nixbitcoin
81a1c3f908
service hardening: Add CapabilityBoundingSets
...
Whitelist with exceptions in webindex and onion-chef
2020-05-22 11:29:54 +00:00
Erik Arvstedt
f0a36fe0c7
add 'nix-bitcoin-services' option
...
1. Makes the content easily accessible for module users
2. Avoids needlessly recalculating the attrset in every client module
2020-01-12 20:02:00 +01:00
Erik Arvstedt
7aaf30501c
nix-bitcoin-services: simplify formatting
2020-01-09 10:43:30 +01:00
Jonas Nick
5f567ee1ed
Merge #113 : Simplify clightning preStart
...
67a464d097
Mention problems with hardened kernel and NUCs in README (Jonas Nick)
7771a4c931
Refer to systemd man pages for hardening options (Jonas Nick)
a5e10a82d8
Simplify clightning preStart (Jonas Nick)
Pull request description:
CC @cypherpunk2140
Top commit has no ACKs.
Tree-SHA512: aa726f29e499cc268b21cac8cd07617be591cfdaa89dd0495cb979ebd3e49cc01164af25924c554429a1d35d14167dea276f7d61877452b69f027143cc3eee97
2019-08-21 14:58:22 +00:00
Jonas Nick
1c8dadd876
Add allowAnyProtocol option to nix-bitcoin-services
2019-08-19 21:11:08 +00:00
Jonas Nick
7771a4c931
Refer to systemd man pages for hardening options
2019-08-19 20:44:10 +00:00
Ștefan D. Mihăilă
cd722cac1a
Fix identation
2019-08-18 12:53:08 +02:00
nixbitcoin
7416ec4a29
Limit syscalls with Docker whitelist
2019-05-10 12:42:06 +02:00
Jonas Nick
e1ee5023e2
Rename service settings for 'node' to 'nodejs' to avoid confusion
2019-05-03 10:44:16 +00:00
Jonas Nick
469c1de6a9
Fix electrum after disallowing anything but localhost by adding ipv6 local address
2019-04-28 18:54:13 +00:00
Jonas Nick
6f8dac6e07
Restrict namespaces for systemd services by default
2019-04-28 13:15:17 +00:00
Jonas Nick
eaaf8e9aab
Use IPAddress{Allow,Deny} by default for systemd services
2019-04-28 13:15:17 +00:00
Jonas Nick
d9533edad1
Fix memory deny write execute for nodejs services
2019-04-28 13:15:16 +00:00
Jonas Nick
a089d65d25
Move service hardening flags into separate file
2019-04-28 13:15:12 +00:00