tsuki/plex: remove security hardening, included in nixos 24.05
This commit is contained in:
parent
3a81abb683
commit
53c6c32fb8
GPG Key ID:
9F2F7D8250F35146
|
|
@ -5,27 +5,4 @@ in {
|
||||||
enable = true;
|
enable = true;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.plex.serviceConfig = {
|
|
||||||
ReadWritePaths = [ cfg.dataDir ];
|
|
||||||
NoNewPrivileges = true;
|
|
||||||
PrivateDevices = true;
|
|
||||||
ProtectClock = true;
|
|
||||||
ProtectKernelLogs = true;
|
|
||||||
ProtectKernelModules = true;
|
|
||||||
PrivateMounts = true;
|
|
||||||
RestrictSUIDSGID = true;
|
|
||||||
ProtectHostname = true;
|
|
||||||
LockPersonality = true;
|
|
||||||
ProtectKernelTunables = true;
|
|
||||||
ProtectSystem = "strict";
|
|
||||||
ProtectProc = true;
|
|
||||||
ProtectHome = true;
|
|
||||||
# PrivateNetwork = true;
|
|
||||||
PrivateUsers = true;
|
|
||||||
PrivateTmp = true;
|
|
||||||
UMask = "0007";
|
|
||||||
# RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ];
|
|
||||||
SystemCallArchitectures = "native";
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue