about summary refs log tree commit diff
path: root/nixos/modules/services/hardware
diff options
context:
space:
mode:
authorrht <rhtbot@protonmail.com>2024-01-21 20:53:29 -0500
committerrht <rhtbot@protonmail.com>2024-01-21 21:09:01 -0500
commit25181b596fb23a8d2cda1dac2ebe2d5943c80cef (patch)
tree7f06a0e45015a22d6ec7a86ba33cd46b2c501bfd /nixos/modules/services/hardware
parentd49a222c10ff9dd531b4e85f28cb9ae42d6daad5 (diff)
downloadnixlib-25181b596fb23a8d2cda1dac2ebe2d5943c80cef.tar
nixlib-25181b596fb23a8d2cda1dac2ebe2d5943c80cef.tar.gz
nixlib-25181b596fb23a8d2cda1dac2ebe2d5943c80cef.tar.bz2
nixlib-25181b596fb23a8d2cda1dac2ebe2d5943c80cef.tar.lz
nixlib-25181b596fb23a8d2cda1dac2ebe2d5943c80cef.tar.xz
nixlib-25181b596fb23a8d2cda1dac2ebe2d5943c80cef.tar.zst
nixlib-25181b596fb23a8d2cda1dac2ebe2d5943c80cef.zip
thinkfan: Disable network access
Diffstat (limited to 'nixos/modules/services/hardware')
-rw-r--r--nixos/modules/services/hardware/thinkfan.nix9


1 files changed, 7 insertions, 2 deletions
diff --git a/nixos/modules/services/hardware/thinkfan.nix b/nixos/modules/services/hardware/thinkfan.nix
index cca35f492b8e..b62fb5e9f8c9 100644
--- a/nixos/modules/services/hardware/thinkfan.nix
+++ b/nixos/modules/services/hardware/thinkfan.nix
@@ -217,8 +217,13 @@ in {
 
     systemd.services = {
       thinkfan.environment.THINKFAN_ARGS = escapeShellArgs ([ "-c" configFile ] ++ cfg.extraArgs);
-      thinkfan.serviceConfig.Restart = "on-failure";
-      thinkfan.serviceConfig.RestartSec = "30s";
+      thinkfan.serviceConfig = {
+        Restart = "on-failure";
+        RestartSec = "30s";
+
+        # Hardening
+        PrivateNetwork = true;
+      };
 
       # must be added manually, see issue #81138
       thinkfan.wantedBy = [ "multi-user.target" ];

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-28 05:18:16 +0000