Commit graph

10 commits

Author SHA1 Message Date
pennae
c47fcb70c6 nixos/mosquitto: rewrite the test
expand the test to check all four forms of passwords, tls certificates (both
server and client), and that acl files are formatted properly.
2021-10-22 16:06:55 -04:00
pennae
56d0b5cd6a nixos/mosquitto: rewrite the module
mosquitto needs a lot of attention concerning its config because it doesn't
parse it very well, often ignoring trailing parts of lines, duplicated config
keys, or just looking back way further in the file to associated config keys
with previously defined items than might be expected.

this replaces the mosquitto module completely. we now have a hierarchical config
that flattens out to the mosquitto format (hopefully) without introducing spooky
action at a distance.
2021-10-22 16:06:55 -04:00
Martin Weinelt
33e867620e
nixos/mosquitto: harden systemd unit
It can still network, it can only access the ssl related files if ssl is
enabled.

✗ PrivateNetwork=                                             Service has access to the host's network                                            0.5
✗ RestrictAddressFamilies=~AF_(INET|INET6)                    Service may allocate Internet sockets                                               0.3
✗ DeviceAllow=                                                Service has a device ACL with some special devices                                  0.1
✗ IPAddressDeny=                                              Service does not define an IP address allow list                                    0.2
✗ RootDirectory=/RootImage=                                   Service runs within the host's root directory                                       0.1
✗ RestrictAddressFamilies=~AF_UNIX                            Service may allocate local sockets                                                  0.1

→ Overall exposure level for mosquitto.service: 1.1 OK 🙂
2021-05-01 19:46:48 +02:00
Dominik Xaver Hörl
25bef2d8f9 treewide: simplify pkgs.stdenv.lib -> pkgs.lib
The library does not depend on stdenv, that `stdenv` exposes `lib` is
an artifact of the ancient origins of nixpkgs.
2021-01-10 20:12:06 +01:00
Jacek Galowicz
432f8a424b nixos/mosquitto: Refactor integration test code 2019-11-20 19:13:01 +01:00
Jacek Galowicz
855eb6f264 nixos/mosquitto: Port integration test to python 2019-11-20 19:08:18 +01:00
volth
08f68313a4 treewide: remove redundant rec 2019-08-28 11:07:32 +00:00
volth
35d68ef143 treewide: remove redundant quotes 2019-08-26 21:40:19 +00:00
Peter Hoeg
bab2a01ce8 nixos/mosquitto: make the tests run 2019-06-24 13:59:53 +08:00
Peter Hoeg
c5af9fd4dd nixos/mosquitto: add test 2019-04-24 17:02:20 +08:00