diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-01-01 17:27:57 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-01-01 17:27:57 +0100 |
commit | ee4098134e21f6c1ca6eda7c33cd15efdc1923a7 (patch) | |
tree | b5643afa202b1242edc7920a64ef84b837e7f3f8 /hosts/vidhar/prometheus | |
parent | b7651f2b5270e43ac37240a706164fc5a708f39f (diff) | |
download | nixos-ee4098134e21f6c1ca6eda7c33cd15efdc1923a7.tar nixos-ee4098134e21f6c1ca6eda7c33cd15efdc1923a7.tar.gz nixos-ee4098134e21f6c1ca6eda7c33cd15efdc1923a7.tar.bz2 nixos-ee4098134e21f6c1ca6eda7c33cd15efdc1923a7.tar.xz nixos-ee4098134e21f6c1ca6eda7c33cd15efdc1923a7.zip |
...
Diffstat (limited to 'hosts/vidhar/prometheus')
-rw-r--r-- | hosts/vidhar/prometheus/default.nix | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix index 780d30ce..3d0af319 100644 --- a/hosts/vidhar/prometheus/default.nix +++ b/hosts/vidhar/prometheus/default.nix | |||
@@ -208,12 +208,12 @@ in { | |||
208 | serviceConfig = { | 208 | serviceConfig = { |
209 | Restart = "always"; | 209 | Restart = "always"; |
210 | 210 | ||
211 | # PrivateTmp = true; | 211 | PrivateTmp = true; |
212 | # WorkingDirectory = "/tmp"; | 212 | WorkingDirectory = "/tmp"; |
213 | # CapabilityBoundingSet = ["CAP_SET_PCAP" "CAP_SETUID" "CAP_SETGID"]; | 213 | CapabilityBoundingSet = ["CAP_NET_ADMIN"]; |
214 | # DynamicUser = true; | 214 | DynamicUser = true; |
215 | # DeviceAllow = [""]; | 215 | DeviceAllow = [""]; |
216 | # LockPersonality = true; | 216 | LockPersonality = true; |
217 | MemoryDenyWriteExecute = true; | 217 | MemoryDenyWriteExecute = true; |
218 | NoNewPrivileges = true; | 218 | NoNewPrivileges = true; |
219 | PrivateDevices = true; | 219 | PrivateDevices = true; |