Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
erdnaxe
nixos
Commits
6da0fd26
Commit
6da0fd26
authored
May 28, 2022
by
erdnaxe
🦋
Browse files
NixOS 22.05 cleanup
parent
569c6031
Changes
4
Hide whitespace changes
Inline
Side-by-side
base/package.nix
View file @
6da0fd26
...
...
@@ -84,17 +84,6 @@
SystemCallArchitectures
=
"native"
;
};
systemd
.
services
.
wpa_supplicant
.
serviceConfig
=
{
ProtectControlGroups
=
true
;
# OpenSUSE
ProtectHome
=
"read-only"
;
# OpenSUSE
ProtectHostname
=
true
;
# OpenSUSE
ProtectKernelLogs
=
true
;
# OpenSUSE
ProtectKernelModules
=
true
;
# OpenSUSE
ProtectKernelTunables
=
true
;
# OpenSUSE
ProtectSystem
=
"full"
;
# OpenSUSE
RestrictRealtime
=
true
;
# OpenSUSE
};
systemd
.
services
.
postgresql
.
serviceConfig
=
{
NoNewPrivileges
=
true
;
# arch
PrivateDevices
=
true
;
# arch
...
...
services/graphical-desktop.nix
View file @
6da0fd26
...
...
@@ -160,12 +160,6 @@
latitude
=
48
.
85
;
longitude
=
2
.
35
;
};
#services.swayidle = {
# enable = true;
# events = [
# { event = "before-sleep"; command = "swaylock"; }
# ];
#};
wayland
.
windowManager
.
sway
=
{
enable
=
true
;
wrapperFeatures
.
gtk
=
true
;
...
...
services/heisenbridge.nix
View file @
6da0fd26
{
# To remove in NixOS 22.05
imports
=
[
<
nixos-unstable/nixos/modules/services/misc/heisenbridge.nix
>
];
services
.
heisenbridge
=
{
enable
=
true
;
homeserver
=
"http://127.0.0.1:8008"
;
...
...
services/minecraft-server.nix
deleted
100644 → 0
View file @
569c6031
{
nixpkgs
.
config
.
allowUnfree
=
true
;
services
.
minecraft-server
=
{
enable
=
true
;
package
=
import
../custom_pkg/fabric-server.nix
;
eula
=
true
;
openFirewall
=
true
;
declarative
=
true
;
serverProperties
=
{
server-port
=
25565
;
gamemode
=
1
;
motd
=
"Fabric Creative server"
;
};
};
# Merged in unstable, https://github.com/NixOS/nixpkgs/pull/152455
systemd
.
services
.
minecraft-server
.
serviceConfig
=
{
# Hardening
CapabilityBoundingSet
=
[
""
];
DeviceAllow
=
[
""
];
LockPersonality
=
true
;
PrivateDevices
=
true
;
PrivateTmp
=
true
;
PrivateUsers
=
true
;
ProtectClock
=
true
;
ProtectControlGroups
=
true
;
ProtectHome
=
true
;
ProtectHostname
=
true
;
ProtectKernelLogs
=
true
;
ProtectKernelModules
=
true
;
ProtectKernelTunables
=
true
;
ProtectProc
=
"invisible"
;
RestrictAddressFamilies
=
[
"AF_INET"
"AF_INET6"
];
RestrictNamespaces
=
true
;
RestrictRealtime
=
true
;
RestrictSUIDSGID
=
true
;
SystemCallArchitectures
=
"native"
;
UMask
=
"0077"
;
};
}
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
