aynish/helm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update to 24.05

Browse Source
This commit is contained in:
Anish Lakhwara
2024-08-19 21:29:41 -07:00
parent fb9d892015
commit afb1c0efb4
18 changed files with 93 additions and 244 deletions
Download Patch File Download Diff File Expand all files Collapse all files
hosts/profiles/gonic/default.nix
+4 -3
View File
@@ -5,16 +5,17 @@
music-path /mnt/two/music/
podcast-path /data/podcasts
cache-path /data/cache
playlists-path /data/playlists
'';
mossnet.gonic.user = "headphones";
mossnet.gonic.user = "gonic";
mossnet.gonic.group = "audio";
networking.firewall.allowedTCPPorts = [ 4747 ];
users.users.gonic = {
uid = config.ids.uids.headphones;
# uid = config.ids.uids.headphones;
# isSystemUser = true;
group = "audio";
home = "/var/lib/headphones";
# home = "/var/lib/headphones";
createHome = true;
};
}
hosts/profiles/gonic/module-gonic.nix
-4
View File
@@ -68,14 +68,10 @@ in
Group = cfg.group;
DevicePolicy = "closed";
NoNewPrivileges = " yes";
PrivateTmp = "yes";
PrivateUsers = "yes";
ProtectControlGroups = "yes";
ProtectKernelModules = "yes";
ProtectKernelTunables = "yes";
RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6";
RestrictNamespaces = "yes";
RestrictRealtime = "yes";
SystemCallFilter = "~@clock @debug @module @mount @obsolete @privileged @reboot @setuid @swap";
ReadWritePaths = dataFolder;
StateDirectory = baseNameOf dataFolder;