diff options
| -rw-r--r-- | module/default.nix | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/module/default.nix b/module/default.nix index dff15bb..4dcb17e 100644 --- a/module/default.nix +++ b/module/default.nix @@ -57,6 +57,13 @@ in { { StateDirectory = "rocie"; + User = "rocie"; + Group = "rocie"; + + ReadOnlyPaths = [ + cfg.secretKeyFile + ]; + # Hardening LockPersonality = true; MemoryDenyWriteExecute = true; |