public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/services/hoogle use DynamicUser instead of nobody

Browse Source 
I've also removed PrivateTmp = true because this is implied by dynamic user.

I've left ProtectHome = true because I believe this is stronger than
ProtectHome = "read-only" which DynamicUser implies.
This commit is contained in:
Nathan van Doorn 2020-10-29 17:05:57 +00:00
parent c5d33689da
commit 12c3e0a465
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nixos/modules/services/development/hoogle.nix
View File

@ -61,10 +61,8 @@ in {
Restart = "always"; Restart = "always";
ExecStart = ''${hoogleEnv}/bin/hoogle server --local --port ${toString cfg.port} --home ${cfg.home}''; ExecStart = ''${hoogleEnv}/bin/hoogle server --local --port ${toString cfg.port} --home ${cfg.home}'';
User = "nobody"; DynamicUser = true;
Group = "nogroup";
PrivateTmp = true;
ProtectHome = true; ProtectHome = true;
RuntimeDirectory = "hoogle"; RuntimeDirectory = "hoogle";