1 files changed, 0 insertions, 17 deletions
diff --git a/hosts/surtr/http/default.nix b/hosts/surtr/http/default.nix
index 920f939c..3d7f3ebf 100644
--- a/hosts/surtr/http/default.nix
+++ b/hosts/surtr/http/default.nix
@@ -35,23 +35,6 @@
        ExecReload = lib.mkForce "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
        RuntimeDirectory = lib.mkForce [ "nginx" "nginx-client-bodies" ];
        RuntimeDirectoryMode = "0750";
-        NoNewPrivileges = lib.mkForce false;
-        PrivateDevices = lib.mkForce false;
-        ProtectHostname = lib.mkForce false;
-        ProtectKernelTunables = lib.mkForce false;
-        ProtectKernelModules = lib.mkForce false;
-        RestrictAddressFamilies = lib.mkForce [ ];
-        LockPersonality = lib.mkForce false;
-        MemoryDenyWriteExecute = lib.mkForce false;
-        RestrictRealtime = lib.mkForce false;
-        RestrictSUIDSGID = lib.mkForce false;
-        SystemCallArchitectures = lib.mkForce "";
-        ProtectClock = lib.mkForce false;
-        ProtectKernelLogs = lib.mkForce false;
-        RestrictNamespaces = lib.mkForce false;
-        SystemCallFilter = lib.mkForce "";
-        ReadWritePaths = [ "/srv/files" ];
      };
    };

diff --git a/hosts/surtr/http/default.nix b/hosts/surtr/http/default.nix index 920f939c..3d7f3ebf 100644 --- a/hosts/surtr/http/default.nix +++ b/hosts/surtr/http/default.nix
@@ -35,23 +35,6 @@
35	ExecReload = lib.mkForce "${pkgs.coreutils}/bin/kill -HUP $MAINPID";	35	ExecReload = lib.mkForce "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
36	RuntimeDirectory = lib.mkForce [ "nginx" "nginx-client-bodies" ];	36	RuntimeDirectory = lib.mkForce [ "nginx" "nginx-client-bodies" ];
37	RuntimeDirectoryMode = "0750";	37	RuntimeDirectoryMode = "0750";
38
39	NoNewPrivileges = lib.mkForce false;
40	PrivateDevices = lib.mkForce false;
41	ProtectHostname = lib.mkForce false;
42	ProtectKernelTunables = lib.mkForce false;
43	ProtectKernelModules = lib.mkForce false;
44	RestrictAddressFamilies = lib.mkForce [ ];
45	LockPersonality = lib.mkForce false;
46	MemoryDenyWriteExecute = lib.mkForce false;
47	RestrictRealtime = lib.mkForce false;
48	RestrictSUIDSGID = lib.mkForce false;
49	SystemCallArchitectures = lib.mkForce "";
50	ProtectClock = lib.mkForce false;
51	ProtectKernelLogs = lib.mkForce false;
52	RestrictNamespaces = lib.mkForce false;
53	SystemCallFilter = lib.mkForce "";
54	ReadWritePaths = [ "/srv/files" ];
55	};	38	};
56	};	39	};
57		40