jeff/nixos-anycast
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update

Browse source
This commit is contained in:
Jeffrey C. Ollie 2024-04-02 15:51:07 -05:00
parent 67d8de2f5c
commit bc739f0880
Signed by: jeff
GPG key ID: 6F86035A6D97044E
1 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
flake.nix
View file

@ -341,13 +341,19 @@
enable = cfg.enable; enable = cfg.enable;
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
User = "anycast-healthchecker";
Group = "bird2"; Group = "bird2";
DynamicUser = true; User = "bird2";
RuntimeDirectory = "anycast-healthchecker"; RuntimeDirectory = "anycast-healthchecker";
StateDirectory = "anycast-healthchecker"; StateDirectory = "anycast-healthchecker";
ExecStart = "${package}/bin/anycast-healthchecker --file ${conf} --dir ${conf_d}"; ExecStart = "${package}/bin/anycast-healthchecker --file ${conf} --dir ${conf_d}";
Restart = "on-failure"; Restart = "on-failure";
MemoryDenyWriteExecute = true;
PrivateDevices = true;
PrivateTmp = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectKernelTunables = true;
ProtectSystem = "full";
}; };
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
}; };