disable ReadWritePaths for gitea

2022-07-09 08:39:06 +01:00 · 2022-07-09 08:39:06 +01:00 · 5a6bd718f7
commit 5a6bd718f7
parent 3e77867c39
1 changed files with 1 additions and 0 deletions
--- a/modules/gitea.nix
+++ b/modules/gitea.nix
@ -36,6 +36,7 @@ in {
      path = [pkgs.gnupg];
      serviceConfig = {
        SystemCallFilter = mkForce "~@clock @cpu-emulation @debug @module @mount @obsolete @raw-io @reboot @resources @setuid @swap";
+        ReadWritePaths = mkForce null;
      };
      # In older versions the secret naming for JWT was kind of confusing.
      # The file jwt_secret hold the value for LFS_JWT_SECRET and JWT_SECRET