commit 32b35888d6e20e97e22d16c0e9c6e716f6f247d4 · pyrox.dev/nixpkgs

+4 -3
nixos/modules/services/web-apps/dex.nix
···

       83
       83
        
               AmbientCapabilities = "CAP_NET_BIND_SERVICE";

     

       84
       84
        
               BindReadOnlyPaths = [

     

       85
       85
        
                 "/nix/store"

     

       86
       86
       -
                 "-/etc/resolv.conf"

     

       87
       87
       -
                 "-/etc/nsswitch.conf"

     

       86
       86
       +
                 "-/etc/dex"

     

       88
       87
        
                 "-/etc/hosts"

     

       89
       88
        
                 "-/etc/localtime"

     

       90
       90
       -
                 "-/etc/dex"

     

       89
       89
       +
                 "-/etc/nsswitch.conf"

     

       90
       90
       +
                 "-/etc/resolv.conf"

     

       91
       91
       +
                 "-/etc/ssl/certs/ca-certificates.crt"

     

       91
       92
        
               ];

     

       92
       93
        
               BindPaths = optional (cfg.settings.storage.type == "postgres") "/var/run/postgresql";

     

       93
       94
        
               CapabilityBoundingSet = "CAP_NET_BIND_SERVICE";