From ee4098134e21f6c1ca6eda7c33cd15efdc1923a7 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 1 Jan 2022 17:27:57 +0100 Subject: ... --- hosts/vidhar/prometheus/default.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'hosts') diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix index 780d30ce..3d0af319 100644 --- a/hosts/vidhar/prometheus/default.nix +++ b/hosts/vidhar/prometheus/default.nix @@ -208,12 +208,12 @@ in { serviceConfig = { Restart = "always"; - # PrivateTmp = true; - # WorkingDirectory = "/tmp"; - # CapabilityBoundingSet = ["CAP_SET_PCAP" "CAP_SETUID" "CAP_SETGID"]; - # DynamicUser = true; - # DeviceAllow = [""]; - # LockPersonality = true; + PrivateTmp = true; + WorkingDirectory = "/tmp"; + CapabilityBoundingSet = ["CAP_NET_ADMIN"]; + DynamicUser = true; + DeviceAllow = [""]; + LockPersonality = true; MemoryDenyWriteExecute = true; NoNewPrivileges = true; PrivateDevices = true; -- cgit v1.2.3