Loading nixos/modules/services/networking/frp.nix +35 −31 Original line number Diff line number Diff line Loading @@ -59,15 +59,14 @@ in after = if isClient then [ "network-online.target" ] else [ "network.target" ]; wantedBy = [ "multi-user.target" ]; description = "A fast reverse proxy frp ${cfg.role}"; serviceConfig = { serviceConfig = { Type = "simple"; Restart = "on-failure"; RestartSec = 15; ExecStart = "${cfg.package}/bin/${executableFile} --strict_config -c ${configFile}"; StateDirectoryMode = lib.optionalString isServer "0700"; DynamicUser = true; # Hardening UMask = lib.optionalString isServer "0007"; CapabilityBoundingSet = serviceCapability; AmbientCapabilities = serviceCapability; PrivateDevices = true; Loading @@ -89,6 +88,11 @@ in PrivateMounts = true; SystemCallArchitectures = "native"; SystemCallFilter = [ "@system-service" ]; } // lib.optionalAttrs isServer { StateDirectory = "frp"; StateDirectoryMode = "0700"; UMask = "0007"; }; }; }; Loading Loading
nixos/modules/services/networking/frp.nix +35 −31 Original line number Diff line number Diff line Loading @@ -59,15 +59,14 @@ in after = if isClient then [ "network-online.target" ] else [ "network.target" ]; wantedBy = [ "multi-user.target" ]; description = "A fast reverse proxy frp ${cfg.role}"; serviceConfig = { serviceConfig = { Type = "simple"; Restart = "on-failure"; RestartSec = 15; ExecStart = "${cfg.package}/bin/${executableFile} --strict_config -c ${configFile}"; StateDirectoryMode = lib.optionalString isServer "0700"; DynamicUser = true; # Hardening UMask = lib.optionalString isServer "0007"; CapabilityBoundingSet = serviceCapability; AmbientCapabilities = serviceCapability; PrivateDevices = true; Loading @@ -89,6 +88,11 @@ in PrivateMounts = true; SystemCallArchitectures = "native"; SystemCallFilter = [ "@system-service" ]; } // lib.optionalAttrs isServer { StateDirectory = "frp"; StateDirectoryMode = "0700"; UMask = "0007"; }; }; }; Loading
