Evgeny Egorochkin
a9e4eca8bf
Apparmor: check that we are running an AppArmor-enabled kernel.
2013-05-10 16:07:56 +03:00
Evgeny Egorochkin
44eb1bac65
Apparmor: add a warning
2013-05-10 14:57:48 +03:00
Eelco Dolstra
fef5a18587
Enable sudoedit
2013-04-03 13:27:41 +02:00
Lluís Batlle i Rossell
86c1e10a43
Setting pam otpw *after* pam_unix, for dovecot failed auth messages.
...
I think it's nice that it first asks the usual password, and then offers the
otpw one if enabled. That enables dovecot to show the last pam prompt.
I also add the dovecot option for that.
2013-03-30 22:25:19 +01:00
Lluís Batlle i Rossell
c53bd1b279
pam: adding otpw optional, default false
2013-03-30 21:06:23 +01:00
Eelco Dolstra
ae4e94d9ac
Rename ‘boot.systemd’ to ‘systemd’
...
Suggested by Mathijs Kwik. ‘boot.systemd’ is a misnomer because
systemd affects more than just booting. And it saves some typing.
2013-01-16 12:33:18 +01:00
Eelco Dolstra
61f1df279f
Remove bogus comment
2013-01-15 17:34:24 +01:00
Eelco Dolstra
0b399d8e49
Revert "Remove obsolete environment variables"
...
This reverts commit ac8080b83c
.
2013-01-15 17:34:01 +01:00
Eelco Dolstra
ac8080b83c
Remove obsolete environment variables
2013-01-15 16:53:40 +01:00
Eelco Dolstra
251f8546c9
pam_ssh_agent_auth: Use /etc/ssh/authorized_keys.d
2012-12-17 21:14:09 +01:00
Eelco Dolstra
b1da38f564
Merge remote-tracking branch 'origin/master' into systemd
2012-11-30 16:12:04 +01:00
Shea Levy
a5ef0ffe12
rngd: Require /dev/random, only start when a hardware randomness source becomes available
2012-11-26 08:45:23 -05:00
Eelco Dolstra
f3c9c83e04
Make it easier to append to the default sudo configuration
2012-11-23 15:14:16 +01:00
Shea Levy
e76eb7f1a7
Disable rngd by default while I work on some patches to make it more systemd-friendly
2012-11-22 10:14:41 -05:00
Eelco Dolstra
77891f8d59
Typo
2012-11-22 10:41:54 +01:00
Shea Levy
cd513482d4
Add rngd service.
...
Inspired by http://pkgs.fedoraproject.org/cgit/rng-tools.git/tree/rngd.service?id=27b1912b2d9659b6934fd4c887e46c13958e7e3c
2012-11-22 02:07:25 -05:00
Rickard Nilsson
6099451662
Add support for nslcd (nss-pam-ldapd) as users.ldap.daemon option
2012-11-20 16:39:45 +01:00
aszlig
1c28b86749
pam: Douchebag commit, fix alphabetical order.
...
Yes, I'm going to get back to school and learn the alphabet. I promise!
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-11-05 09:41:24 +01:00
aszlig
6e6ee3278c
pam: Add default configuration for GNU screen.
...
This is needed in order to properly lock your screen using the C-a C-x
(lockscreen) command _and_ being back to re-login, because the "other" PAM
service/fallback is to deny authentication.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-11-05 09:40:15 +01:00
Eelco Dolstra
224c825a36
Add option ‘users.motd’ for setting a message of the day shown on login
...
Note that this uses pam_motd.
2012-10-23 09:10:48 -04:00
Eelco Dolstra
08f14b33c1
Merge branch 'master' of github.com:NixOS/nixos into systemd
2012-08-20 11:27:38 -04:00
Eelco Dolstra
6547ecb72f
Remove policykit.nix (old PolicyKit module)
...
Only the HAL module needed it.
2012-08-17 14:47:37 -04:00
Eelco Dolstra
490ce3a230
PAM: Rename ownDevices to startSession
...
Logind sessions are more generally useful than for device ownership.
For instances, ssh logins can be put in their own session (and thus
their own cgroup).
2012-08-17 13:48:22 -04:00
Peter Simons
a025e848e0
modules/security/sudo.nix: added 'wheelNeedsPassword' option (default: true)
...
Change this setting to 'false' to allow users in the 'wheel' group to execute
commands as super user without entering a password.
2012-08-13 14:37:32 +02:00
Eelco Dolstra
d4fec178fd
Merge remote-tracking branch 'origin/master' into systemd
2012-08-02 13:44:16 -04:00
Florian Friesdorf
14a8532ee0
add NIX_CONF_DIR to sudo env_keep variables (suggested by Eelco Dolstra)
...
this enables nix-collect-garbage under sudo to respect nix.conf, e.g.:
gc-keep-outputs = true
gc-keep-derivations = true
2012-07-27 12:25:11 +02:00
Your Name
4549bad2f4
AppArmor: packaged
2012-07-22 16:31:49 +03:00
Mathijs Kwik
26bf696350
Revert "allow out-of-tree nixos modules"
...
This reverts commit b609ff4fcf
.
It turns out this can just be done using "require".
2012-07-21 18:30:58 +02:00
Mathijs Kwik
b609ff4fcf
allow out-of-tree nixos modules
...
The environment variable "NIXOS_EXTRA_MODULES" is now checked to
contain a path to a file similar to modules/module-list.nix.
This gives the ability to include nixos modules that are not in the
nixos source tree.
This can be useful for modules that are still experimental, or which
aren't useful for other nixos users. Of course, this was already
possible to do this using a forked nixos tree, but with this
functionality, you can just rely on the nixos channel, easing things a
lot.
2012-07-21 17:35:50 +02:00
Peter Simons
4553a27a92
modules/security/pam.nix: add xscreensaver to the list of services
2012-07-17 13:01:09 +02:00
Eelco Dolstra
66f4d10843
Use pam_systemd.so to set up device ownership
...
This removes the need for ConsoleKit, so it's gone.
2012-06-15 14:51:48 -04:00
Eelco Dolstra
63517eca1b
* Actually use the security.pam.enableSSHAgentAuth option.
...
http://hydra.nixos.org/build/2698800
svn path=/nixos/trunk/; revision=34483
2012-06-12 20:21:15 +00:00
Eelco Dolstra
03653d43eb
* Add support for sudo authentication using the SSH agent. This
...
allows password-less servers.
svn path=/nixos/trunk/; revision=34474
2012-06-11 22:41:07 +00:00
Peter Simons
51b5da4023
modules/security/pam.nix: sort security.pam.services alphabetically
...
svn path=/nixos/trunk/; revision=34437
2012-06-11 07:12:41 +00:00
Peter Simons
5c3593be46
Add PAM configuration for vlock.
...
svn path=/nixos/trunk/; revision=34436
2012-06-11 07:12:39 +00:00
Peter Simons
4c54fcaf45
pam security for i3lock
...
svn path=/nixos/trunk/; revision=34435
2012-06-11 07:10:25 +00:00
Eelco Dolstra
801cd7402c
* Don't use ‘chown user.group’ since that syntax is not officially
...
supported (you're supposed to say ‘chown user:group’).
svn path=/nixos/trunk/; revision=34161
2012-05-17 19:43:32 +00:00
Florian Friesdorf
5115e6a1d0
keep NIX_PATH in sudo env
...
fixes:
file `nixpkgs' was not found in the Nix search path (add it using $NIX_PATH or -I)
svn path=/nixos/trunk/; revision=32973
2012-03-10 16:11:40 +00:00
Eelco Dolstra
a6f410f144
* Obsolete security.extraSetuidPrograms.
...
svn path=/nixos/trunk/; revision=32723
2012-03-01 20:10:46 +00:00
Florian Friesdorf
0862ca9fa7
sudoers: LOCALE_ARCHIVE, TERMINFO_DIRS for root and %wheel
...
svn path=/nixos/trunk/; revision=31491
2012-01-12 07:54:14 +00:00
Peter Simons
20b364f4de
Reverting revisions 30103-30106: "always set nixpkgs.config.{state,store}Dir", etc.
...
After the change from revision 30103, nixos-rebuild suddenly consumed
freaky amounts of memory. I had to abort the process after it had
allocated well in excess of 30GB(!) of RAM. I'm not sure what is causing
this behavior, but undoing that assignment fixes the problem. The other
two commits needed to be revoked, too, because they depend on 30103.
svn path=/nixos/trunk/; revision=30127
2011-10-30 15:19:58 +00:00
Shea Levy
09cf6ce70c
find modules | fgrep .nix | fgrep -v .svn | fgrep -v nixpkgs.nix | xargs sed -i -e 's|/nix/var|${config.nixpkgs.config.nix.stateDir}|g' -e 's|/nix/store|${config.nixpkgs.config.nix.storeDir}|g'
...
Don't assume /nix/store or /nix/var in NixOS modules, this is configurable
svn path=/nixos/trunk/; revision=30104
2011-10-29 21:03:57 +00:00
Peter Simons
eb6e1310b8
strip trailing whitespace; no functional change
...
svn path=/nixos/trunk/; revision=29285
2011-09-14 18:20:50 +00:00
Eelco Dolstra
64340dc03c
* Set OPENSSL_X509_CERT_FILE.
...
svn path=/nixos/trunk/; revision=29225
2011-09-12 17:01:43 +00:00
Eelco Dolstra
d1ae2c2ac1
* Polkit: remove the wrapper since it's no longer needed (and didn't
...
really work as far as I can tell).
svn path=/nixos/trunk/; revision=28734
2011-08-22 11:46:32 +00:00
Eelco Dolstra
7980c71d9c
* Add some options to allow setting PolKit permissions.
...
svn path=/nixos/trunk/; revision=28729
2011-08-21 20:38:45 +00:00
Eelco Dolstra
44725e50f0
* Apply the resource limits set by security.pam.loginLimits to all PAM
...
services (rather than just login(1)). It's rather unexpected if
resource limits are not applied to (say) users logged in via SSH or
X11.
svn path=/nixos/trunk/; revision=28105
2011-08-01 10:17:18 +00:00
Eelco Dolstra
7d69a82b55
* Put the CA certificate bundle in /etc/ssl/certs because Qt expects
...
them there.
svn path=/nixos/trunk/; revision=28009
2011-07-29 19:06:27 +00:00
Eelco Dolstra
aa5f5ed2e5
* I should test first.
...
svn path=/nixos/trunk/; revision=27964
2011-07-26 14:19:06 +00:00
Eelco Dolstra
645205b600
* Add a module for rtkit. The PulseAudio module enables rtkit to
...
acquire real-time priority.
svn path=/nixos/trunk/; revision=27963
2011-07-26 14:14:10 +00:00