squalus
squalus
Added unix domain socket support for the listen setting. Added `socket_mode` setting to change socket permissions. Example configuration: ``` listen: /run/vouch-proxy/socket socket_mode: 0600 ```
Users can specify a new overlay config file. This file can contain secrets. The file is specified in two ways: Allow reading OauthClientId and OauthClientSecret from systemd LoadCredential directives. -...
I would like vouch-proxy to support the systemd LoadCredential directive for passing secrets. `OAUTH_CLIENT_SECRET` and `OAUTH_CLIENT_ID` are good candidates for this. vouch-proxy could read the files at `$CREDENTIALS_DIRECTORY/` as a...
I would like vouch-proxy to support listening on unix domain sockets. Currently, it only supports listening on TCP sockets. The `listen` configuration item could support addresses like this: `unix:/path/to/socket`. Proposed...
Call `close(2)` explicitly while extracting NAR files to make sure that the error gets checked. #1218
**Describe the bug** I have seen multiple cases of "schema is corrupt" error messages in a production environment. This tends to happen on NixOS systems that have unexpected power cuts....
#1218 This adds an `fsync-store-paths` option to perform durable writes before registering paths. This prevents data loss when there's an unexpected power cut. The data loss manifests as store corruption...