Disabled hardening in grafana

2025-08-03 19:04:35 +03:00
parent 16db472151
commit f1fe3e6511
1 changed files with 8 additions and 0 deletions
--- a/nixosModules/eko.nix
+++ b/nixosModules/eko.nix
@@ -28,6 +28,14 @@
    # Allow grafana access to the sqlite db
    users.users.eko.group = lib.mkForce "grafana";
    systemd.services.eko.serviceConfig.StateDirectoryMode = lib.mkForce "0750";
+    systemd.services.grafana = {
+      serviceConfig = {
+        ProtectHome = lib.mkForce false;
+        ProtectSystem = lib.mkForce false;
+        PrivateTmp = lib.mkForce false;
+        ReadWritePaths = [ "/var/lib/eko" ];
+      };
+    };

    # Make sure acme module is active for the "kyren.codes" ssl cert
    acme.enable = true;