gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/uptime-kuma: Apply more hardening settings (#449295)

Browse Source
This commit is contained in:
Luj
2025-10-08 11:13:49 +02:00
committed by GitHub
parent ed010b2d8c d06389e317
commit 01e34769af
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
nixos/modules/services/monitoring/uptime-kuma.nix
View File

@@ -53,6 +53,7 @@ in
serviceConfig = {
Type = "simple";
StateDirectory = "uptime-kuma";
StateDirectoryMode = "750";
DynamicUser = true;
ExecStart = "${cfg.package}/bin/uptime-kuma-server";
Restart = "on-failure";
@@ -60,18 +61,20 @@ in
CapabilityBoundingSet = "";
LockPersonality = true;
MemoryDenyWriteExecute = false; # enabling it breaks execution
MountAPIVFS = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectControlGroups = "strict";
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "noaccess";
ProtectProc = "invisible";
ProtectSystem = "strict";
RemoveIPC = true;
RestrictAddressFamilies = [