From 4c84c9c1c36cb0daa2eaa04b3f5c415fac1cac57 Mon Sep 17 00:00:00 2001
From: Raito Bezarius <masterancpp@gmail.com>
Date: Fri, 12 Jan 2024 20:14:52 +0100
Subject: nixos/mail/listmonk: fix hardening directives

For some reason, I don't know why I missed those, but
I didn't look at my logs for a while.

It would be nice if we could catch those statically kinda (?) in CI.
---
 nixos/modules/services/mail/listmonk.nix | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'nixos')

diff --git a/nixos/modules/services/mail/listmonk.nix b/nixos/modules/services/mail/listmonk.nix
index be2f9680ca5ac..945eb436c1f23 100644
--- a/nixos/modules/services/mail/listmonk.nix
+++ b/nixos/modules/services/mail/listmonk.nix
@@ -201,13 +201,12 @@ in {
         DynamicUser = true;
         NoNewPrivileges = true;
         CapabilityBoundingSet = "";
-        SystemCallArchitecture = "native";
+        SystemCallArchitectures = "native";
         SystemCallFilter = [ "@system-service" "~@privileged" ];
-        ProtectDevices = true;
+        PrivateDevices = true;
         ProtectControlGroups = true;
         ProtectKernelTunables = true;
         ProtectHome = true;
-        DeviceAllow = false;
         RestrictNamespaces = true;
         RestrictRealtime = true;
         UMask = "0027";
-- 
cgit 1.4.1