Disable network because tar file is pushed from Microbel separately

2024-11-09 21:58:38 +01:00 · 2024-11-09 21:58:38 +01:00 · de90a8e827
parent 906f2d5594
commit de90a8e827
1 changed files with 2 additions and 2 deletions
--- a/hosts/bekkalokk/services/website/fetch-gallery.nix
+++ b/hosts/bekkalokk/services/website/fetch-gallery.nix
@ -70,7 +70,7 @@ in {
      MemoryDenyWriteExecute = true;
      NoNewPrivileges = true; # disable for third party rotate scripts
      PrivateDevices = true;
-      #PrivateNetwork = true; # disable for mail delivery
+      PrivateNetwork = true; # disable for mail delivery
      PrivateTmp = true;
      ProtectClock = true;
      ProtectControlGroups = true;
@ -84,7 +84,7 @@ in {
      RestrictNamespaces = true;
      RestrictRealtime = true;
      RestrictSUIDSGID = true; # disable for creating setgid directories
-      #SocketBindDeny = [ "any" ];
+      SocketBindDeny = [ "any" ];
      SystemCallArchitectures = "native";
      SystemCallFilter = [
        "@system-service"