Vincent Haupert 66dbf9b199 nixos/github-runners: use mkMerge for serviceConfig ...

The `serviceOverrides` module option is commonly used to loosen the
systemd unit's hardening. This commit merges the `serviceConfig` with
`mkMerge` instead of using the update operator `//` which discards all
existing values on conflict. To avoid a breaking change which requires
defining each option with a higher priority (e.g., through `mkForce`),
this commit prefixes hardening values with `mkDefault`.

Notable exceptions are list hardening options which use `mkBefore`
instead of `mkDefault`. This allows for easy extension of the existing
settings. Resetting redefinitions are still possible through `mkForce`.

2023-01-09 09:36:04 +01:00

5.9 KiB

Raw Blame History

View Raw