diff options
Diffstat (limited to 'modules/server/spectrum/public-inbox/default.nix')
| -rw-r--r-- | modules/server/spectrum/public-inbox/default.nix | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/modules/server/spectrum/public-inbox/default.nix b/modules/server/spectrum/public-inbox/default.nix index 183f0fbdd414..2c5aed09631b 100644 --- a/modules/server/spectrum/public-inbox/default.nix +++ b/modules/server/spectrum/public-inbox/default.nix @@ -1,4 +1,4 @@ -{ lib, ... }: +{ config, lib, ... }: let repos = [ "crosvm" "doc" "mktuntap" "nixpkgs" "spectrum" "ucspi-vsock" "www" ]; @@ -15,6 +15,10 @@ in services.public-inbox.settings.publicinbox.nntpserver = [ "nntps://spectrum-os.org" "nntp://spectrum-os.org" ]; + systemd.services.public-inbox-httpd.serviceConfig.ProtectHome = "tmpfs"; + systemd.services.public-inbox-httpd.serviceConfig.BindReadOnlyPaths = + map (c: c.dir) (lib.attrValues config.services.public-inbox.settings.coderepo); + services.public-inbox.settings.coderepo = lib.genAttrs repos (name: { dir = "/home/spectrum/git/${name}.git"; cgitUrl = "https://spectrum-os.org/git/${name}"; |