summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDominique Martinet @ jormungand <asmadeus@codewreck.org>2020-09-28 14:01:02 +0200
committerDominique Martinet @ jormungand <asmadeus@codewreck.org>2020-09-29 13:45:04 +0200
commitd4cf5bac10ea54cba772ebd9be49bb806f3922ad (patch)
treee8466c4cd59934c1d60d0aff9445ed178a92496e
parentf373a11aaa1d33ab13ac32235f5d6f085240e1b8 (diff)
20.09 upgrade: nginx enabled ProtectSystem, not compatible with confinement
-rw-r--r--profiles/nginx.nix1
1 files changed, 1 insertions, 0 deletions
diff --git a/profiles/nginx.nix b/profiles/nginx.nix
index 6c591a9..dc58205 100644
--- a/profiles/nginx.nix
+++ b/profiles/nginx.nix
@@ -17,6 +17,7 @@
systemd.services.nginx = {
serviceConfig.BindPaths = [ "/var/spool/nginx" ];
serviceConfig.BindReadOnlyPaths = [ "/var/lib/acme" ];
+ serviceConfig.ProtectSystem = lib.mkForce false;
confinement = {
enable = true;
binSh = null;