Unverified Commit b247c414 authored by Guanran928's avatar Guanran928 Committed by GitHub
Browse files

tailscale: apply basic systemd hardening (#306241) 

https://github.com/tailscale/tailscale/issues/77
parent f9388726

pkgs/servers/tailscale/default.nix

+10 −0
Original line number Diff line number Diff line
@@ -9,6 +9,7 @@ 
, shadow

, procps

, nixosTests

, fetchpatch

}:



let
@@ -26,6 +27,15 @@ buildGoModule { 
  };

  vendorHash = "sha256-pYeHqYd2cCOVQlD1r2lh//KC+732H0lj1fPDBr+W8qA=";



  patches = [

    # Reverts "cmd/tailscaled/tailscaled.service: revert recent hardening"

    (fetchpatch {

      url = "https://github.com/tailscale/tailscale/commit/2889fabaefc50040507ead652d6d2b212f476c2b.patch";

      hash = "sha256-DPBrv7kjSVXhmptUGGzOkaP4iXi/Bym3lvqy4otL9HE=";

      revert = true;

    })

  ];



  nativeBuildInputs = lib.optionals stdenv.isLinux [ makeWrapper ];



  CGO_ENABLED = 0;