Loading nixos/modules/services/home-automation/ebusd.nix +9 −3 Original line number Diff line number Diff line Loading @@ -155,7 +155,11 @@ in config = let usesDev = lib.hasPrefix "/" cfg.device; usesDev = lib.any (prefix: lib.hasPrefix prefix cfg.device) [ "/" "ens:/" "enh:/" ]; in lib.mkIf cfg.enable { systemd.services.ebusd = { Loading Loading @@ -200,12 +204,14 @@ in # Hardening CapabilityBoundingSet = ""; DeviceAllow = lib.optionals usesDev [ cfg.device ]; DeviceAllow = lib.optionals usesDev [ (lib.removePrefix "ens:" (lib.removePrefix "enh:" cfg.device)) ]; DevicePolicy = "closed"; LockPersonality = true; MemoryDenyWriteExecute = false; NoNewPrivileges = true; PrivateDevices = usesDev; PrivateDevices = !usesDev; PrivateUsers = true; PrivateTmp = true; ProtectClock = true; Loading Loading
nixos/modules/services/home-automation/ebusd.nix +9 −3 Original line number Diff line number Diff line Loading @@ -155,7 +155,11 @@ in config = let usesDev = lib.hasPrefix "/" cfg.device; usesDev = lib.any (prefix: lib.hasPrefix prefix cfg.device) [ "/" "ens:/" "enh:/" ]; in lib.mkIf cfg.enable { systemd.services.ebusd = { Loading Loading @@ -200,12 +204,14 @@ in # Hardening CapabilityBoundingSet = ""; DeviceAllow = lib.optionals usesDev [ cfg.device ]; DeviceAllow = lib.optionals usesDev [ (lib.removePrefix "ens:" (lib.removePrefix "enh:" cfg.device)) ]; DevicePolicy = "closed"; LockPersonality = true; MemoryDenyWriteExecute = false; NoNewPrivileges = true; PrivateDevices = usesDev; PrivateDevices = !usesDev; PrivateUsers = true; PrivateTmp = true; ProtectClock = true; Loading
