···

       
58
       
58
       
 
       
      '';

     

       
59
       
59
       
 
       
      description = lib.mdDoc ''

     

       
60
       
60
       
 
       
        The available options can be found in

     

       
61
       
61
       
-
       
        [the example configuration](https://github.com/dexidp/dex/blob/v${pkgs.dex.version}/config.yaml.dist).

     

       
61
       
61
       
+
       
        [the example configuration](https://github.com/dexidp/dex/blob/v${pkgs.dex-oidc.version}/config.yaml.dist).

     

       
62
       
62
       
 
       


     

       
63
       
63
       
 
       
        It's also possible to refer to environment variables (defined in [services.dex.environmentFile](#opt-services.dex.environmentFile))

     

       
64
       
64
       
 
       
        using the syntax `$VARIABLE_NAME`.

     
···

       
119
       
119
       
 
       
        RestrictRealtime = true;

     

       
120
       
120
       
 
       
        RestrictSUIDSGID = true;

     

       
121
       
121
       
 
       
        SystemCallArchitectures = "native";

     

       
122
       
122
       
-
       
        SystemCallFilter = [ "@system-service" "~@privileged @resources @setuid @keyring" ];

     

       
122
       
122
       
+
       
        SystemCallFilter = [ "@system-service" "~@privileged @setuid @keyring" ];

     

       
123
       
123
       
 
       
        TemporaryFileSystem = "/:ro";

     

       
124
       
124
       
 
       
        # Does not work well with the temporary root

     

       
125
       
125
       
 
       
        #UMask = "0066";