gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore(syncplay): service hardening

Browse source
This commit is contained in:
arcnmx 2024-06-27 14:22:38 -07:00
parent 116c3960e7
commit 51d9ac16f0
1 changed files with 9 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
modules/nixos/syncplay.nix
View file

@ -76,6 +76,15 @@ in {
"${cfg.certDir}"
])
];
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
ProtectSystem = "strict";
ProtectHome = true;
ProtectControlGroups = true;
ProtectProc = "invisible";
RemoveIPC = true;
};
};
}