thary/sp-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: harden some SP modules NixOS config evaluation permissions

Browse Source
This commit is contained in:
Alexander Tomokhov
2024-12-26 18:42:41 +04:00
parent 3a904f599e
commit f07b867af2
3 changed files with 17 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
sp-modules/auth/config-paths-needed.json
View File

@@ -1,11 +1,10 @@
[ [
["mailserver", "fqdn"],
["mailserver", "ldap"],
["mailserver", "vmailUID"],
[ "passthru", "selfprivacy", "auth" ], [ "passthru", "selfprivacy", "auth" ],
[ "security", "acme", "certs" ], [ "security", "acme", "certs" ],
[ "selfprivacy", "domain" ], [ "selfprivacy", "domain" ],
["selfprivacy", "modules"], [ "selfprivacy", "modules", "auth" ],
["services"], [ "services", "kanidm" ],
[ "services", "oauth2-proxy", "enable" ],
[ "services", "oauth2-proxy", "nginx" ],
[ "systemd", "services", "kanidm" ] [ "systemd", "services", "kanidm" ]
] ]

3
sp-modules/roundcube/config-paths-needed.json
View File

@@ -4,6 +4,5 @@
[ "passthru", "selfprivacy", "auth", "oauth2-provider-name" ], [ "passthru", "selfprivacy", "auth", "oauth2-provider-name" ],
[ "selfprivacy", "domain" ], [ "selfprivacy", "domain" ],
[ "selfprivacy", "modules", "auth" ], [ "selfprivacy", "modules", "auth" ],
["selfprivacy", "modules", "roundcube"], [ "selfprivacy", "modules", "roundcube" ]
["service", "kanidm"]
] ]

4
sp-modules/simple-nixos-mailserver/config-paths-needed.json
View File

@@ -13,6 +13,8 @@
[ "services", "opendkim" ], [ "services", "opendkim" ],
[ "services", "postfix", "group" ], [ "services", "postfix", "group" ],
[ "services", "postfix", "user" ], [ "services", "postfix", "user" ],
[ "services", "redis" ], [ "services", "redis", "servers", "rspamd", "bind" ],
[ "services", "redis", "servers", "rspamd", "port" ],
[ "services", "redis", "servers", "rspamd", "requirePass" ],
[ "services", "rspamd" ] [ "services", "rspamd" ]
] ]