s0me1newithhand7s/reNixos
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

kyra(hardening): Impermanence in "/persist"

Browse source 
Signed-off-by: s0me1newithhand7s <git+me@hand7s.org>
This commit is contained in:
s0me1newithhand7s 2026-05-03 15:36:34 +03:00
parent df80d3a16a
commit 78a98e891e
1 changed files with 64 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

64
kyra/environment/persistence.nix Normal file
View file

@ -0,0 +1,64 @@
_: {
environment = {
persistence = {
"/persist" = {
enable = true;
hideMounts = true;
directories = [
"/var/log"
"/etc/ssh"
"/var/lib/nixos"
"/var/lib/netbird"
"/var/lib/netbird-wt0"
"/var/lib/firewalld"
{
directory = "/var/lib/traefik";
user = "traefik";
group = "traefik";
mode = "0700";
}
{
directory = "/var/lib/crowdsec";
user = "crowdsec";
group = "crowdsec";
mode = "0750";
}
{
directory = "/var/lib/sing-box";
user = "sing-box";
group = "sing-box";
mode = "0700";
}
{
directory = "/var/lib/step-ca";
user = "step-ca";
group = "step-ca";
mode = "0700";
}
{
directory = "/var/lib/acme";
user = "acme";
group = "acme";
mode = "0751";
}
{
directory = "/var/lib/otel-collector";
user = "otel-collector";
group = "otel-collector";
mode = "0700";
}
];
files = [
"/etc/machine-id"
];
};
};
};
}