nixos/postgresql: set up sandboxing

Reduces the general exposure of the postgresql.service through systemd hardening options.
2025-06-26 02:56:36 +03:00 · 2024-09-27 19:24:59 +02:00 · 2024-09-27 19:24:59 +02:00 · 2ebffcc4c7
commit 2ebffcc4c7
parent ead36718eb
2 changed files with 41 additions and 0 deletions
--- a/nixos/tests/postgresql.nix
+++ b/nixos/tests/postgresql.nix
@ -126,6 +126,8 @@ let
      with subtest("Initdb works"):
          machine.succeed("sudo -u postgres initdb -D /tmp/testpostgres2")

+      machine.log(machine.execute("systemd-analyze security postgresql.service | grep -v ✓")[1])
+
      machine.shutdown()
    '';