diff options
| author | Soispha <soispha@vhack.eu> | 2023-08-02 00:21:27 +0200 |
|---|---|---|
| committer | sils <sils@noreply.codeberg.org> | 2023-08-04 13:00:46 +0000 |
| commit | 4ac11a35676b58ff3df41635ae08a432e6076074 (patch) | |
| tree | 9c6e8d0b86e4a18f2cd55e68b3c997dd4dc7081a | |
| parent | Feat(system/services/nginx/hosts): Add another host (diff) | |
| download | nixos-server-4ac11a35676b58ff3df41635ae08a432e6076074.tar.gz nixos-server-4ac11a35676b58ff3df41635ae08a432e6076074.zip | |
Fix(system/services/nix-sync): Remove the last access to the file system
| -rw-r--r-- | system/services/nix-sync/default.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/system/services/nix-sync/default.nix b/system/services/nix-sync/default.nix index 8c466b8..11cb551 100644 --- a/system/services/nix-sync/default.nix +++ b/system/services/nix-sync/default.nix @@ -104,7 +104,7 @@ LogsDirectory = "nix-sync"; LogsDirectoryMode = "0750"; # Proc filesystem - ProcSubset = "all"; + ProcSubset = "pid"; ProtectProc = "invisible"; # New file permissions UMask = "0027"; # 0640 / 0750 @@ -115,7 +115,7 @@ NoNewPrivileges = true; # Sandboxing (sorted by occurrence in https://www.freedesktop.org/software/systemd/man/systemd.exec.html) ReadWritePaths = ["${esa (parents repo.path)}" "-${esa repoCachePath}" "-${esa cfg.cachePath}"]; - ReadOnlyPaths = ["/nix"]; + # ReadOnlyPaths = ["/nix"]; ProtectSystem = "strict"; ProtectHome = true; PrivateTmp = true; |