nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-02-21 03:25:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

rustdesk-server: use DynamicUser

Browse Source 
this was a suggestion on #272501
This commit is contained in:
Maciej Krüger 2024-01-23 20:58:21 +01:00
parent 96d1602a5f
commit 9c565e0e69
No known key found for this signature in database
GPG Key ID: 0D948CE19CF49C5F
1 changed files with 1 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nixos/modules/services/monitoring/rustdesk-server.nix
View File

@ -35,15 +35,14 @@ in {
Slice = "system-rustdesk.slice";
User = "rustdesk";
Group = "rustdesk";
DynamicUser = "yes";
Environment = [];
WorkingDirectory = "/var/lib/rustdesk";
StateDirectory = "rustdesk";
StateDirectoryMode = "0750";
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
@ -53,10 +52,7 @@ in {
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RemoveIPC = true;
RestrictNamespaces = true;
RestrictSUIDSGID = true;
};
};
in lib.mkIf cfg.enable {