SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-03-22 21:19:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

scrutiny: Fix persistence

Browse source
This commit is contained in:
SebastianStork 2026-03-18 15:53:17 +01:00
parent 7a429c5177
commit fa06bbe9ce
Signed by: SebastianStork
SSH key fingerprint: SHA256:tRrGdjYOwgHxpSc/wTOZQZEjxcb15P0tyXRsbAfd+2Q
1 changed files with 10 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

11
modules/nixos/web-services/scrutiny.nix
View file

@ -34,7 +34,16 @@ in
}; };
}; };
systemd.services.scrutiny.enableStrictShellChecks = false; systemd.services.scrutiny = {
enableStrictShellChecks = false;
serviceConfig = {
DynamicUser = lib.mkForce false;
ProtectSystem = "strict";
ProtectHome = "read-only";
PrivateTmp = true;
RemoveIPC = true;
};
};
custom = { custom = {
services.caddy.virtualHosts.${cfg.domain}.port = cfg.port; services.caddy.virtualHosts.${cfg.domain}.port = cfg.port;