Closed Misterio77 closed 8 months ago
You can check this commit passes the tests by cherry-picking the tests
branch:
git fetch git@github.com:misterio77/nix-minecraft tests
git cherry-pick -n FETCH_HEAD
nix flake check
git reset --hard
TIL systemd-analyze security
exists. Sometimes I wonder what commands aren't in systemd.
This PR hardens the minecraft service, and in that process uses systemd to create directories (and set permissions), instead of relying on scripts.
Try running
systemd-analyze security
, and you'll see that the current score is < 1. With this PR, it increases to 3.I also changed the umask from
002
to007
, this means new files will be770
and not775
. I think this is better, as other users (that are not in the group) should not have any access to the files whatsoever.