nix/lib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Disable everything

Browse Source
This commit is contained in:
niten 2024-01-07 09:31:53 -08:00
parent c405597d81
commit dd2df768f1
1 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
lib/fudo/auth/kerberos/kdc.nix
View File

@ -312,24 +312,24 @@ let
description = "Heimdal propagation listener server."; description = "Heimdal propagation listener server.";
path = with pkgs; [ heimdal ]; path = with pkgs; [ heimdal ];
serviceConfig = { serviceConfig = {
StandardInput = "socket"; # StandardInput = "socket";
StandardOutput = "socket"; # StandardOutput = "socket";
PrivateDevices = true; # PrivateDevices = true;
PrivateTmp = true; # PrivateTmp = true;
ProtectControlGroups = true; # ProtectControlGroups = true;
ProtectKernelTunables = true; # ProtectKernelTunables = true;
ProtectHostname = true; # ProtectHostname = true;
ProtectClock = true; # ProtectClock = true;
ProtectKernelLogs = true; # ProtectKernelLogs = true;
MemoryDenyWriteExecute = true; # MemoryDenyWriteExecute = true;
RestrictRealtime = true; # RestrictRealtime = true;
LimitNOFILE = "4096"; # LimitNOFILE = "4096";
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;
# Server will retry -- this results in stacking # Server will retry -- this results in stacking
Restart = "never"; Restart = "never";
AmbientCapabilities = "CAP_NET_BIND_SERVICE"; # AmbientCapabilities = "CAP_NET_BIND_SERVICE";
SecureBits = "keep-caps"; # SecureBits = "keep-caps";
ReadWritePaths = [ "${dirOf cfg.kdc.database}" ]; ReadWritePaths = [ "${dirOf cfg.kdc.database}" ];
ExecStart = let ExecStart = let
startScript = pkgs.writeShellScript "launch-heimdal-hpropd.sh" startScript = pkgs.writeShellScript "launch-heimdal-hpropd.sh"