Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Givc tls module #34

Merged
merged 5 commits into from
Jan 11, 2025
Merged

Givc tls module #34

merged 5 commits into from
Jan 11, 2025

Conversation

mbssrc
Copy link
Collaborator

@mbssrc mbssrc commented Nov 25, 2024
edited
Loading

Description

  • add multiple admin addresses
  • add TLS cert/key generation script
  • add TLS nixos module
  • unify key/cert location add user copy

Checklist

  • Summary of the proposed changes in the PR description
  • More detailed description in the commit message(s)
  • Commits are squashed into relevant entities - avoid a lot of minimal dev time commits in the PR
  • Contribution guidelines followed
  • Test procedure added to nixos/tests
  • Author has run nix flake check --accept-flake-config and it passes
  • All automatic Github Action checks pass - see actions
  • Author has added reviewers and removed PR draft status

Testing

Tested on Ghaf + test scripts

mbssrc added 2 commits January 8, 2025 12:45
@mbssrc
fix(pr-template): update
a8d7df7 
- update header and remove unnecessary checkboxes

Signed-off-by: Manuel Bluhm <[email protected]>
@mbssrc
fix(go-types): remove unused types
ef511c0 
Signed-off-by: Manuel Bluhm <[email protected]>
mbssrc added 2 commits January 10, 2025 15:17
@mbssrc
feat(tls): add tls module and cert generator
a88b0c9 
Introduces a TLS module for certificate generation on the host.

- add tls module with service to generate tls keys/certs
- add/modify cert generator script
- add appvm/sysvm services to nixos module to copy keys with user access
- adjust admin nixos module to support multiple addresses
- support multiple admin addresses
- adjust tests to new schema
- rename 'agent' parameter to 'transport'

Signed-off-by: Manuel Bluhm <[email protected]>
@mbssrc
fix(socketproxy): Downgrade warning to info for removing socket file
0780b02 
Signed-off-by: Manuel Bluhm <[email protected]>
@mbssrc mbssrc force-pushed the givc-tls-module branch 2 times, most recently from ec8125a to d496074 Compare January 10, 2025 13:07
@mbssrc
feat(appvm module): limit the user agent by UID
be9c368 
Add condition to limit the user session for appvm module to the
specified UID only. Prevents running multiple instances, e.g.,
for admin account. Service does not run anyway as the address
is already bound.

Signed-off-by: Manuel Bluhm <[email protected]>
@mbssrc mbssrc merged commit 952d1b9 into tiiuae:main Jan 11, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mbssrc