SelfPrivacy/selfprivacy-nixos-infect
1
0
Fork 0
mirror of https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect.git synced 2025-02-16 14:24:42 +00:00
Code Issues Projects Releases Wiki Activity

Fixed path for the SelfPrivacy API service

Browse source
This commit is contained in:
Illia Chub 2021-07-26 11:34:51 +03:00
parent b660f8a9c0
commit a74faa6bad
1 changed files with 3 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
nixos-infect Executable file → Normal file
View file

@ -207,6 +207,7 @@ EOF
users.users = { users.users = {
virtualMail = { virtualMail = {
isNormalUser = false; isNormalUser = false;
isSystemUser = true;
}; };
}; };
@ -648,6 +649,7 @@ cat > /etc/nixos/api/api.nix << EOF
users.users."selfprivacy-api" = { users.users."selfprivacy-api" = {
isNormalUser = false; isNormalUser = false;
isSystemUser = true;
extraGroups = [ "opendkim" ]; extraGroups = [ "opendkim" ];
}; };
users.groups."selfprivacy-api" = { users.groups."selfprivacy-api" = {
@ -712,18 +714,11 @@ in
environment = { environment = {
PYTHONUNBUFFERED = "1"; PYTHONUNBUFFERED = "1";
}; };
path = [ "/var/" "/var/dkim/" ]; path = [ "/var/" "/var/dkim/" pkgs.coreutils pkgs.gnutar pkgs.xz.bin pkgs.gzip pkgs.gitMinimal pkgs.config.nix.package.out ];
after = [ "network-online.target" ]; after = [ "network-online.target" ];
wantedBy = [ "network-online.target" ]; wantedBy = [ "network-online.target" ];
serviceConfig = { serviceConfig = {
User = "root"; User = "root";
PrivateDevices = "true";
ProtectKernelTunables = "true";
ProtectKernelModules = "true";
LockPersonality = "true";
RestrictRealtime = "true";
SystemCallFilter = "@system-service @network-io @signal";
SystemCallErrorNumber = "EPERM";
ExecStart = "\${selfprivacy-api}/bin/main.py"; ExecStart = "\${selfprivacy-api}/bin/main.py";
Restart = "always"; Restart = "always";
RestartSec = "5"; RestartSec = "5";