kusakabe: rsyncd
This commit is contained in:
parent
25774139d1
commit
413c38e348
1 changed files with 46 additions and 0 deletions
|
@ -117,6 +117,9 @@ in {
|
|||
|
||||
# IPFS
|
||||
4001
|
||||
|
||||
# rsyncd
|
||||
873
|
||||
];
|
||||
};
|
||||
};
|
||||
|
@ -310,5 +313,48 @@ in {
|
|||
dataDir = "/store/ipfs";
|
||||
};
|
||||
|
||||
services.rsyncd = {
|
||||
enable = true;
|
||||
settings = {
|
||||
global = {
|
||||
"use chroot" = false;
|
||||
"lock file" = "/run/rsync/rsyncd.lock";
|
||||
"max connections" = 4;
|
||||
};
|
||||
winworldpc = {
|
||||
path = "/store/winworldpc";
|
||||
comment = "WinWorldPC archive";
|
||||
"read only" = true;
|
||||
exclude = "/_data /_data/**";
|
||||
};
|
||||
};
|
||||
};
|
||||
users.users.rsync = {};
|
||||
systemd.services.rsyncd = {
|
||||
confinement.enable = true;
|
||||
serviceConfig = {
|
||||
User = "rsync";
|
||||
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||
PrivateUsers = false;
|
||||
|
||||
ProtectHostname = true;
|
||||
ProtectClock = true;
|
||||
RestrictAddressFamilies = "AF_INET AF_INET6";
|
||||
RestrictNamespaces = true;
|
||||
LockPersonality = true;
|
||||
NoNewPrivileges = true;
|
||||
MemoryDenyWriteExecute = true;
|
||||
|
||||
RuntimeDirectory = "rsync";
|
||||
|
||||
BindReadOnlyPaths = [
|
||||
"/store/winworldpc"
|
||||
];
|
||||
BindPaths = [
|
||||
"/dev/log"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "20.03";
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue