summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--nixos/modules/services/hardware/irqbalance.nix11
1 files changed, 9 insertions, 2 deletions
diff --git a/nixos/modules/services/hardware/irqbalance.nix b/nixos/modules/services/hardware/irqbalance.nix
index b139154432c..39c139576bf 100644
--- a/nixos/modules/services/hardware/irqbalance.nix
+++ b/nixos/modules/services/hardware/irqbalance.nix
@@ -17,8 +17,15 @@ in
       irqbalance = {
         description = "irqbalance daemon";
         path = [ pkgs.irqbalance ];
-        serviceConfig =
-          { ExecStart = "${pkgs.irqbalance}/bin/irqbalance --foreground"; };
+        serviceConfig = {
+          ExecStart = "${pkgs.irqbalance}/bin/irqbalance --foreground";
+          CapabilityBoundingSet = "";
+          NoNewPrivileges = "yes";
+          ReadOnlyPaths = "/";
+          ReadWritePaths = "/proc/irq";
+          RestrictAddressFamilies = "AF_UNIX";
+          RuntimeDirectory = "irqbalance/";
+        };
         wantedBy = [ "multi-user.target" ];
       };
     };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-15 23:37:10 +0000