Loading nixos/modules/services/networking/snowflake-proxy.nix +1 −1 Original line number Diff line number Diff line Loading @@ -71,7 +71,7 @@ in RestrictNamespaces = true; RestrictRealtime = true; SystemCallArchitectures = "native"; SystemCallFilter = "~@clock @cpu-emulation @debug @mount @obsolete @reboot @swap @privileged @resources"; SystemCallFilter = [ "@system-service" "~@privileged" ]; UMask = "0077"; }; }; Loading nixos/modules/services/networking/yggdrasil.nix +1 −1 Original line number Diff line number Diff line Loading @@ -180,7 +180,7 @@ in { RestrictNamespaces = true; RestrictRealtime = true; SystemCallArchitectures = "native"; SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @resources"; SystemCallFilter = [ "@system-service" "~@privileged @keyring" ]; } // (if (cfg.group != null) then { Group = cfg.group; } else {}); Loading nixos/modules/services/web-apps/dex.nix +2 −2 Original line number Diff line number Diff line Loading @@ -58,7 +58,7 @@ in ''; description = lib.mdDoc '' The available options can be found in [the example configuration](https://github.com/dexidp/dex/blob/v${pkgs.dex.version}/config.yaml.dist). [the example configuration](https://github.com/dexidp/dex/blob/v${pkgs.dex-oidc.version}/config.yaml.dist). It's also possible to refer to environment variables (defined in [services.dex.environmentFile](#opt-services.dex.environmentFile)) using the syntax `$VARIABLE_NAME`. Loading Loading @@ -119,7 +119,7 @@ in RestrictRealtime = true; RestrictSUIDSGID = true; SystemCallArchitectures = "native"; SystemCallFilter = [ "@system-service" "~@privileged @resources @setuid @keyring" ]; SystemCallFilter = [ "@system-service" "~@privileged @setuid @keyring" ]; TemporaryFileSystem = "/:ro"; # Does not work well with the temporary root #UMask = "0066"; Loading nixos/modules/services/web-apps/prosody-filer.nix +1 −1 Original line number Diff line number Diff line Loading @@ -79,7 +79,7 @@ in { LockPersonality = true; RemoveIPC = true; RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ]; SystemCallFilter = [ "@system-service" "~@privileged" ]; }; }; }; Loading Loading
nixos/modules/services/networking/snowflake-proxy.nix +1 −1 Original line number Diff line number Diff line Loading @@ -71,7 +71,7 @@ in RestrictNamespaces = true; RestrictRealtime = true; SystemCallArchitectures = "native"; SystemCallFilter = "~@clock @cpu-emulation @debug @mount @obsolete @reboot @swap @privileged @resources"; SystemCallFilter = [ "@system-service" "~@privileged" ]; UMask = "0077"; }; }; Loading
nixos/modules/services/networking/yggdrasil.nix +1 −1 Original line number Diff line number Diff line Loading @@ -180,7 +180,7 @@ in { RestrictNamespaces = true; RestrictRealtime = true; SystemCallArchitectures = "native"; SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @resources"; SystemCallFilter = [ "@system-service" "~@privileged @keyring" ]; } // (if (cfg.group != null) then { Group = cfg.group; } else {}); Loading
nixos/modules/services/web-apps/dex.nix +2 −2 Original line number Diff line number Diff line Loading @@ -58,7 +58,7 @@ in ''; description = lib.mdDoc '' The available options can be found in [the example configuration](https://github.com/dexidp/dex/blob/v${pkgs.dex.version}/config.yaml.dist). [the example configuration](https://github.com/dexidp/dex/blob/v${pkgs.dex-oidc.version}/config.yaml.dist). It's also possible to refer to environment variables (defined in [services.dex.environmentFile](#opt-services.dex.environmentFile)) using the syntax `$VARIABLE_NAME`. Loading Loading @@ -119,7 +119,7 @@ in RestrictRealtime = true; RestrictSUIDSGID = true; SystemCallArchitectures = "native"; SystemCallFilter = [ "@system-service" "~@privileged @resources @setuid @keyring" ]; SystemCallFilter = [ "@system-service" "~@privileged @setuid @keyring" ]; TemporaryFileSystem = "/:ro"; # Does not work well with the temporary root #UMask = "0066"; Loading
nixos/modules/services/web-apps/prosody-filer.nix +1 −1 Original line number Diff line number Diff line Loading @@ -79,7 +79,7 @@ in { LockPersonality = true; RemoveIPC = true; RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ]; SystemCallFilter = [ "@system-service" "~@privileged" ]; }; }; }; Loading
