diff options
Diffstat (limited to 'nixos/modules/services/security')
-rw-r--r-- | nixos/modules/services/security/certmgr.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/security/torify.nix | 3 | ||||
-rw-r--r-- | nixos/modules/services/security/vault.nix | 1 |
3 files changed, 6 insertions, 2 deletions
diff --git a/nixos/modules/services/security/certmgr.nix b/nixos/modules/services/security/certmgr.nix index e89078883eb..94c0ba14117 100644 --- a/nixos/modules/services/security/certmgr.nix +++ b/nixos/modules/services/security/certmgr.nix @@ -113,7 +113,7 @@ in otherCert = "/var/certmgr/specs/other-cert.json"; } ''; - type = with types; attrsOf (either (submodule { + type = with types; attrsOf (either path (submodule { options = { service = mkOption { type = nullOr str; @@ -148,7 +148,7 @@ in description = "certmgr spec request object."; }; }; - }) path); + })); description = '' Certificate specs as described by: <link xlink:href="https://github.com/cloudflare/certmgr#certificate-specs" /> diff --git a/nixos/modules/services/security/torify.nix b/nixos/modules/services/security/torify.nix index 08da726437e..39551190dd3 100644 --- a/nixos/modules/services/security/torify.nix +++ b/nixos/modules/services/security/torify.nix @@ -25,6 +25,7 @@ in services.tor.tsocks = { enable = mkOption { + type = types.bool; default = false; description = '' Whether to build tsocks wrapper script to relay application traffic via Tor. @@ -40,6 +41,7 @@ in }; server = mkOption { + type = types.str; default = "localhost:9050"; example = "192.168.0.20"; description = '' @@ -48,6 +50,7 @@ in }; config = mkOption { + type = types.lines; default = ""; description = '' Extra configuration. Contents will be added verbatim to TSocks diff --git a/nixos/modules/services/security/vault.nix b/nixos/modules/services/security/vault.nix index b0ab8fadcbe..6a8a3a93327 100644 --- a/nixos/modules/services/security/vault.nix +++ b/nixos/modules/services/security/vault.nix @@ -135,6 +135,7 @@ in User = "vault"; Group = "vault"; ExecStart = "${cfg.package}/bin/vault server -config ${configFile}"; + ExecReload = "${pkgs.coreutils}/bin/kill -SIGHUP $MAINPID"; PrivateDevices = true; PrivateTmp = true; ProtectSystem = "full"; |