ad23b508e3
ProtectSystem=full disables writing to /etc which is the default secrets location. Besides that, hardening is pointless for {generate,setup}-secrets which don't read external input and are fully under our control. |
||
---|---|---|
.. | ||
generate-secrets.nix | ||
secrets.nix |