From ad88f1040e2556ba678afb33dac28387ddd3543a Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Mon, 5 Dec 2016 12:25:31 +0100
Subject: [PATCH] privoxy service: additional isolation

---
 nixos/modules/services/networking/privoxy.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/nixos/modules/services/networking/privoxy.nix b/nixos/modules/services/networking/privoxy.nix
index 94beb78ef5a4..e74fe44d76ed 100644
--- a/nixos/modules/services/networking/privoxy.nix
+++ b/nixos/modules/services/networking/privoxy.nix
@@ -100,6 +100,11 @@ in
       after = [ "network.target" "nss-lookup.target" ];
       wantedBy = [ "multi-user.target" ];
       serviceConfig.ExecStart = "${privoxy}/sbin/privoxy --no-daemon --user ${privoxyUser} ${confFile}";
+
+      serviceConfig.PrivateDevices = true;
+      serviceConfig.PrivateTmp = true;
+      serviceConfig.ProtectHome = true;
+      serviceConfig.ProtectSystem = "full";
     };
 
   };