Merge pull request #283298 from mkg20001/rustdesk-dynamic

rustdesk-server: use DynamicUser
2024-04-24 20:03:44 +02:00 · 2024-04-24 20:03:44 +02:00 · 657e5c43be
parent 0da27370a1 9c565e0e69
commit 657e5c43be
1 changed files with 1 additions and 5 deletions
--- a/nixos/modules/services/monitoring/rustdesk-server.nix
+++ b/nixos/modules/services/monitoring/rustdesk-server.nix
@ -53,15 +53,14 @@ in {
        Slice = "system-rustdesk.slice";
        User  = "rustdesk";
        Group = "rustdesk";
+        DynamicUser = "yes";
        Environment = [];
        WorkingDirectory = "/var/lib/rustdesk";
        StateDirectory   = "rustdesk";
        StateDirectoryMode = "0750";
        LockPersonality = true;
-        NoNewPrivileges = true;
        PrivateDevices = true;
        PrivateMounts = true;
-        PrivateTmp = true;
        PrivateUsers = true;
        ProtectClock = true;
        ProtectControlGroups = true;
@ -71,10 +70,7 @@ in {
        ProtectKernelModules = true;
        ProtectKernelTunables = true;
        ProtectProc = "invisible";
-        ProtectSystem = "strict";
-        RemoveIPC = true;
        RestrictNamespaces = true;
-        RestrictSUIDSGID = true;
      };
    };
  in lib.mkIf cfg.enable {