Archive/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-10-23 12:00:35 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
nixpkgs/nixos/modules/services
History
Martin Weinelt 33e867620e
nixos/mosquitto: harden systemd unit 
It can still network, it can only access the ssl related files if ssl is
enabled.

✗ PrivateNetwork=                                             Service has access to the host's network                                            0.5
✗ RestrictAddressFamilies=~AF_(INET|INET6)                    Service may allocate Internet sockets                                               0.3
✗ DeviceAllow=                                                Service has a device ACL with some special devices                                  0.1
✗ IPAddressDeny=                                              Service does not define an IP address allow list                                    0.2
✗ RootDirectory=/RootImage=                                   Service runs within the host's root directory                                       0.1
✗ RestrictAddressFamilies=~AF_UNIX                            Service may allocate local sockets                                                  0.1

→ Overall exposure level for mosquitto.service: 1.1 OK 🙂
2021-05-01 19:46:48 +02:00
..
admin
amqp
audio Merge pull request #117554 from Zopieux/snapcast-meta 2021-04-07 10:30:32 +02:00
backup nixos/users: require one of users.users.name.{isSystemUser,isNormalUser} 2021-04-14 20:40:00 +02:00
blockchain/ethereum
cluster Merge pull request #103228 from ThinkChaos/fix_k3s_start 2021-04-14 09:01:33 +01:00
computing nixos/slurm: expose to path config files 2021-03-10 23:12:47 +01:00
continuous-integration nixos/github-runner: init at v2.277.1 (#116775) 2021-04-10 10:17:10 +00:00
databases Merge pull request #118961 from Izorkin/update-redis-sandbox 2021-04-20 21:12:10 +01:00
desktops pipewire: Add update script 2021-04-27 16:50:22 +02:00
development
display-managers nixos/greetd: Add greetd module (#118294) 2021-04-06 19:35:32 +00:00
editors
games Merge pull request #111951 from f4814/add-quake3-module 2021-04-16 20:20:18 -04:00
hardware nixos/pcscd: Correctly install pcsclite (fix #121121) 2021-04-30 10:33:03 +02:00
logging nixos/promtail: Set TimeoutStopSec=10 2021-04-28 21:02:11 +02:00
mail nixos/rspamd: Fix CapabilityBoundingSet option 2021-04-25 20:26:22 +02:00
misc nixos/zigbee2mqtt: start maintaing the module 2021-04-30 20:40:04 +02:00
monitoring Merge pull request #120492 from SuperSandro2000/prometheus-unbound-exporter 2021-04-29 10:54:22 +02:00
network-filesystems nixos/ipfs: remove separate ipfs-init systemd unit 2021-04-22 21:13:05 +02:00
networking nixos/mosquitto: harden systemd unit 2021-05-01 19:46:48 +02:00
printing nixos/printing: simplify filterGutenprint function 2021-03-14 11:59:00 +01:00
scheduling
search
security Merge pull request #120541 from pennae/fail2ban 2021-05-01 15:09:24 +01:00
system treewide: fix eval without aliases after 9378fdf87e 2021-04-08 13:33:09 +02:00
torrent
ttys
video
wayland cage: drop maintainership (#121174) 2021-04-29 18:07:13 +02:00
web-apps Merge pull request #117072 from em0lar/keycloak-module-dbuser 2021-04-29 20:15:19 +02:00
web-servers nixos/nginx: update hardening settings 2021-04-30 18:49:43 +02:00
x11 Merge pull request #119259 from romildo/upd.e16 2021-04-13 01:23:27 +02:00