about summary refs log tree commit diff
path: root/nixos/modules/services
diff options
context:
space:
mode:
authorMaciej Krüger <mkg20001@gmail.com>2024-01-23 20:58:21 +0100
committerMaciej Krüger <mkg20001@gmail.com>2024-04-24 19:00:37 +0200
commit9c565e0e69f468be6f453235fb8f19089930a8f5 (patch)
tree2cb1d9d45063ab6b32f4f95e5da246418814e427 /nixos/modules/services
parent96d1602a5f80d3dca2ca1ea706e3fee6eb0c9249 (diff)
rustdesk-server: use DynamicUser
this was a suggestion on #272501
Diffstat (limited to 'nixos/modules/services')
-rw-r--r--nixos/modules/services/monitoring/rustdesk-server.nix6
1 files changed, 1 insertions, 5 deletions
diff --git a/nixos/modules/services/monitoring/rustdesk-server.nix b/nixos/modules/services/monitoring/rustdesk-server.nix
index 0a6a8e71672fd..cafaeac6c3066 100644
--- a/nixos/modules/services/monitoring/rustdesk-server.nix
+++ b/nixos/modules/services/monitoring/rustdesk-server.nix
@@ -35,15 +35,14 @@ in {
         Slice = "system-rustdesk.slice";
         User  = "rustdesk";
         Group = "rustdesk";
+        DynamicUser = "yes";
         Environment = [];
         WorkingDirectory = "/var/lib/rustdesk";
         StateDirectory   = "rustdesk";
         StateDirectoryMode = "0750";
         LockPersonality = true;
-        NoNewPrivileges = true;
         PrivateDevices = true;
         PrivateMounts = true;
-        PrivateTmp = true;
         PrivateUsers = true;
         ProtectClock = true;
         ProtectControlGroups = true;
@@ -53,10 +52,7 @@ in {
         ProtectKernelModules = true;
         ProtectKernelTunables = true;
         ProtectProc = "invisible";
-        ProtectSystem = "strict";
-        RemoveIPC = true;
         RestrictNamespaces = true;
-        RestrictSUIDSGID = true;
       };
     };
   in lib.mkIf cfg.enable {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-05 01:00:54 +0000