Branch: refs/heads/master
Home: https://github.com/NixOS/nixpkgs
Commit: 7980523e007c066495b010897f9cf240453e0ad1
https://github.com/NixOS/nixpkgs/commit/7980523e007c066495b010897f9cf240453e0ad1
Author: Joachim Fasting <joach...@fastmail.fm>
Date: 2016-09-15 (Thu, 15 Sep 2016)
Changed paths:
M nixos/modules/services/networking/unbound.nix
Log Message:
-----------
unbound service: convenient handling of local forward addresses
do-not-query-localhost defaults to yes; with this patch, unbound is
configured to query localhost if any of the forward addresses are local.
Commit: 52432ee63d9ab57d9dba7d9ce738d3964b2314a6
https://github.com/NixOS/nixpkgs/commit/52432ee63d9ab57d9dba7d9ce738d3964b2314a6
Author: Joachim Fasting <joach...@fastmail.fm>
Date: 2016-09-15 (Thu, 15 Sep 2016)
Changed paths:
M nixos/modules/services/networking/unbound.nix
Log Message:
-----------
unbound service: non-blocking random in chroot
/dev/random is an exhaustible resource. Presumably, unbound will not be
used to generate long-term encryption keys and so allowing it to use
/dev/random only increases the risk of entropy exhaustion for no
benefit.
Commit: 0759e77dfd1d9272a2a26390b5a2cb8fb80efc3c
https://github.com/NixOS/nixpkgs/commit/0759e77dfd1d9272a2a26390b5a2cb8fb80efc3c
Author: Joachim Fasting <joach...@fastmail.fm>
Date: 2016-09-15 (Thu, 15 Sep 2016)
Changed paths:
M nixos/modules/services/networking/unbound.nix
Log Message:
-----------
unbound service: add reference to man:unbound.conf(8)
Commit: 39f5182a30cd9eec3ce5bbf30fd1d5ae04126d89
https://github.com/NixOS/nixpkgs/commit/39f5182a30cd9eec3ce5bbf30fd1d5ae04126d89
Author: Joachim Fasting <joach...@fastmail.fm>
Date: 2016-09-15 (Thu, 15 Sep 2016)
Changed paths:
M nixos/modules/services/networking/unbound.nix
Log Message:
-----------
unbound service: use auto-generated uid
1. The preStart script ensures consistent ownership, even if the unbound
user's uid has changed
2. The unbound daemon does not generate data that needs to be private to
it, so it would not matter that a different service would end up
owning its data (as long as unbound remains enabled, it should reclaim
ownership soon enough anyway).
Thus, there's no clear benefit to allocate a dedicated uid for the
unbound service. This releases uid/gid 48.
Also, because the preStart script creates the data directory, there's no
need to specify a homedir or ask for its creation.
Commit: 5dc60051fa7f6e79781c146ae61c0dd8f92e7e10
https://github.com/NixOS/nixpkgs/commit/5dc60051fa7f6e79781c146ae61c0dd8f92e7e10
Author: Joachim Fasting <joach...@fastmail.fm>
Date: 2016-09-15 (Thu, 15 Sep 2016)
Changed paths:
M nixos/modules/services/networking/unbound.nix
Log Message:
-----------
unbound service: some pre-chroot isolation
While entering the chroot should provide the same amount of isolation,
the preStart script will run with full root privileges and so would
benefit from some isolation as well (in particular due to
unbound-anchor, which can perform network I/O).
Commit: bf538515b7d668f9522b1db7d07ffe087f9d8a7f
https://github.com/NixOS/nixpkgs/commit/bf538515b7d668f9522b1db7d07ffe087f9d8a7f
Author: Joachim Fasting <joach...@fastmail.fm>
Date: 2016-09-15 (Thu, 15 Sep 2016)
Changed paths:
M nixos/modules/misc/ids.nix
Log Message:
-----------
nixos/ids: remove static unbound uid
Commit: 22d6c97855b99e770855474f394cd4a3192d98d9
https://github.com/NixOS/nixpkgs/commit/22d6c97855b99e770855474f394cd4a3192d98d9
Author: Joachim Fasting <joach...@fastmail.fm>
Date: 2016-09-16 (Fri, 16 Sep 2016)
Changed paths:
M nixos/modules/services/networking/unbound.nix
Log Message:
-----------
unbound service: extend isLocalAddress to handle ipv6
Commit: e06ead81bf61feb790d5706cbfbc41940a06ec4a
https://github.com/NixOS/nixpkgs/commit/e06ead81bf61feb790d5706cbfbc41940a06ec4a
Author: Joachim F <joach...@users.noreply.github.com>
Date: 2016-09-17 (Sat, 17 Sep 2016)
Changed paths:
M nixos/modules/misc/ids.nix
M nixos/modules/services/networking/unbound.nix
Log Message:
-----------
Merge pull request #18630 from joachifm/unbound-improvements
Unbound service improvements
Compare: https://github.com/NixOS/nixpkgs/compare/d9a4d942ab4b...e06ead81bf61_______________________________________________
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits
