Hardening

2025-08-03 23:33:11 +03:00
parent 054ff0ec3b
commit ff4556a308
1 changed files with 3 additions and 3 deletions
--- a/nixosModules/eko.nix
+++ b/nixosModules/eko.nix
@@ -29,9 +29,9 @@
    users.users.grafana.extraGroups = [ "eko" ];
    systemd.services.grafana = {
      serviceConfig = {
-        ProtectHome = lib.mkForce false;
-        ProtectSystem = lib.mkForce false;
-        PrivateTmp = lib.mkForce false;
+        ProtectHome = lib.mkForce true;
+        ProtectSystem = lib.mkForce true;
+        PrivateTmp = lib.mkForce true;
        ReadWritePaths = [ config.services.eko.dataDir ];
      };
    };