kleen.consulting

author: Gregor Kleen <gkleen@yggdrasil.li> 2022-12-27 15:28:59 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2022-12-27 15:28:59 +0100
commit: 17d24a633e75592f8b0dd5346c919c261332c90c (patch)
tree: 01eceef16b07fdb0e440e060bffb8ac38e222d93 /hosts/surtr/http/default.nix
parent: 47c4a1e7f3074ca10412abe5efd3a01ed6ba099e (diff)
download: nixos-17d24a633e75592f8b0dd5346c919c261332c90c.tar
nixos-17d24a633e75592f8b0dd5346c919c261332c90c.tar.gz
nixos-17d24a633e75592f8b0dd5346c919c261332c90c.tar.bz2
nixos-17d24a633e75592f8b0dd5346c919c261332c90c.tar.xz
nixos-17d24a633e75592f8b0dd5346c919c261332c90c.zip
1 files changed, 0 insertions, 17 deletions
diff --git a/hosts/surtr/http/default.nix b/hosts/surtr/http/default.nix
index 920f939c..3d7f3ebf 100644
--- a/hosts/surtr/http/default.nix
+++ b/hosts/surtr/http/default.nix
@@ -35,23 +35,6 @@
        ExecReload = lib.mkForce "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
        RuntimeDirectory = lib.mkForce [ "nginx" "nginx-client-bodies" ];
        RuntimeDirectoryMode = "0750";
-        NoNewPrivileges = lib.mkForce false;
-        PrivateDevices = lib.mkForce false;
-        ProtectHostname = lib.mkForce false;
-        ProtectKernelTunables = lib.mkForce false;
-        ProtectKernelModules = lib.mkForce false;
-        RestrictAddressFamilies = lib.mkForce [ ];
-        LockPersonality = lib.mkForce false;
-        MemoryDenyWriteExecute = lib.mkForce false;
-        RestrictRealtime = lib.mkForce false;
-        RestrictSUIDSGID = lib.mkForce false;
-        SystemCallArchitectures = lib.mkForce "";
-        ProtectClock = lib.mkForce false;
-        ProtectKernelLogs = lib.mkForce false;
-        RestrictNamespaces = lib.mkForce false;
-        SystemCallFilter = lib.mkForce "";
-        ReadWritePaths = [ "/srv/files" ];
      };
    };
author	Gregor Kleen <gkleen@yggdrasil.li>	2022-12-27 15:28:59 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2022-12-27 15:28:59 +0100
commit	17d24a633e75592f8b0dd5346c919c261332c90c (patch)
tree	01eceef16b07fdb0e440e060bffb8ac38e222d93 /hosts/surtr/http/default.nix
parent	47c4a1e7f3074ca10412abe5efd3a01ed6ba099e (diff)
download	nixos-17d24a633e75592f8b0dd5346c919c261332c90c.tar nixos-17d24a633e75592f8b0dd5346c919c261332c90c.tar.gz nixos-17d24a633e75592f8b0dd5346c919c261332c90c.tar.bz2 nixos-17d24a633e75592f8b0dd5346c919c261332c90c.tar.xz nixos-17d24a633e75592f8b0dd5346c919c261332c90c.zip

diff --git a/hosts/surtr/http/default.nix b/hosts/surtr/http/default.nix index 920f939c..3d7f3ebf 100644 --- a/hosts/surtr/http/default.nix +++ b/hosts/surtr/http/default.nix
@@ -35,23 +35,6 @@
35	ExecReload = lib.mkForce "${pkgs.coreutils}/bin/kill -HUP $MAINPID";	35	ExecReload = lib.mkForce "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
36	RuntimeDirectory = lib.mkForce [ "nginx" "nginx-client-bodies" ];	36	RuntimeDirectory = lib.mkForce [ "nginx" "nginx-client-bodies" ];
37	RuntimeDirectoryMode = "0750";	37	RuntimeDirectoryMode = "0750";
38
39	NoNewPrivileges = lib.mkForce false;
40	PrivateDevices = lib.mkForce false;
41	ProtectHostname = lib.mkForce false;
42	ProtectKernelTunables = lib.mkForce false;
43	ProtectKernelModules = lib.mkForce false;
44	RestrictAddressFamilies = lib.mkForce [ ];
45	LockPersonality = lib.mkForce false;
46	MemoryDenyWriteExecute = lib.mkForce false;
47	RestrictRealtime = lib.mkForce false;
48	RestrictSUIDSGID = lib.mkForce false;
49	SystemCallArchitectures = lib.mkForce "";
50	ProtectClock = lib.mkForce false;
51	ProtectKernelLogs = lib.mkForce false;
52	RestrictNamespaces = lib.mkForce false;
53	SystemCallFilter = lib.mkForce "";
54	ReadWritePaths = [ "/srv/files" ];
55	};	38	};
56	};	39	};
57		40