From c6374e09310b66a3bfc66523f39be30ed73cd897 Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Mon, 11 Mar 2019 14:38:07 +0100
Subject: [PATCH] nixos-init.nix: Remove /tmp -o noexec

---
 src/nix/modules/service/nixos-init.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/nix/modules/service/nixos-init.nix b/src/nix/modules/service/nixos-init.nix
index f248403..0dab936 100644
--- a/src/nix/modules/service/nixos-init.nix
+++ b/src/nix/modules/service/nixos-init.nix
@@ -29,9 +29,9 @@ in
       "/sys/fs/cgroup:/sys/fs/cgroup:ro"
     ];
     service.tmpfs = [
-      "/tmp"
-      "/run"
-      "/run/wrappers"
+      "/tmp:exec,mode=777"
+      "/run"          # noexec is fine because exes should be symlinked from elsewhere anyway
+      "/run/wrappers" # noexec breaks this intentionally
     ];
     service.stop_signal = "SIGRTMIN+3";
     service.tty = true;