hosts/bekkalokk/services/website/fetch-gallery.nix

@@ -70,7 +70,7 @@ in {
       MemoryDenyWriteExecute = true;
       NoNewPrivileges = true; # disable for third party rotate scripts
       PrivateDevices = true;
-      #PrivateNetwork = true; # disable for mail delivery
+      PrivateNetwork = true; # disable for mail delivery
       PrivateTmp = true;
       ProtectClock = true;
       ProtectControlGroups = true;
@@ -84,7 +84,7 @@ in {
       RestrictNamespaces = true;
       RestrictRealtime = true;
       RestrictSUIDSGID = true; # disable for creating setgid directories
-      #SocketBindDeny = [ "any" ];
+      SocketBindDeny = [ "any" ];
       SystemCallArchitectures = "native";
       SystemCallFilter = [
         "@system-service"