Set prod module nix configuration

2025-11-22 02:41:35 +01:00 · 2024-12-08 18:01:48 +01:00
parent 18210d501b
commit a6c0cf5167
2 changed files with 24 additions and 6 deletions
--- a/nix/module.nix
+++ b/nix/module.nix
@@ -28,9 +28,13 @@ let
    RestrictRealtime = true;
    RestrictSUIDSGID = true;
    SystemCallArchitectures = "native";
-    SystemCallFilter = ["@system-service" "~@privileged" "~@resources"];
-    
-    ReadWritePaths = ["/var/www/archtika-websites"];
+    SystemCallFilter = [
+      "@system-service"
+      "~@privileged"
+      "~@resources"
+    ];
+
+    ReadWritePaths = [ "/var/www/archtika-websites" ];
  };
 in
 {
@@ -154,7 +158,11 @@ in
        Restart = "always";
        WorkingDirectory = "${cfg.package}/rest-api";

-        RestrictAddressFamilies = ["AF_INET" "AF_INET6" "AF_UNIX"];
+        RestrictAddressFamilies = [
+          "AF_INET"
+          "AF_INET6"
+          "AF_UNIX"
+        ];
      };

      script = ''
@@ -181,7 +189,10 @@ in
        Restart = "always";
        WorkingDirectory = "${cfg.package}/web-app";

-        RestrictAddressFamilies = ["AF_INET" "AF_INET6"];
+        RestrictAddressFamilies = [
+          "AF_INET"
+          "AF_INET6"
+        ];
      };

      script = ''