Noratrieb/vps
1
0
Fork 0
mirror of https://github.com/Noratrieb/vps.git synced 2026-01-14 16:55:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

update

Browse source
This commit is contained in:
nora 2025-12-28 18:43:32 +01:00
parent 413dfef394
commit 9015d6ebab
3 changed files with 54 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

17
nix/apps/does-it-build/default.nix
View file

@ -49,6 +49,23 @@ in
];
# GITHUB_APP_PRIVATE_KEY=-----BEGIN RSA PRIVATE KEY-----...
EnvironmentFile = [ config.age.secrets.does_it_build_private_key.path ];
ProtectHome = true;
StateDirectory = "does-it-build";
ProtectSystem = "strict";
PrivateTmp = true;
RemoveIPC = true;
NoNewPrivileges = true;
PrivateDevices = true;
ProtectClock = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
ProtectKernelModules = true;
PrivateMounts = true;
RestrictNamespaces = "";
RestrictSUIDSGID = true;
ProtectHostname = true;
};
};