diff options
author | nikstur <nikstur@outlook.com> | 2023-12-27 08:33:26 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-12-27 08:33:26 +0100 |
commit | c9569af3e095e0b146c0806dd2f2ae1f28f0736d (patch) | |
tree | 5c6d66f9ea192bada94736e0e5d1fecf3c9a0532 /nixos/modules/security | |
parent | 56b8564a7d018564d5a58bce4c9dc997ae7d7ac0 (diff) | |
parent | 6f8091159ecec673fcafea1215ba190a86c99ebd (diff) |
Merge pull request #271326 from philiptaron/shutdown.target
treewide: depend on `shutdown.target` if `DefaultDependencies=no` in almost every case
Diffstat (limited to 'nixos/modules/security')
-rw-r--r-- | nixos/modules/security/apparmor.nix | 3 | ||||
-rw-r--r-- | nixos/modules/security/auditd.nix | 4 | ||||
-rw-r--r-- | nixos/modules/security/duosec.nix | 6 | ||||
-rw-r--r-- | nixos/modules/security/wrappers/default.nix | 3 |
4 files changed, 11 insertions, 5 deletions
diff --git a/nixos/modules/security/apparmor.nix b/nixos/modules/security/apparmor.nix index 24b48338ed772..ea1af6c6e2f29 100644 --- a/nixos/modules/security/apparmor.nix +++ b/nixos/modules/security/apparmor.nix @@ -164,7 +164,8 @@ in "local-fs.target" "systemd-journald-audit.socket" ]; - before = [ "sysinit.target" ]; + before = [ "sysinit.target" "shutdown.target" ]; + conflicts = [ "shutdown.target" ]; wantedBy = [ "multi-user.target" ]; unitConfig = { Description="Load AppArmor policies"; diff --git a/nixos/modules/security/auditd.nix b/nixos/modules/security/auditd.nix index db4b2701ee2e9..12d5831619ad8 100644 --- a/nixos/modules/security/auditd.nix +++ b/nixos/modules/security/auditd.nix @@ -13,6 +13,8 @@ with lib; systemd.services.auditd = { description = "Linux Audit daemon"; wantedBy = [ "basic.target" ]; + before = [ "shutdown.target" ]; + conflicts = [ "shutdown.target "]; unitConfig = { ConditionVirtualization = "!container"; @@ -23,7 +25,7 @@ with lib; path = [ pkgs.audit ]; serviceConfig = { - ExecStartPre="${pkgs.coreutils}/bin/mkdir -p /var/log/audit"; + ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /var/log/audit"; ExecStart = "${pkgs.audit}/bin/auditd -l -n -s nochange"; }; }; diff --git a/nixos/modules/security/duosec.nix b/nixos/modules/security/duosec.nix index 2a855a77e3a39..ef76bfeb6d66a 100644 --- a/nixos/modules/security/duosec.nix +++ b/nixos/modules/security/duosec.nix @@ -195,7 +195,8 @@ in systemd.services.login-duo = lib.mkIf cfg.ssh.enable { wantedBy = [ "sysinit.target" ]; - before = [ "sysinit.target" ]; + before = [ "sysinit.target" "shutdown.target" ]; + conflicts = [ "shutdown.target" ]; unitConfig.DefaultDependencies = false; script = '' if test -f "${cfg.secretKeyFile}"; then @@ -216,7 +217,8 @@ in systemd.services.pam-duo = lib.mkIf cfg.ssh.enable { wantedBy = [ "sysinit.target" ]; - before = [ "sysinit.target" ]; + before = [ "sysinit.target" "shutdown.target" ]; + conflicts = [ "shutdown.target" ]; unitConfig.DefaultDependencies = false; script = '' if test -f "${cfg.secretKeyFile}"; then diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix index 250f9775be14d..4e123fa9ca5ee 100644 --- a/nixos/modules/security/wrappers/default.nix +++ b/nixos/modules/security/wrappers/default.nix @@ -278,7 +278,8 @@ in systemd.services.suid-sgid-wrappers = { description = "Create SUID/SGID Wrappers"; wantedBy = [ "sysinit.target" ]; - before = [ "sysinit.target" ]; + before = [ "sysinit.target" "shutdown.target" ]; + conflicts = [ "shutdown.target" ]; unitConfig.DefaultDependencies = false; unitConfig.RequiresMountsFor = [ "/nix/store" "/run/wrappers" ]; serviceConfig.Type = "oneshot"; |