From 03bdf8f03cbc9157bd04aa786d366bdbb2acd234 Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Wed, 23 Mar 2016 20:42:01 +0100
Subject: dnscrypt-proxy service: additional hardening

Run the daemon with private /home and /run/user to
prevent it from enumerating users on the system.
---
 nixos/modules/services/networking/dnscrypt-proxy.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nixos/modules/services/networking/dnscrypt-proxy.nix b/nixos/modules/services/networking/dnscrypt-proxy.nix
index e6204a387bda..3d5ce7b9d5ce 100644
--- a/nixos/modules/services/networking/dnscrypt-proxy.nix
+++ b/nixos/modules/services/networking/dnscrypt-proxy.nix
@@ -204,6 +204,7 @@ in
 
         PrivateTmp = true;
         PrivateDevices = true;
+        ProtectHome = true;
       };
     };
   };
-- 
cgit 1.4.1