From 410a63cf1baf627a0b99c34a955b3d02efabb48f Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Wed, 14 Sep 2022 16:06:00 +0200 Subject: ... --- hosts/surtr/matrix/default.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'hosts/surtr/matrix') diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix index e3a52f9a..46c2f338 100644 --- a/hosts/surtr/matrix/default.nix +++ b/hosts/surtr/matrix/default.nix @@ -111,7 +111,7 @@ with lib; ProtectClock = true; ProtectHostname = true; - ProtectHome = "tmpfs"; + ProtectHome = true; ProtectKernelLogs = true; ProtectProc = "invisible"; @@ -123,7 +123,7 @@ with lib; SystemCallArchitectures = "native"; SystemCallFilter = ["@system-service" "~@privileged @resources @obsolete"]; - + RestrictSUIDSGID = true; RemoveIPC = true; NoNewPrivileges = true; @@ -174,7 +174,7 @@ with lib; ${corsHeaders} ''; return = "200 '${builtins.toJSON { - "m.server" = "synapse.li:443"; + "m.server" = "synapse.li:443"; }}'"; }; "= /.well-known/matrix/client" = { @@ -198,7 +198,7 @@ with lib; sslTrustedCertificate = "/run/credentials/nginx.service/element.synapse.li.chain.pem"; extraConfig = '' add_header Strict-Transport-Security "max-age=63072000" always; - + add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; @@ -240,7 +240,7 @@ with lib; "synapse.li".certCfg = { postRun = '' ${pkgs.systemd}/bin/systemctl try-restart nginx.service - ''; + ''; }; }; -- cgit v1.2.3