commit 0bebf4f23f92cf2dd6a0f3d3f3b9e642a0976780 (tree) parent a0b261c6df423df0314544f8b64b502c39be3dcc Author: Motiejus Jakštys <desired.mta@gmail.com> Date: Fri, 17 Apr 2020 09:58:46 +0300 more protection allows hass to kill network though. will investigate. Diffstat:
| M | root/README.md | | | 2 | +- |
| M | root/rpi4b/etc/systemd/system/hass2.service | | | 7 | +++++-- |
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/root/README.md b/root/README.md @@ -3,4 +3,4 @@ root directory $ git clone --recursive git@github.com:motiejus/dotfiles.git .dotfiles $ cd .dotfiles/root/ - $ sudo stow -t / $(hostname) + $ sudo stow --ignore='\.sw[op]' -v -t / $(hostname) diff --git a/root/rpi4b/etc/systemd/system/hass2.service b/root/rpi4b/etc/systemd/system/hass2.service @@ -15,10 +15,13 @@ Restart=always # Hardening RootDirectory=/bigdisk/containers2/homeassistant/home-assistant:0.107.7 ProtectSystem=strict +MountAPIVFS=true +TemporaryFileSystem=/var +BindPaths=/bigdisk/hass:/config:ro +Environment=S6_READ_ONLY_ROOT=1 +PrivateNetwork=true #DynamicUser=true #PrivateUsers=true -MountAPIVFS=true -RuntimeDirectory=var/run [Install] WantedBy=multi-user.target