treewide: add bool type to enable options, or make use of mkEnableOption 2020-04-21 08:55:36 +02:00
bird.nix nixos/bird: Fix reload 2019-05-31 01:21:18 +02:00
bitcoind.nix nixos/bitcoind: remove PermissionsStartOnly 2019-11-18 21:48:02 +01:00
bitlbee.nix treewide: add bool type to enable options, or make use of mkEnableOption 2020-04-21 08:55:36 +02:00
charybdis.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
cjdns.nix nixos/cjdns: Fix connectTo example rendering 2020-03-07 02:01:41 +01:00
cntlm.nix treewide: add bool type to enable options, or make use of mkEnableOption 2020-04-21 08:55:36 +02:00
connman.nix nixos/connman: add TODOs regarding connman + network-manager 2020-03-28 12:28:29 +03:00
consul.nix Merge staging-next into staging 2019-08-28 08:26:42 +02:00
coredns.nix nixos/coredns: init (#54931) 2019-03-01 11:10:44 +02:00
corerad.nix nixos/corerad: init 2020-01-16 12:38:36 -08:00
coturn.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
dante.nix dante service: default for logoutput 2018-04-26 13:57:11 +03:00
ddclient.nix nixos/treewide: Move rename.nix imports to their respective modules 2019-12-10 02:51:19 +01:00
dhcpcd.nix Merge pull request #53033 from netixx/openvswitch-improved-systemd 2020-02-21 08:24:49 +00:00
dhcpd.nix nixos/treewide: Move rename.nix imports to their respective modules 2019-12-10 02:51:19 +01:00
dnscache.nix nixos/treewide: Fix incorrectly rendered examples 2020-04-02 07:49:25 +02:00
dnschain.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
dnscrypt-proxy2.nix nixos/dnscrypt-proxy2: init 2020-02-02 11:11:27 -05:00
dnscrypt-wrapper.nix nixos: add myself to maintainers 2019-12-04 17:09:53 +01:00
dnsdist.nix nixos/dnsdist: Add CAP_NET_BIND_SERVICE to AmbientCapabilities 2019-10-31 13:27:55 -02:30
dnsmasq.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
ejabberd.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
epmd.nix epmd: Introduce erlang port mapper daemon service 2018-07-19 17:32:29 +02:00
eternal-terminal.nix nixos/eternal-terminal: add firewall information 2019-11-18 16:12:12 +01:00
fakeroute.nix nixos: add myself to maintainers 2019-12-04 17:09:53 +01:00
ferm.nix nixos/treewide: remove boolean examples for options 2017-03-17 23:36:19 +01:00
fireqos.nix nixos/fireqos: add service 2017-09-09 00:29:46 +02:00
firewall.nix nixos/firewall: fix types in reverse path assertion 2020-03-18 10:54:55 +09:00
flannel.nix treewide: Remove usage of isNull 2019-04-29 14:05:50 +02:00
flashpolicyd.nix treewide: add bool type to enable options, or make use of mkEnableOption 2020-04-21 08:55:36 +02:00
freenet.nix nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
freeradius.nix nixos/freeradius: depend on network.target, not online 2020-03-10 15:54:29 +01:00
gale.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
gateone.nix nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
gdomap.nix [bot]: remove unreferenced code 2018-07-20 18:48:37 +00:00
git-daemon.nix nixos/git-daemon: only create git user if it will be used 2020-02-26 15:04:36 +01:00
gnunet.nix nixos/gnunet: Add types to the options 2020-01-05 00:07:50 +01:00
go-shadowsocks2.nix nixos/go-shadowsocks2: init 2019-10-06 11:18:20 +02:00
gogoclient.nix nixos/modules: Remove all usages of types.string 2019-08-31 18:19:00 +02:00
gvpe.nix treewide: add bool type to enable options, or make use of mkEnableOption 2020-04-21 08:55:36 +02:00
hans.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
haproxy.nix nixos/haproxy: Revive the haproxy user and group 2020-03-11 19:52:37 +01:00
helpers.nix nixos: fix ip46tables invocation in nat 2019-12-14 20:13:12 -08:00
heyefi.nix
hostapd.nix treewide: add bool type to enable options, or make use of mkEnableOption 2020-04-21 08:55:36 +02:00
htpdate.nix nixos/htpdate: /var/run -> /run 2019-03-24 21:15:26 +01:00
i2p.nix nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
i2pd.nix nixos/i2pd: address #63103 2020-02-19 13:15:28 +01:00
iodine.nix nixos/iodine: protect passwordFiles with toString 2020-02-13 21:30:14 +01:00
iperf3.nix nixos/iperf: add openFirewall setting 2019-07-04 16:58:56 +02:00
iwd.nix iwd: drop tmpfiles snippet, services use StateDirectory already 2020-02-12 19:29:28 -06:00
keybase.nix nixos/keybase, nixos/kbfs: update service configs; add redirector 2019-12-23 22:55:06 -08:00
kippo.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
knot.nix knot: add keyFiles option 2020-02-12 16:36:42 +00:00
kresd.nix nixos/kresd: never force extraFeatures = false 2020-02-26 15:10:53 +01:00
lambdabot.nix nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
libreswan.nix nixos/libreswan: add missing runtime dependencies 2017-10-22 15:36:26 +02:00
lldpd.nix nixos/lldpd: /var/run -> /run 2019-03-24 21:15:27 +01:00
logmein-hamachi.nix nixos: remove dependencies on local-fs.target 2019-09-01 19:06:38 +02:00
magic-wormhole-mailbox-server.nix nixos/magic-wormhole-mailbox-server: moving from mail to networking 2020-03-31 16:29:39 +02:00
mailpile.nix treewide: add bool type to enable options, or make use of mkEnableOption 2020-04-21 08:55:36 +02:00
matterbridge.nix nixos/matterbridge: fix package access 2020-01-21 13:17:18 +01:00
minidlna.nix minidlna: provide configuration option for announce interval 2020-01-19 14:06:27 +01:00
miniupnpd.nix nixos/miniupnpd: /var/run -> /run 2019-03-24 21:15:28 +01:00
miredo.nix cleanup redundant text in modules utilizing mkEnableOption 2019-04-20 14:44:02 +02:00
mjpg-streamer.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
monero.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
morty.nix treewide: Switch to system users 2019-10-12 22:25:28 +02:00
mosquitto.nix nixos/modules: Remove all usages of types.string 2019-08-31 18:19:00 +02:00
mstpd.nix
mtprotoproxy.nix treewide: remove redundant quotes 2019-08-26 21:40:19 +00:00
mullvad-vpn.nix nixos/mullvad-vpn: add service 2019-10-10 19:11:31 +02:00
murmur.nix nixos/treewide: Move rename.nix imports to their respective modules 2019-12-10 02:51:19 +01:00
mxisd.nix nixos/mxisd: fix empty user name 2020-01-08 23:18:26 +01:00
namecoind.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
nat.nix nixos/nat: fix multiple destination ports with loopback 2020-03-04 18:11:31 +09:00
ndppd.nix nixos/treewide: Fix incorrectly rendered examples 2020-04-02 07:49:25 +02:00
networkmanager.nix nixos: add freedesktop/gnome/myself maintainers 2020-04-01 20:53:09 -04:00
nftables.nix nixos/nftables: fix typo in ruleset example 2020-04-10 23:48:52 +01:00
ngircd.nix nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
nix-serve.nix nixos/modules: Remove all usages of types.string 2019-08-31 18:19:00 +02:00
nix-store-gcs-proxy.nix module/nix-store-gcs-proxy: init 2020-03-02 16:01:14 +01:00
nixops-dns.nix nixos/nixops-dns: init (#34511) 2018-02-20 10:14:55 +00:00
nntp-proxy.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
nsd.nix nsd: use types.lines where appropriate 2020-01-31 20:40:48 +01:00
ntopng.nix
nullidentdmod.nix cleanup redundant text in modules utilizing mkEnableOption 2019-04-20 14:44:02 +02:00
nylon.nix nixos/modules: Remove all usages of types.string 2019-08-31 18:19:00 +02:00
ocserv.nix nixos/ocserv: /var/run -> /run 2019-03-24 21:15:28 +01:00
ofono.nix nixos/ofono: allow adding 3rd party plug-ins 2019-08-23 19:50:53 +02:00
oidentd.nix oidentd: 2.2.2 -> 2.3.1 2018-11-07 14:51:45 +02:00
openfire.nix treewide: add bool type to enable options, or make use of mkEnableOption 2020-04-21 08:55:36 +02:00
openvpn.nix nixos/treewide: Move rename.nix imports to their respective modules 2019-12-10 02:51:19 +01:00
ostinato.nix nixos/modules: Remove all usages of types.string 2019-08-31 18:19:00 +02:00
owamp.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
pdns-recursor.nix nixos: add myself to maintainers 2019-12-04 17:09:53 +01:00
pdnsd.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
pixiecore.nix nixos/pixiecore: init (#83406) 2020-04-02 13:06:21 +01:00
polipo.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
powerdns.nix
pppd.nix nixos/pppd: fix build error 2020-02-14 12:51:50 +08:00
pptpd.nix nixos/modules: Remove all usages of types.string 2019-08-31 18:19:00 +02:00
prayer.nix treewide: add bool type to enable options, or make use of mkEnableOption 2020-04-21 08:55:36 +02:00
privoxy.nix nixos: add myself to maintainers 2019-12-04 17:09:53 +01:00
prosody.nix nixos/prosody: leverage systemd sandbox features to harden service 2020-04-30 20:40:00 +02:00
quagga.nix quagga module: Use a deep merge via imports instead of the shallow merge 2018-07-05 22:11:29 -04:00
quassel.nix treewide: add bool type to enable options, or make use of mkEnableOption 2020-04-21 08:55:36 +02:00
quicktun.nix treewide: remove redundant quotes 2019-08-26 21:40:19 +00:00
quorum.nix nixos/quorum: init 2020-03-27 19:31:01 +01:00
racoon.nix nixos/raccoon: /var/run -> /run 2019-03-24 21:15:28 +01:00
radicale.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
radvd.nix treewide: add bool type to enable options, or make use of mkEnableOption 2020-04-21 08:55:36 +02:00
rdnssd.nix treewide: add bool type to enable options, or make use of mkEnableOption 2020-04-21 08:55:36 +02:00
redsocks.nix redsocks module: add self as maintainer 2018-10-31 01:06:14 +09:00
resilio.nix resilio: fix a list being assigned to the option config.users.groups 2020-03-19 11:25:56 -05:00
rpcbind.nix nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
rxe.nix nixos/rxe: fix option description 2020-04-05 15:30:08 +02:00
sabnzbd.nix treewide: add bool type to enable options, or make use of mkEnableOption 2020-04-21 08:55:36 +02:00
searx.nix nixos: add myself to maintainers 2019-12-04 17:09:53 +01:00
seeks.nix nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
shadowsocks.nix shadowsocks service: support dual-stack server 2019-08-18 23:07:51 +03:00
shairport-sync.nix treewide: add bool type to enable options, or make use of mkEnableOption 2020-04-21 08:55:36 +02:00
shorewall6.nix shorewall: fix RestartTriggers 2020-03-05 00:01:44 +01:00
shorewall.nix shorewall: fix RestartTriggers 2020-03-05 00:01:44 +01:00
shout.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
skydns.nix
smartdns.nix nixos/smartdns: init first generation config 2020-03-15 08:53:20 +08:00
smokeping.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
sniproxy.nix nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
softether.nix Merge branch 'master' into staging 2019-09-02 23:25:24 +02:00
spacecookie.nix nixos/spacecookie: add service module and test 2019-12-17 14:17:03 +01:00
spiped.nix nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
squid.nix nixos/squid: replace deprecated usage of PermissionsStartOnly 2019-05-26 07:20:55 -04:00
sslh.nix nixos/sslh: don't run as nogroup 2020-02-28 15:32:36 +00:00
strongswan.nix nixos/treewide: Fix incorrectly rendered examples 2020-04-02 07:49:25 +02:00
stubby.nix nixos/stubby: set Type=notify on the systemd service 2020-03-16 10:10:45 +05:30
stunnel.nix nixos/stunnel: Add maintainers 2019-10-25 16:19:57 +02:00
supplicant.nix nixos/supplicant: Don't *stop* supplicant on machine resume. Fixes #51582 2020-03-20 11:08:34 -04:00
supybot.nix nixos/supybot: python3 switch, add plugin options 2020-03-09 23:32:54 +01:00
syncplay.nix syncplay module: init 2019-09-03 00:30:12 +02:00
syncthing-relay.nix syncthing-relay module: init 2018-11-19 01:09:54 +01:00
syncthing.nix nixos/treewide: Fix incorrectly rendered examples 2020-04-02 07:49:25 +02:00
tailscale.nix nixos/tailscale: set a CacheDir in the systemd unit. 2020-04-20 15:35:55 -07:00
tcpcrypt.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
teamspeak3.nix nixos/teamspeak3: replace deprecated usage of PermissionsStartOnly 2019-05-26 07:20:54 -04:00
tedicross.nix nixos/tedicross: add module 2019-04-23 22:52:23 +02:00
tftpd.nix
thelounge.nix treewide: Switch to system users 2019-10-12 22:25:28 +02:00
tinc.nix nixos/tinc: remove ordering dependency on network.target 2019-04-25 22:54:11 +02:00
tinydns.nix nixos/tinydns: order service after network.target 2019-11-08 17:26:34 +01:00
tox-bootstrapd.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
tox-node.nix nixos/tox-node: Add descriptions to module options. 2019-04-15 17:11:10 +01:00
toxvpn.nix nixos/toxvpn: Fix typo in option description 2019-09-09 19:31:48 +02:00
trickster.nix nixos/trickster: init 2019-11-01 10:57:29 +01:00
tvheadend.nix [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
unbound.nix nixos/unbound: add package option 2019-12-12 23:49:47 +00:00
unifi.nix nixos/unifi: use systemd tmpfiles instead of preStart 2020-01-24 10:06:29 -05:00
v2ray.nix v2ray: fixups and change to buildGoModule 2019-11-28 02:10:37 +08:00
vsftpd.nix nixos/vsftpd: fix missing default pam_service_name 2020-03-11 21:15:47 +01:00
wakeonlan.nix
websockify.nix treewide: remove redundant quotes 2019-08-26 21:40:19 +00:00
wg-quick.nix nixos/wg-quick: Fix after wireguard got upstreamed 2020-04-03 12:39:35 +02:00
wicd.nix
wireguard.nix nixos/wireguard: Fix typo in error message 2020-03-06 16:19:23 +01:00
wpa_supplicant.nix nixos/wpa_supplicant: fix #61391 2020-01-12 14:14:16 +01:00
xandikos.nix nixos/xandikos: init 2020-01-11 16:08:45 +01:00
xinetd.nix treewide: add bool type to enable options, or make use of mkEnableOption 2020-04-21 08:55:36 +02:00
xl2tpd.nix nixos/modules: Remove all usages of types.string 2019-08-31 18:19:00 +02:00
xrdp.nix nixos/xrdp: /var/run -> /run 2019-03-24 21:15:29 +01:00
yggdrasil.nix nixos/yggdrasil: fix for configFile option 2019-12-07 19:56:49 +01:00
zerobin.nix treewide: remove redundant quotes 2019-08-26 21:40:19 +00:00
zeronet.nix nixos/zeronet: improved config, dynamic user 2019-10-03 17:03:32 -05:00
zerotierone.nix nixos/zerotierone: switch from manually generating the .link file to use the module 2020-03-19 14:16:26 +01:00