nixos/mail/listmonk: fix hardening directives

For some reason, I don't know why I missed those, but I didn't look at my logs for a while. It would be nice if we could catch those statically kinda (?) in CI.
author: Raito Bezarius <masterancpp@gmail.com> 2024-01-12 20:14:52 +0100
committer: Raito Bezarius <masterancpp@gmail.com> 2024-01-12 20:14:52 +0100
commit: 4c84c9c1c36cb0daa2eaa04b3f5c415fac1cac57 (patch)
tree: b948cb212844244f9a96b0791866e7b1600a0be6 /nixos
parent: 997e797d65872ae57a3f693f8384c2e24af4481e (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/nixos/modules/services/mail/listmonk.nix b/nixos/modules/services/mail/listmonk.nix
index be2f9680ca5ac..945eb436c1f23 100644
--- a/nixos/modules/services/mail/listmonk.nix
+++ b/nixos/modules/services/mail/listmonk.nix
@@ -201,13 +201,12 @@ in {
         DynamicUser = true;
         NoNewPrivileges = true;
         CapabilityBoundingSet = "";
-        SystemCallArchitecture = "native";
+        SystemCallArchitectures = "native";
         SystemCallFilter = [ "@system-service" "~@privileged" ];
-        ProtectDevices = true;
+        PrivateDevices = true;
         ProtectControlGroups = true;
         ProtectKernelTunables = true;
         ProtectHome = true;
-        DeviceAllow = false;
         RestrictNamespaces = true;
         RestrictRealtime = true;
         UMask = "0027";
author	Raito Bezarius <masterancpp@gmail.com>	2024-01-12 20:14:52 +0100
committer	Raito Bezarius <masterancpp@gmail.com>	2024-01-12 20:14:52 +0100
commit	4c84c9c1c36cb0daa2eaa04b3f5c415fac1cac57 (patch)
tree	b948cb212844244f9a96b0791866e7b1600a0be6 /nixos
parent	997e797d65872ae57a3f693f8384c2e24af4481e (diff)