Fachschaft/nixConfig
6
2
Fork 2
Code Issues 11 Pull requests 1 Projects Wiki Activity

Compare commits

base: Fachschaft:6b0a230d7e460448ee53f050176e1c0aa6a800de
Branches Tags
Fachschaft:main
..
compare: Fachschaft:f2b83cf5d86e3f042d8eadb23fc6444aa3b57583
Branches Tags
Fachschaft:main

1 commit
6b0a230d7e ... f2b83cf5d8

Author SHA1 Message Date
Gonne
f2b83cf5d8 Restrict HRZ allowlist update service privileges 2024-04-04 17:17:29 +02:00
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
nixos/modules/mailman.nix
View file

@ -93,6 +93,7 @@ in {
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
User = "mailman"; User = "mailman";
NoNewPrivileges = true;
# See https://www.man7.org/linux/man-pages/man5/systemd.exec.5.html # See https://www.man7.org/linux/man-pages/man5/systemd.exec.5.html
PrivateTmp = true; PrivateTmp = true;
ProtectHome = true; ProtectHome = true;
@ -130,8 +131,8 @@ in {
}; };
repo = "borg@192.168.1.11:lobon"; # TODO for https://gitea.mathebau.de/Fachschaft/nixConfig/issues/33 repo = "borg@192.168.1.11:lobon"; # TODO for https://gitea.mathebau.de/Fachschaft/nixConfig/issues/33
startAt = "daily"; startAt = "daily";
user = "root"; user = "mailman";
group = "root"; group = "mailman";
}; };
}; };
} }