about summary refs log tree commit diff
path: root/nixos/modules/services/security/vaultwarden/default.nix
diff options
context:
space:
mode:
authorK900 <me@0upti.me>2022-08-29 09:26:31 +0300
committerK900 <me@0upti.me>2022-08-29 09:26:31 +0300
commita7bfb90ea82b360885dec4b9b2370189bd874d7e (patch)
tree75931389892c576e65963ec1e408610fa2cc58b9 /nixos/modules/services/security/vaultwarden/default.nix
parentf09f7f1778d7113651967e53bfbc2b0e92976d2e (diff)
nixos/vaultwarden: protect the default data directory more
Fixes #179415
Diffstat (limited to 'nixos/modules/services/security/vaultwarden/default.nix')
-rw-r--r--nixos/modules/services/security/vaultwarden/default.nix1
1 files changed, 1 insertions, 0 deletions
diff --git a/nixos/modules/services/security/vaultwarden/default.nix b/nixos/modules/services/security/vaultwarden/default.nix
index 3aa38ed819f66..9351bff448d3f 100644
--- a/nixos/modules/services/security/vaultwarden/default.nix
+++ b/nixos/modules/services/security/vaultwarden/default.nix
@@ -196,6 +196,7 @@ ADMIN_TOKEN=...copy-paste a unique generated secret token here...
         ProtectSystem = "strict";
         AmbientCapabilities = "CAP_NET_BIND_SERVICE";
         StateDirectory = "bitwarden_rs";
+        StateDirectoryMode = "0700";
       };
       wantedBy = [ "multi-user.target" ];
     };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-18 21:16:01 +0000