torjus/labmon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Change systemd options

Browse Source
This commit is contained in:
Torjus Håkestad 2025-05-24 03:33:44 +02:00
parent c844888514
commit 586440fe8d
Signed by: torjus
SSH Key Fingerprint: SHA256:KjAds8wHfD2mBYK2H815s/+ABcSdcIHUndwHEdSxml4
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nix/module.nix
View File

@ -31,8 +31,11 @@ in
ExecStart = "${pkgs.labmon}/bin/labmon ${settingsFile}"; ExecStart = "${pkgs.labmon}/bin/labmon ${settingsFile}";
DynamicUser = true; DynamicUser = true;
Restart = "always"; Restart = "always";
RuntimeDirectory = "labmon";
RuntimeDirectoryMode = "0700";
# Hardening # Hardening
DeviceAllow = [ "/dev/null rw" ];
DevicePolicy = "strict"; DevicePolicy = "strict";
LockPersonality = true; LockPersonality = true;
MemoryDenyWriteExecute = true; MemoryDenyWriteExecute = true;
@ -53,6 +56,7 @@ in
RestrictAddressFamilies = [ RestrictAddressFamilies = [
"AF_INET" "AF_INET"
"AF_INET6" "AF_INET6"
"AF_UNIX"
]; ];
RestrictNamespaces = true; RestrictNamespaces = true;
RestrictRealtime = true; RestrictRealtime = true;