aiolabs/nix-bitcoin
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Move service hardening flags into separate file

Browse source
This commit is contained in:
Jonas Nick 2019-04-27 19:21:45 +00:00
parent 66095871c6
commit a089d65d25
No known key found for this signature in database
GPG key ID: 4861DBF262123605
11 changed files with 33 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

8
modules/clightning.nix
View file

@ -3,6 +3,7 @@
with lib;
let
nix-bitcoin-services = import ./nix-bitcoin-services.nix;
cfg = config.services.clightning;
configFile = pkgs.writeText "config" ''
autolisten=${if cfg.autolisten then "true" else "false"}
@ -93,12 +94,7 @@ in {
User = "clightning";
Restart = "on-failure";
RestartSec = "10s";
PrivateTmp = "true";
ProtectSystem = "full";
NoNewPrivileges = "true";
PrivateDevices = "true";
MemoryDenyWriteExecute = "true";
};
} // nix-bitcoin-services.defaultHardening;
};
};
}