Loading nixos/modules/services/web-apps/zipline.nix +11 −6 Original line number Diff line number Diff line Loading @@ -107,9 +107,11 @@ in ExecStart = lib.getExe cfg.package; # Hardening AmbientCapabilities = ""; CapabilityBoundingSet = [ "" ]; DeviceAllow = [ "" ]; DevicePolicy = "closed"; LockPersonality = true; NoNewPrivileges = true; PrivateDevices = true; PrivateTmp = true; PrivateUsers = true; Loading @@ -123,15 +125,18 @@ in ProtectKernelTunables = true; ProtectProc = "invisible"; ProtectSystem = "strict"; RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ]; RemoveIPC = true; RestrictAddressFamilies = [ "AF_INET AF_INET6 AF_UNIX AF_NETLINK" ]; RestrictNamespaces = true; RestrictRealtime = true; RestrictSUIDSGID = true; SystemCallArchitectures = "native"; SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ]; UMask = "0077"; }; }; }; Loading nixos/tests/zipline.nix +13 −0 Original line number Diff line number Diff line { lib, ... }: { name = "zipline"; meta.maintainers = with lib.maintainers; [ defelo ]; Loading @@ -20,6 +21,18 @@ networking.hosts."127.0.0.1" = [ "zipline.local" ]; }; interactive.nodes.machine = { services.zipline.settings.CORE_HOSTNAME = lib.mkForce "0.0.0.0"; networking.firewall.allowedTCPPorts = [ 8000 ]; virtualisation.forwardPorts = [ { from = "host"; host.port = 8000; guest.port = 8000; } ]; }; testScript = '' import json import re Loading Loading
nixos/modules/services/web-apps/zipline.nix +11 −6 Original line number Diff line number Diff line Loading @@ -107,9 +107,11 @@ in ExecStart = lib.getExe cfg.package; # Hardening AmbientCapabilities = ""; CapabilityBoundingSet = [ "" ]; DeviceAllow = [ "" ]; DevicePolicy = "closed"; LockPersonality = true; NoNewPrivileges = true; PrivateDevices = true; PrivateTmp = true; PrivateUsers = true; Loading @@ -123,15 +125,18 @@ in ProtectKernelTunables = true; ProtectProc = "invisible"; ProtectSystem = "strict"; RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ]; RemoveIPC = true; RestrictAddressFamilies = [ "AF_INET AF_INET6 AF_UNIX AF_NETLINK" ]; RestrictNamespaces = true; RestrictRealtime = true; RestrictSUIDSGID = true; SystemCallArchitectures = "native"; SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ]; UMask = "0077"; }; }; }; Loading
nixos/tests/zipline.nix +13 −0 Original line number Diff line number Diff line { lib, ... }: { name = "zipline"; meta.maintainers = with lib.maintainers; [ defelo ]; Loading @@ -20,6 +21,18 @@ networking.hosts."127.0.0.1" = [ "zipline.local" ]; }; interactive.nodes.machine = { services.zipline.settings.CORE_HOSTNAME = lib.mkForce "0.0.0.0"; networking.firewall.allowedTCPPorts = [ 8000 ]; virtualisation.forwardPorts = [ { from = "host"; host.port = 8000; guest.port = 8000; } ]; }; testScript = '' import json import re Loading
