BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #258853 from SuperSandro2000/dex

Browse source 
nixos/dex: fix start with latest systemd update
This commit is contained in:
Cabia Rangris 2023-10-20 09:59:21 +00:00 committed by GitHub
commit 585a8b12b1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
nixos/modules/services/web-apps/dex.nix
View file

@ -108,8 +108,7 @@ in
ProtectClock = true;
ProtectHome = true;
ProtectHostname = true;
# Would re-mount paths ignored by temporary root
#ProtectSystem = "strict";
ProtectSystem = "strict";
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
@ -121,9 +120,7 @@ in
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" "~@privileged @setuid @keyring" ];
TemporaryFileSystem = "/:ro";
# Does not work well with the temporary root
#UMask = "0066";
UMask = "0066";
} // optionalAttrs (cfg.environmentFile != null) {
EnvironmentFile = cfg.environmentFile;
};