|
|
@ -207,8 +207,6 @@ in {
|
|
|
|
})
|
|
|
|
})
|
|
|
|
];
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
services.borgbackup.jobs.system = {
|
|
|
|
services.borgbackup.jobs.system = {
|
|
|
|
paths = "/";
|
|
|
|
paths = "/";
|
|
|
|
exclude = [
|
|
|
|
exclude = [
|
|
|
@ -275,8 +273,6 @@ in {
|
|
|
|
|
|
|
|
|
|
|
|
users.groups.git = {};
|
|
|
|
users.groups.git = {};
|
|
|
|
|
|
|
|
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# NOTE: Workaround that removes `setuid` from the disallowed syscall list, because otherwise sendmail/opensmtpd breaks
|
|
|
|
# NOTE: Workaround that removes `setuid` from the disallowed syscall list, because otherwise sendmail/opensmtpd breaks
|
|
|
|
# systemd.services.gitea.serviceConfig.SystemCallFilter = lib.mkForce "~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @resources @swap";
|
|
|
|
# systemd.services.gitea.serviceConfig.SystemCallFilter = lib.mkForce "~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @resources @swap";
|
|
|
|
|
|
|
|
|
|
|
|