Loading nixos/modules/services/misc/soft-serve.nix +5 −4 Original line number Diff line number Diff line Loading @@ -28,7 +28,7 @@ in ''; example = lib.literalExpression '' { name = "dadada's repos"; name = "user's repos"; log_format = "text"; ssh = { listen_addr = ":23231"; Loading Loading @@ -60,10 +60,12 @@ in DynamicUser = true; Restart = "always"; ExecStart = "${lib.getExe cfg.package} serve"; # Hooks must be executable, but DynamicUser mounts /var/lib/private as noexec ExecPaths = "${stateDir}/repos"; StateDirectory = "soft-serve"; WorkingDirectory = stateDir; RuntimeDirectory = "soft-serve"; RuntimeDirectoryMode = "0750"; ProcSubset = "pid"; ProtectProc = "invisible"; UMask = "0027"; Loading @@ -86,7 +88,6 @@ in LockPersonality = true; MemoryDenyWriteExecute = true; RestrictRealtime = true; RemoveIPC = true; PrivateMounts = true; SystemCallArchitectures = "native"; SystemCallFilter = [ Loading Loading
nixos/modules/services/misc/soft-serve.nix +5 −4 Original line number Diff line number Diff line Loading @@ -28,7 +28,7 @@ in ''; example = lib.literalExpression '' { name = "dadada's repos"; name = "user's repos"; log_format = "text"; ssh = { listen_addr = ":23231"; Loading Loading @@ -60,10 +60,12 @@ in DynamicUser = true; Restart = "always"; ExecStart = "${lib.getExe cfg.package} serve"; # Hooks must be executable, but DynamicUser mounts /var/lib/private as noexec ExecPaths = "${stateDir}/repos"; StateDirectory = "soft-serve"; WorkingDirectory = stateDir; RuntimeDirectory = "soft-serve"; RuntimeDirectoryMode = "0750"; ProcSubset = "pid"; ProtectProc = "invisible"; UMask = "0027"; Loading @@ -86,7 +88,6 @@ in LockPersonality = true; MemoryDenyWriteExecute = true; RestrictRealtime = true; RemoveIPC = true; PrivateMounts = true; SystemCallArchitectures = "native"; SystemCallFilter = [ Loading
