torjus/nixos-servers
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Alertonotify hardening part 1
Some checks failed
Run nix flake check / flake-check (push) Failing after 4m30s
Details

Browse Source
This commit is contained in:
Torjus Håkestad 2025-05-18 15:08:26 +02:00
parent fe2e87658a
commit 8e0b97c9e0
Signed by: torjus
SSH Key Fingerprint: SHA256:KjAds8wHfD2mBYK2H815s/+ABcSdcIHUndwHEdSxml4
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
services/monitoring/alerttonotify.nix
View File

@ -19,6 +19,18 @@
serviceConfig = { serviceConfig = {
Type = "exec"; Type = "exec";
ExecStart = "${pkgs.alerttonotify}/bin/alerttonotify"; ExecStart = "${pkgs.alerttonotify}/bin/alerttonotify";
DynamicUser = "yes";
CapabilityBoundingSet = "";
RestrictAddressFamilies = "AF_INET AF_INET6";
SystemCallArchitectures = "native";
LockPersonality = "yes";
MemoryDenyWriteExecute = "yes";
PrivateDevices = "yes";
PrivateUsers = "yes";
ProtectControlGroups = "yes";
ProtectHome = "yes";
ProtectHostname = "yes";
RestrictNamespace = "yes";
}; };
}; };
} }