robin/tasproxy
1
0
Fork 0
mirror of https://codeberg.org/icewind/tasproxy.git synced 2026-06-03 18:24:08 +02:00
Code Issues Projects Releases Wiki Activity

flake reorg

Browse source
This commit is contained in:
Robin Appelman 2024-10-28 13:28:08 +01:00
commit 584ce8f411
8 changed files with 154 additions and 100 deletions
Download patch file Download diff file Expand all files Collapse all files

16
module.nix
View file

@ -1,12 +1,12 @@
{
config,
lib,
pkgs,
...
{ config
, lib
, pkgs
, ...
}:
with lib; let
cfg = config.services.tasproxy;
in {
in
{
options.services.tasproxy = {
enable = mkEnableOption "Log archiver";
@ -36,7 +36,7 @@ in {
config = mkIf cfg.enable {
systemd.services."tasproxy" = {
wantedBy = ["multi-user.target"];
wantedBy = [ "multi-user.target" ];
environment =
if cfg.enableUnixSocket
then {
@ -70,7 +70,7 @@ in {
RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX";
RestrictRealtime = true;
ProtectProc = "noaccess";
SystemCallFilter = ["@system-service" "~@resources" "~@privileged"];
SystemCallFilter = [ "@system-service" "~@resources" "~@privileged" ];
IPAddressDeny = "multicast";
PrivateUsers = true;
ProcSubset = "pid";