JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
71d9048f72
nixpkgs/nixos/modules/services/security
History
Luflosi 3c63da7cf8
nixos/tor: allow tor to read resolv.conf when using resolved 
When `services.resolved.enable` is set to true, the file /etc/resolv.conf becomes a symlink to /etc/static/resolv.conf, which is a symlink to /run/systemd/resolve/stub-resolv.conf. Without this commit, tor does not have access to this file thanks to systemd confinement. This results in the following warning when tor starts:
```
[warn] Unable to stat resolver configuration in '/etc/resolv.conf': No such file or directory
[warn] Could not read your DNS config from '/etc/resolv.conf' - please investigate your DNS configuration. This is possibly a problem. Meanwhile, falling back to local DNS at 127.0.0.1.
```
To fix this, simply allow read-only access to the file when resolved is in use.
According to https://github.com/NixOS/nixpkgs/pull/161818#discussion_r824820462, the symlink may also point to /run/systemd/resolve/resolv.conf, so allow that as well.
2022-03-15 15:16:14 +01:00
..
vaultwarden nixos/vaultwarden: fix evaluation 2022-02-20 14:37:20 +02:00
aesmd.nix nixos/intel-sgx: add option for Intel SGX DCAP compatibility 2022-01-11 14:02:16 +01:00
certmgr.nix nixos/doc: clean up defaults and examples 2021-10-04 12:47:20 +02:00
cfssl.nix nixos/cfssl: minor updates/cleanup 2022-02-05 18:53:35 -05:00
clamav.nix clamav: remove freshclam service dependency 2022-02-28 22:51:07 +01:00
fail2ban.nix nixos/doc: clean up defaults and examples 2021-10-04 12:47:20 +02:00
fprintd.nix nixos/doc: clean up defaults and examples 2021-10-04 12:47:20 +02:00
haka.nix nixos/doc: clean up defaults and examples 2021-10-04 12:47:20 +02:00
haveged.nix haveged: 1.9.2 -> 1.9.15 2021-12-17 22:21:06 +02:00
hockeypuck.nix nixos/doc: clean up defaults and examples 2021-10-04 12:47:20 +02:00
hologram-agent.nix treewide: remove nand0p as maintainer 2021-05-17 01:50:49 +02:00
hologram-server.nix nixos/*: use $out instead of $bin with buildGoPackage 2020-04-28 20:30:29 +10:00
munge.nix
nginx-sso.nix nixos/doc: clean up defaults and examples 2021-10-04 12:47:20 +02:00
oauth2_proxy_nginx.nix nixos/*: add trivial defaultText for options with simple defaults 2021-12-02 22:35:04 +01:00
oauth2_proxy.nix nixos/doc: clean up defaults and examples 2021-10-04 12:47:20 +02:00
opensnitch.nix nixos/opensnitch: Add options to configure daemon 2022-03-02 18:38:56 -05:00
physlock.nix nixos/physlock: fix broken wrapper 2021-09-19 11:53:41 +02:00
privacyidea.nix nixos/privacyidea: increase buffer-size of uwsgi from 4096 to 8192 2021-12-21 00:51:45 +01:00
shibboleth-sp.nix nixos/doc: clean up defaults and examples 2021-10-04 12:47:20 +02:00
sks.nix nixos/doc: clean up defaults and examples 2021-10-04 12:47:20 +02:00
sshguard.nix nixos/sshguard: restart sshguard when services/backend changes 2021-04-23 16:16:37 +02:00
step-ca.nix Merge pull request #150886 from mohe2015/improve-step-ca 2022-02-22 14:40:25 +01:00
tor.nix nixos/tor: allow tor to read resolv.conf when using resolved 2022-03-15 15:16:14 +01:00
torify.nix
torsocks.nix nixos/*: add trivial defaultText for options with simple defaults 2021-12-02 22:35:04 +01:00
usbguard.nix nixos/doc: clean up defaults and examples 2021-10-04 12:47:20 +02:00
vault.nix treewide: add defaultText for options with simple cfg.* expression defaults 2021-12-09 01:14:16 +01:00
yubikey-agent.nix nixos/yubikey-agent add maintainer jwoudenberg 2021-10-29 23:13:50 +02:00