robin/prometheus-mdns-rs
1
0
Fork 0
mirror of https://codeberg.org/icewind/prometheus-mdns-rs.git synced 2026-06-03 09:54:21 +02:00
Code Issues Releases Wiki Activity

tweak serviceConfig

Browse source
This commit is contained in:
Robin Appelman 2022-08-02 20:23:36 +02:00
commit 90314cc5eb
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
flake.nix
View file

@ -54,9 +54,9 @@
pkg = self.defaultPackage.${pkgs.system}; pkg = self.defaultPackage.${pkgs.system};
in { in {
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
script = "${pkg}/bin/prometheus-mdns-sd-rs ${cfg.target}";
serviceConfig = { serviceConfig = {
ExecStart = "${pkg}/bin/prometheus-mdns-sd-rs ${cfg.target}";
Restart = "on-failure"; Restart = "on-failure";
DynamicUser = true; DynamicUser = true;
PrivateTmp = true; PrivateTmp = true;
@ -77,7 +77,7 @@
ProtectKernelTunables = true; ProtectKernelTunables = true;
RestrictAddressFamilies = "AF_INET"; RestrictAddressFamilies = "AF_INET";
RestrictRealtime = true; RestrictRealtime = true;
ProtectProc = "noaccess"; ProtectProc = "invisible";
SystemCallFilter = ["@system-service" "~@resources" "~@privileged"]; SystemCallFilter = ["@system-service" "~@resources" "~@privileged"];
IPAddressDeny = "any"; IPAddressDeny = "any";
IPAddressAllow = ["multicast" "192.168.0.0/16"]; IPAddressAllow = ["multicast" "192.168.0.0/16"];