public
/
objectifier
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fuck it, allow everything for now

This commit is contained in:
niten 2023-01-22 16:08:13 -08:00
parent 9ea8c59f48
commit f92c5ce3a3
1 changed files with 17 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
objectifier-module.nix
View File

@ -63,26 +63,25 @@ in {
OBJECTIFIER_BUFFER_SIZE = "524288"; OBJECTIFIER_BUFFER_SIZE = "524288";
OBJECTIFIER_CLEANUP_MAX_AGE = toString cfg.cleanup.max_file_age; OBJECTIFIER_CLEANUP_MAX_AGE = toString cfg.cleanup.max_file_age;
OBJECTIFIER_CLEANUP_DELAY = toString cfg.cleanup.delay; OBJECTIFIER_CLEANUP_DELAY = toString cfg.cleanup.delay;
TMPDIR = "/tmp";
}; };
serviceConfig = { serviceConfig = {
PrivateUsers = true; # PrivateUsers = true;
PrivateDevices = true; # PrivateDevices = true;
PrivateTmp = true; # PrivateTmp = true;
PrivateMounts = true; # PrivateMounts = true;
ProtectControlGroups = true; # ProtectControlGroups = true;
ProtectKernelTunables = true; # ProtectKernelTunables = true;
ProtectKernelModules = true; # ProtectKernelModules = true;
ProtectSystem = true; # ProtectSystem = true;
ProtectHostname = true; # ProtectHostname = true;
ProtectHome = true; # ProtectHome = true;
ProtectClock = true; # ProtectClock = true;
ProtectKernelLogs = true; # ProtectKernelLogs = true;
DynamicUser = true; # DynamicUser = true;
MemoryDenyWriteExecute = true; # MemoryDenyWriteExecute = true;
RestrictRealtime = true; # RestrictRealtime = true;
LockPersonality = true; # LockPersonality = true;
PermissionsStartOnly = true; # PermissionsStartOnly = true;
WorkingDirectory = "${pkgs.objectifier}"; WorkingDirectory = "${pkgs.objectifier}";
StateDirectory = "objectifier"; StateDirectory = "objectifier";
CacheDirectory = "objectifier"; CacheDirectory = "objectifier";