Merge pull request #280561 from RaitoBezarius/fix-listmonk-module

nixos/mail/listmonk: fix hardening directives
author: Ryan Lahfa <masterancpp@gmail.com> 2024-01-17 03:42:31 +0100
committer: GitHub <noreply@github.com> 2024-01-17 03:42:31 +0100
commit: bbd92ae0479d169c7917a92e482d598e6ea6091d (patch)
tree: baad97167d9b9aa40bd051423da2273e19c0bcda /nixos
parent: 44596db6077584d129fa5c5ed6ff2e06dbb828b0 (diff)
parent: 4c84c9c1c36cb0daa2eaa04b3f5c415fac1cac57 (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/nixos/modules/services/mail/listmonk.nix b/nixos/modules/services/mail/listmonk.nix
index be2f9680ca5ac..945eb436c1f23 100644
--- a/nixos/modules/services/mail/listmonk.nix
+++ b/nixos/modules/services/mail/listmonk.nix
@@ -201,13 +201,12 @@ in {
         DynamicUser = true;
         NoNewPrivileges = true;
         CapabilityBoundingSet = "";
-        SystemCallArchitecture = "native";
+        SystemCallArchitectures = "native";
         SystemCallFilter = [ "@system-service" "~@privileged" ];
-        ProtectDevices = true;
+        PrivateDevices = true;
         ProtectControlGroups = true;
         ProtectKernelTunables = true;
         ProtectHome = true;
-        DeviceAllow = false;
         RestrictNamespaces = true;
         RestrictRealtime = true;
         UMask = "0027";
author	Ryan Lahfa <masterancpp@gmail.com>	2024-01-17 03:42:31 +0100
committer	GitHub <noreply@github.com>	2024-01-17 03:42:31 +0100
commit	bbd92ae0479d169c7917a92e482d598e6ea6091d (patch)
tree	baad97167d9b9aa40bd051423da2273e19c0bcda /nixos
parent	44596db6077584d129fa5c5ed6ff2e06dbb828b0 (diff)
parent	4c84c9c1c36cb0daa2eaa04b3f5c415fac1cac57 (diff)