nixos/gerrit: Enable PrivateMounts hardening in service config

Signed-off-by: Felix Singer <felixsinger@posteo.net>
2025-11-13 19:29:15 +01:00 · 2025-10-04 11:58:09 +02:00 · 2025-10-04 11:58:09 +02:00 · 26d0023f71
parent 40d07fb1a0
commit 26d0023f71
1 changed files with 1 additions and 0 deletions
--- a/nixos/modules/services/web-apps/gerrit.nix
+++ b/nixos/modules/services/web-apps/gerrit.nix
@ -232,6 +232,7 @@ in
        LockPersonality = true;
        NoNewPrivileges = true;
        PrivateDevices = true;
+        PrivateMounts = true;
        PrivateTmp = true;
        ProtectClock = true;
        ProtectControlGroups = true;