2de3c4bd78
This reverts a part of 5bd12c694bfebaef1d03eb7f74a6eca01b86f546. Apparently there's no way to specify user for RuntimeDirectory in systemd service file (it's always root) but tor won't create control socket if the dir is owned by anybody except the tor user. These hardenings were adopted from the upstream service file, checked against systemd.service(5) and systemd.exec(5) manuals, and tested to actually work with all the options enabled. `PrivateDevices` implies `DevicePolicy=closed` according to systemd.exec(5), removed. `--RunAsDaemon 0` is the default value according to tor(5), removed. |
||
---|---|---|
.. | ||
clamav.nix | ||
fail2ban.nix | ||
fprintd.nix | ||
fprot.nix | ||
haka.nix | ||
haveged.nix | ||
hologram-agent.nix | ||
hologram-server.nix | ||
munge.nix | ||
oauth2_proxy.nix | ||
physlock.nix | ||
shibboleth-sp.nix | ||
sks.nix | ||
sshguard.nix | ||
tor.nix | ||
torify.nix | ||
torsocks.nix | ||
usbguard.nix | ||
vault.nix |