nixpkgs/nixos/modules/security
rnhmjoj 904f68fb0f
nixos/security/wrappers: make well-typed
The security.wrappers option is morally a set of submodules but it's
actually (un)typed as a generic attribute set. This is bad for several
reasons:

1. Some of the "submodule" option are not document;
2. the default values are not documented and are chosen based on
   somewhat bizarre rules (issue #23217);
3. It's not possible to override an existing wrapper due to the
   dumb types.attrs.merge strategy;
4. It's easy to make mistakes that will go unnoticed, which is
   really bad given the sensitivity of this module (issue #47839).

This makes the option a proper set of submodule and add strict types and
descriptions to every sub-option. Considering it's not yet clear if the
way the default values are picked is intended, this reproduces the current
behavior, but it's now documented explicitly.
2021-09-12 21:43:03 +02:00
..
apparmor apparmor: Fix cups-client typo 2021-08-23 00:50:15 -07:00
wrappers nixos/security/wrappers: make well-typed 2021-09-12 21:43:03 +02:00
acme.nix nixos/acme: harden systemd units 2021-07-06 15:16:01 +02:00
acme.xml docs: acme: Fix typo 2021-06-06 14:27:13 +02:00
apparmor.nix nixos/security/apparmor: utillinux -> util-linux 2021-05-17 17:14:08 +02:00
audit.nix
auditd.nix
ca.nix nixos/security.pki: handle PEMs w/o a final newline 2021-05-16 17:23:11 -07:00
chromium-suid-sandbox.nix nixos/treewide: Move rename.nix imports to their respective modules 2019-12-10 02:51:19 +01:00
dhparams.nix
doas.nix nixos/doas: add noLog option 2020-11-14 19:16:56 -08:00
duosec.nix treewide: fix modules options types where the default is null 2020-04-28 19:13:59 +02:00
google_oslogin.nix nixos/google-oslogin: add to system.nssDatabases.group too 2020-05-11 16:14:50 +02:00
lock-kernel-modules.nix
misc.nix nixos/apparmor: improve code readability 2021-04-23 07:20:19 +02:00
oath.nix
pam_mount.nix nixos/pam_mount: add support for FUSE-filesystems (#126069) 2021-06-08 22:06:28 +02:00
pam_usb.nix
pam.nix Merge pull request #133014 from Mic92/fix-pam 2021-08-20 23:23:42 +01:00
polkit.nix nixos/polkit: put polkituser into polkitgroup 2021-07-18 08:58:30 +02:00
rngd.nix nixos/rngd: Remove module entirely, leave an explaination 2021-02-21 01:32:50 +01:00
rtkit.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
sudo.nix nixos/sudo: add option execWheelOnly 2021-05-08 23:48:00 +02:00
systemd-confinement.nix nixos/systemd-confinment: use /var/empty as chroot mountpoint 2021-07-01 08:01:18 +02:00
tpm2.nix nixos: remove StandardOutput=syslog, StandardError=syslog lines 2020-08-13 18:49:15 +02:00