From dd2df768f16374652cbbfb15ffece108ba067eb6 Mon Sep 17 00:00:00 2001 From: niten Date: Sun, 7 Jan 2024 09:31:53 -0800 Subject: [PATCH] Disable everything --- lib/fudo/auth/kerberos/kdc.nix | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/lib/fudo/auth/kerberos/kdc.nix b/lib/fudo/auth/kerberos/kdc.nix index f41d51c..64d9cb6 100644 --- a/lib/fudo/auth/kerberos/kdc.nix +++ b/lib/fudo/auth/kerberos/kdc.nix @@ -312,24 +312,24 @@ let description = "Heimdal propagation listener server."; path = with pkgs; [ heimdal ]; serviceConfig = { - StandardInput = "socket"; - StandardOutput = "socket"; - PrivateDevices = true; - PrivateTmp = true; - ProtectControlGroups = true; - ProtectKernelTunables = true; - ProtectHostname = true; - ProtectClock = true; - ProtectKernelLogs = true; - MemoryDenyWriteExecute = true; - RestrictRealtime = true; - LimitNOFILE = "4096"; + # StandardInput = "socket"; + # StandardOutput = "socket"; + # PrivateDevices = true; + # PrivateTmp = true; + # ProtectControlGroups = true; + # ProtectKernelTunables = true; + # ProtectHostname = true; + # ProtectClock = true; + # ProtectKernelLogs = true; + # MemoryDenyWriteExecute = true; + # RestrictRealtime = true; + # LimitNOFILE = "4096"; User = cfg.user; Group = cfg.group; # Server will retry -- this results in stacking Restart = "never"; - AmbientCapabilities = "CAP_NET_BIND_SERVICE"; - SecureBits = "keep-caps"; + # AmbientCapabilities = "CAP_NET_BIND_SERVICE"; + # SecureBits = "keep-caps"; ReadWritePaths = [ "${dirOf cfg.kdc.database}" ]; ExecStart = let startScript = pkgs.writeShellScript "launch-heimdal-hpropd.sh"