From a88a6bc676cc82c2a1050addd0d36b0064e70242 Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Sun, 15 Mar 2015 22:19:48 +0100
Subject: nixos: additional hardening for dnscrypt-proxy

- Run as unprivileged user/group via systemd, obviating the need to
  specify capabilities, etc.
- Run with private tmp and minimal device name space
---
 nixos/modules/misc/ids.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'nixos/modules/misc')

diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix
index d283a633734a..b66e95fd0d35 100644
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@@ -376,7 +376,7 @@
       seeks = 148;
       prosody = 149;
       i2pd = 150;
-      #dnscrypt-proxy = 151; # unused
+      dnscrypt-proxy = 151;
       systemd-network = 152;
       systemd-resolve = 153;
       systemd-timesync = 154;
-- 
cgit 1.4.1