Branch: refs/heads/master
Home: https://github.com/NixOS/nixpkgs
Commit: adf044e1fbb723e65942da887486a873c022e3ac
https://github.com/NixOS/nixpkgs/commit/adf044e1fbb723e65942da887486a873c022e3ac
Author: Joachim Fasting <joach...@fastmail.fm>
Date: 2017-03-08 (Wed, 08 Mar 2017)
Changed paths:
M nixos/modules/services/networking/dnscrypt-proxy.nix
Log Message:
-----------
nixos/dnscrypt-proxy: refactoring
Use mkMerge to make the code a little more ergonomic and easier
to follow (to my eyes, anyway ...). Also take the opportunity
to do some minor cleanups & tweaks, but no functional changes.
Commit: e72aaa73eacb15b82270fe702517be97d1beba37
https://github.com/NixOS/nixpkgs/commit/e72aaa73eacb15b82270fe702517be97d1beba37
Author: Joachim Fasting <joach...@fastmail.fm>
Date: 2017-03-08 (Wed, 08 Mar 2017)
Changed paths:
M nixos/modules/services/networking/dnscrypt-proxy.nix
Log Message:
-----------
nixos/dnscrypt-proxy: support updating before nss is up
Resolve download.dnscrypt.org using hostip with a bootstrap
resolver (hard-coded to Google Public DNS for now), to ensure
that we can get an up-to-date resolver list without working name
service lookups. This makes us more robust to the upstream
resolver list getting out of date and other DNS configuration
problems.
We use the curl --resolver switch to allow https cert validation
(we'd need to do --insecure if using just the ip addr). Note
that we don't rely on https for security but it's nice to have
it ...
Commit: 5f27abec233604ebe543e4fc833f282a7c835b3f
https://github.com/NixOS/nixpkgs/commit/5f27abec233604ebe543e4fc833f282a7c835b3f
Author: Joachim Fasting <joach...@fastmail.fm>
Date: 2017-03-08 (Wed, 08 Mar 2017)
Changed paths:
M nixos/modules/services/networking/dnscrypt-proxy.nix
Log Message:
-----------
nixos/dnscrypt-proxy: more fs isolation for the updater
It'd be better to do the update as an unprivileged user; for
now, we do our best to minimize the surface available. We
filter mount syscalls to prevent the process from undoing the fs
isolation.
Commit: 06520c7fb785b872e17112bf8be0b6ae1d7d0ec0
https://github.com/NixOS/nixpkgs/commit/06520c7fb785b872e17112bf8be0b6ae1d7d0ec0
Author: Joachim Fasting <joach...@fastmail.fm>
Date: 2017-03-08 (Wed, 08 Mar 2017)
Changed paths:
M nixos/modules/services/networking/dnscrypt-proxy.nix
Log Message:
-----------
nixos/dnscrypt-proxy: indicate update status
Make it easier for the user to tell when the list is updated
and, at their option, see what changed.
Compare: https://github.com/NixOS/nixpkgs/compare/32bcda741a9f...06520c7fb785
_______________________________________________
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits