mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-11-13 03:08:16 +01:00
78b4b90d6c
This introduces an option that allows us to turn off stateful generation of Diffie-Hellman parameters, which in some way is still "stateful" as the generated DH params file is non-deterministic. However what we can avoid with this is to have an increased surface for failures during system startup, because generation of the parameters is done during build-time. Aside from adding a NixOS VM test it also restructures the type of the security.dhparams.params option, so that it's a submodule. A new defaultBitSize option is also there to allow users to set a system-wide default. I added a release notes entry that described what has changed and also included a few notes for module developers using this module, as the first usage already popped up in NixOS/nixpkgs#39507. Thanks to @Ekleog and @abbradar for reviewing. |
||
|---|---|---|
| .. | ||
| wrappers | ||
| acme.nix | ||
| acme.xml | ||
| apparmor-suid.nix | ||
| apparmor.nix | ||
| audit.nix | ||
| auditd.nix | ||
| ca.nix | ||
| chromium-suid-sandbox.nix | ||
| dhparams.nix | ||
| duosec.nix | ||
| hidepid.nix | ||
| hidepid.xml | ||
| lock-kernel-modules.nix | ||
| oath.nix | ||
| pam.nix | ||
| pam_mount.nix | ||
| pam_usb.nix | ||
| polkit.nix | ||
| prey.nix | ||
| rngd.nix | ||
| rtkit.nix | ||
| sudo.nix | ||