summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--module/default.nix7
1 files changed, 7 insertions, 0 deletions
diff --git a/module/default.nix b/module/default.nix
index dff15bb..4dcb17e 100644
--- a/module/default.nix
+++ b/module/default.nix
@@ -57,6 +57,13 @@ in {
{
StateDirectory = "rocie";
+ User = "rocie";
+ Group = "rocie";
+
+ ReadOnlyPaths = [
+ cfg.secretKeyFile
+ ];
+
# Hardening
LockPersonality = true;
MemoryDenyWriteExecute = true;
generated by cgit v1.3.1 (git 2.54.0) at 2026-06-27 23:27:59 +0000