stary/nix-powerpc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix-powerpc/disable-systemd-security.nix
Chloe Bethel 24b41c4faf initial snapshot
2025-02-10 11:47:09 +00:00

101 lines
No EOL
4 KiB
Nix
Raw Blame History

{...}: {
# who needs security lmao
systemd.services.systemd-journald = {
serviceConfig = {
DeviceAllow = "";
IPAddressDeny = "";
LockPersonality = "no";
MemoryDenyWriteExecute = "no";
NoNewPrivileges = "no";
ProtectClock = "no";
RestrictAddressFamilies = "";
RestrictNamespaces = "";
RestrictRealtime = "no";
RestrictSUIDSGID = "no";
};
};
systemd.services.systemd-udevd = {
serviceConfig = {
DeviceAllow = "";
IPAddressDeny = "";
LockPersonality = "no";
MemoryDenyWriteExecute = "no";
NoNewPrivileges = "no";
ProtectClock = "no";
RestrictAddressFamilies = "";
RestrictNamespaces = "";
RestrictRealtime = "no";
RestrictSUIDSGID = "no";
};
};
systemd.services.systemd-oomd = {
serviceConfig = {
DeviceAllow = "";
IPAddressDeny = "";
LockPersonality = "no";
MemoryDenyWriteExecute = "no";
NoNewPrivileges = "no";
ProtectClock = "no";
RestrictAddressFamilies = "";
RestrictNamespaces = "";
RestrictRealtime = "no";
RestrictSUIDSGID = "no";
};
};
systemd.services.systemd-timesyncd = {
serviceConfig = {
DeviceAllow = "";
IPAddressDeny = "";
LockPersonality = "no";
MemoryDenyWriteExecute = "no";
NoNewPrivileges = "no";
ProtectClock = "no";
RestrictAddressFamilies = "";
RestrictNamespaces = "";
RestrictRealtime = "no";
RestrictSUIDSGID = "no";
};
};
systemd.services.systemd-logind = {
serviceConfig = {
DeviceAllow = "";
IPAddressDeny = "";
LockPersonality = "no";
MemoryDenyWriteExecute = "no";
NoNewPrivileges = "no";
ProtectClock = "no";
RestrictAddressFamilies = "";
RestrictNamespaces = "";
RestrictRealtime = "no";
RestrictSUIDSGID = "no";
};
};
systemd.services.dhcpcd = {
serviceConfig = {
DeviceAllow = lib.mkForce "";
IPAddressDeny = lib.mkForce "";
LockPersonality = lib.mkForce false;
MemoryDenyWriteExecute = lib.mkForce "no";
NoNewPrivileges = lib.mkForce "no";
ProtectClock = lib.mkForce "no";
RestrictAddressFamilies = lib.mkForce "";
RestrictNamespaces = lib.mkForce "";
RestrictRealtime = lib.mkForce "no";
RestrictSUIDSGID = lib.mkForce "no";
};
};
systemd.services.nginx = {
serviceConfig = {
DeviceAllow = lib.mkForce "";
IPAddressDeny = lib.mkForce "";
LockPersonality = lib.mkForce false;
MemoryDenyWriteExecute = lib.mkForce "no";
NoNewPrivileges = lib.mkForce "no";
ProtectClock = lib.mkForce "no";
RestrictAddressFamilies = lib.mkForce "";
RestrictNamespaces = lib.mkForce "";
RestrictRealtime = lib.mkForce "no";
RestrictSUIDSGID = lib.mkForce "no";
};
};
}
Reference in a new issue View git blame Copy permalink