tsuki/plex: remove security hardening, included in nixos 24.05
This commit is contained in:
parent
3a81abb683
commit
53c6c32fb8
@ -5,27 +5,4 @@ in {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
};
|
||||
|
||||
systemd.services.plex.serviceConfig = {
|
||||
ReadWritePaths = [ cfg.dataDir ];
|
||||
NoNewPrivileges = true;
|
||||
PrivateDevices = true;
|
||||
ProtectClock = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
PrivateMounts = true;
|
||||
RestrictSUIDSGID = true;
|
||||
ProtectHostname = true;
|
||||
LockPersonality = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectSystem = "strict";
|
||||
ProtectProc = true;
|
||||
ProtectHome = true;
|
||||
# PrivateNetwork = true;
|
||||
PrivateUsers = true;
|
||||
PrivateTmp = true;
|
||||
UMask = "0007";
|
||||
# RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ];
|
||||
SystemCallArchitectures = "native";
|
||||
};
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user