diff options
author | K900 <me@0upti.me> | 2022-08-29 09:26:31 +0300 |
---|---|---|
committer | K900 <me@0upti.me> | 2022-08-29 09:26:31 +0300 |
commit | a7bfb90ea82b360885dec4b9b2370189bd874d7e (patch) | |
tree | 75931389892c576e65963ec1e408610fa2cc58b9 /nixos/modules/services/security/vaultwarden/default.nix | |
parent | f09f7f1778d7113651967e53bfbc2b0e92976d2e (diff) |
nixos/vaultwarden: protect the default data directory more
Fixes #179415
Diffstat (limited to 'nixos/modules/services/security/vaultwarden/default.nix')
-rw-r--r-- | nixos/modules/services/security/vaultwarden/default.nix | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/nixos/modules/services/security/vaultwarden/default.nix b/nixos/modules/services/security/vaultwarden/default.nix index 3aa38ed819f66..9351bff448d3f 100644 --- a/nixos/modules/services/security/vaultwarden/default.nix +++ b/nixos/modules/services/security/vaultwarden/default.nix @@ -196,6 +196,7 @@ ADMIN_TOKEN=...copy-paste a unique generated secret token here... ProtectSystem = "strict"; AmbientCapabilities = "CAP_NET_BIND_SERVICE"; StateDirectory = "bitwarden_rs"; + StateDirectoryMode = "0700"; }; wantedBy = [ "multi-user.target" ]; }; |