Even less security

2021-10-17 14:13:04 +02:00 · 2021-10-17 14:13:04 +02:00 · 1743539d93
commit 1743539d93
parent 4ee7a3abc1
1 changed files with 14 additions and 14 deletions
--- a/module.nix
+++ b/module.nix
@ -61,7 +61,7 @@ in
        User = cfg.user;
        Group = cfg.group;

-        PrivateMounts = true;
+        # PrivateMounts = true;
        # PrivateDevices = true;
        # PrivateTmp = true;
        # PrivateIPC = true;
@ -90,20 +90,20 @@ in
        # ProtectControlGroups = true;
        # RestrictNamespaces = "";

-        NoNewPrivileges = true;
-        ReadOnlyPaths = lib.mkMerge [
-          ([
-            "/nix/var"
-            "/nix/store"
-          ])
+        # NoNewPrivileges = true;
+        # ReadOnlyPaths = lib.mkMerge [
+        #   ([
+        #     "/nix/var"
+        #     "/nix/store"
+        #   ])

-          (lib.mkIf (cfg.privateKeyFile != null) [
-            (toString cfg.privateKeyFile)
-          ])
-        ];
-        ExecPaths = [
-          "/nix/store"
-        ];
+        #   (lib.mkIf (cfg.privateKeyFile != null) [
+        #     (toString cfg.privateKeyFile)
+        #   ])
+        # ];
+        # ExecPaths = [
+        #   "/nix/store"
+        # ];
        Environment = lib.mkIf (cfg.privateKeyFile != null) [
          "NIX_SECRET_KEY_FILE=${toString cfg.privateKeyFile}"
        ];