greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

improve comments, descriptions

Browse Source
This commit is contained in:
Erik Arvstedt 2022-07-14 23:45:27 +02:00
parent 97b1a1d353
commit 9ac3d93b27
No known key found for this signature in database
GPG Key ID: 33312B944DD97846
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/presets/secure-node.nix
View File

@ -30,7 +30,7 @@ in {
jq jq
]; ];
# sshd # Add a SSH onion service
services.tor.relay.onionServices.sshd = nbLib.mkOnionService { port = 22; }; services.tor.relay.onionServices.sshd = nbLib.mkOnionService { port = 22; };
nix-bitcoin.onionAddresses.access.${operatorName} = [ "sshd" ]; nix-bitcoin.onionAddresses.access.${operatorName} = [ "sshd" ];

4
pkgs/lib.nix
View File

@ -41,7 +41,7 @@ let self = {
RestrictAddressFamilies = self.defaultHardening.RestrictAddressFamilies + " AF_NETLINK"; RestrictAddressFamilies = self.defaultHardening.RestrictAddressFamilies + " AF_NETLINK";
}; };
# nodejs applications apparently rely on memory write execute # nodejs applications require memory write execute for JIT compilation
nodejs = { MemoryDenyWriteExecute = "false"; }; nodejs = { MemoryDenyWriteExecute = "false"; };
# Allow takes precedence over Deny. # Allow takes precedence over Deny.
@ -69,7 +69,7 @@ let self = {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = ''
Whether to enforce Tor on a service by only allowing connections Whether to enforce Tor on this service by only allowing connections
from and to localhost and link-local addresses. from and to localhost and link-local addresses.
''; '';
}; };