diff options
author | Dominique Martinet @ jormungand <asmadeus@codewreck.org> | 2020-09-28 14:01:02 +0200 |
---|---|---|
committer | Dominique Martinet @ jormungand <asmadeus@codewreck.org> | 2020-09-29 13:45:04 +0200 |
commit | d4cf5bac10ea54cba772ebd9be49bb806f3922ad (patch) | |
tree | e8466c4cd59934c1d60d0aff9445ed178a92496e | |
parent | f373a11aaa1d33ab13ac32235f5d6f085240e1b8 (diff) |
20.09 upgrade: nginx enabled ProtectSystem, not compatible with confinement
-rw-r--r-- | profiles/nginx.nix | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/profiles/nginx.nix b/profiles/nginx.nix index 6c591a9..dc58205 100644 --- a/profiles/nginx.nix +++ b/profiles/nginx.nix @@ -17,6 +17,7 @@ systemd.services.nginx = { serviceConfig.BindPaths = [ "/var/spool/nginx" ]; serviceConfig.BindReadOnlyPaths = [ "/var/lib/acme" ]; + serviceConfig.ProtectSystem = lib.mkForce false; confinement = { enable = true; binSh = null; |