nixos/uptime-kuma: Enable MountAPIVFS hardening in service config

This setting is already implied by others, but add it for completeness as well. For documentation see https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#MountAPIVFS= Signed-off-by: Felix Singer <felixsinger@posteo.net>
2025-10-07 02:18:22 +02:00
parent 18af20e2b2
commit 7b791e1de7
1 changed files with 1 additions and 0 deletions
--- a/nixos/modules/services/monitoring/uptime-kuma.nix
+++ b/nixos/modules/services/monitoring/uptime-kuma.nix
@@ -60,6 +60,7 @@ in
        CapabilityBoundingSet = "";
        LockPersonality = true;
        MemoryDenyWriteExecute = false; # enabling it breaks execution
+        MountAPIVFS = true;
        NoNewPrivileges = true;
        PrivateDevices = true;
        PrivateMounts = true;