diff options
| author | Sandro <sandro.jaeckel@gmail.com> | 2022-12-25 19:41:48 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-12-25 19:41:48 +0100 |
| commit | 682e55d80dc68be6fa1a5d1c410659039053694d (patch) | |
| tree | e1365a946e8f44099ae298e8fa9f7d410307300c /nixos | |
| parent | a42682ba9eae19f862a74c4095b1e1e5a2412e99 (diff) | |
| parent | 32b35888d6e20e97e22d16c0e9c6e716f6f247d4 (diff) | |
Merge pull request #207388 from SuperSandro2000/nixos/dex
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/web-apps/dex.nix | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/nixos/modules/services/web-apps/dex.nix b/nixos/modules/services/web-apps/dex.nix index 1dcc6f7a7c5bc..f69f1749aeb83 100644 --- a/nixos/modules/services/web-apps/dex.nix +++ b/nixos/modules/services/web-apps/dex.nix @@ -83,11 +83,12 @@ in AmbientCapabilities = "CAP_NET_BIND_SERVICE"; BindReadOnlyPaths = [ "/nix/store" - "-/etc/resolv.conf" - "-/etc/nsswitch.conf" + "-/etc/dex" "-/etc/hosts" "-/etc/localtime" - "-/etc/dex" + "-/etc/nsswitch.conf" + "-/etc/resolv.conf" + "-/etc/ssl/certs/ca-certificates.crt" ]; BindPaths = optional (cfg.settings.storage.type == "postgres") "/var/run/postgresql"; CapabilityBoundingSet = "CAP_NET_BIND_SERVICE"; |