diff options
author | Joachim Fasting <joachifm@fastmail.fm> | 2017-02-05 04:42:16 +0100 |
---|---|---|
committer | Joachim Fasting <joachifm@fastmail.fm> | 2017-02-05 04:54:18 +0100 |
commit | a0338afe5faa9f9e403e2caa52e4a8b60c272be9 (patch) | |
tree | 312b27fcfa1acde09cfb2333180adffd12889a33 /nixos/modules/services/networking/cjdns.nix | |
parent | f9c684e1528c6e595580f4c6cdb3d6f22ae6a2e4 (diff) |
cjdns service: allow writing keys to /etc
20e81f7c0d56e0b179115ca72a85b81ff637d909 prevented key generation in
`preStart`, leaving the service broken for the case where the user has
no pre-existing key.
Eventually, we ought to store the state elsewhere so that `/etc` can be
read-only but for now we fix this the easy way.
Diffstat (limited to 'nixos/modules/services/networking/cjdns.nix')
-rw-r--r-- | nixos/modules/services/networking/cjdns.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/cjdns.nix b/nixos/modules/services/networking/cjdns.nix index a10851c16523..d478e45f9462 100644 --- a/nixos/modules/services/networking/cjdns.nix +++ b/nixos/modules/services/networking/cjdns.nix @@ -260,7 +260,7 @@ in RestartSec = 1; CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_RAW"; AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_RAW"; - ProtectSystem = "full"; + ProtectSystem = true; MemoryDenyWriteExecute = true; ProtectHome = true; PrivateTmp = true; |