diff options
Diffstat (limited to 'hosts')
-rw-r--r-- | hosts/vidhar/prometheus/default.nix | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix index 780d30ce..3d0af319 100644 --- a/hosts/vidhar/prometheus/default.nix +++ b/hosts/vidhar/prometheus/default.nix | |||
@@ -208,12 +208,12 @@ in { | |||
208 | serviceConfig = { | 208 | serviceConfig = { |
209 | Restart = "always"; | 209 | Restart = "always"; |
210 | 210 | ||
211 | # PrivateTmp = true; | 211 | PrivateTmp = true; |
212 | # WorkingDirectory = "/tmp"; | 212 | WorkingDirectory = "/tmp"; |
213 | # CapabilityBoundingSet = ["CAP_SET_PCAP" "CAP_SETUID" "CAP_SETGID"]; | 213 | CapabilityBoundingSet = ["CAP_NET_ADMIN"]; |
214 | # DynamicUser = true; | 214 | DynamicUser = true; |
215 | # DeviceAllow = [""]; | 215 | DeviceAllow = [""]; |
216 | # LockPersonality = true; | 216 | LockPersonality = true; |
217 | MemoryDenyWriteExecute = true; | 217 | MemoryDenyWriteExecute = true; |
218 | NoNewPrivileges = true; | 218 | NoNewPrivileges = true; |
219 | PrivateDevices = true; | 219 | PrivateDevices = true; |